🔐 CVE-2024-23082: org.threeten:threetenbp:jar:1.6.8:test

[github-actions[bot]]

Summary

ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition).

CVE: CVE-2024-23082 CWE: CWE-190

References

• https://ossindex.sonatype.org/vulnerability/CVE-2024-23082?component-type=maven&component-name=org.threeten%2Fthreetenbp&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-23082
• https://gist.github.com/LLM4IG/d2618f5f4e5ac37eb75cff5617e58b90