12 matches found
CVE-2026-44241
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...
CVE-2026-44241 Micronaut Framework: Unbounded formattersCache in TimeConverterRegistrar Allows Memory Exhaustion via Accept-Language Header
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...
CVE-2026-44241
Summary of CVE-2026-44241 (Micronaut Framework) Affected: Micronaut Core versions 4.3.0–4.10.21 (fixed in 4.10.22). A cache in TimeConverterRegistrar stores DateTimeFormatter instances in an unbounded ConcurrentHashMap keyed by pattern+Locale derived from the @Format annotation and the HTTP Accep...
Micronaut Framework 资源管理错误漏洞
The Micronaut Framework is a modern full-stack Java framework based on the JVM, developed by the Micronaut Foundation. Versions of the Micronaut Framework from 4.3.0 to 4.10.22 contained a resource management vulnerability. This vulnerability stemmed from TimeConverterRegistrar caching...
Integer Overflow
ThreeTen backport is vulnerable to integer overflow. The vulnerability is due to missing string validation in the org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition method, which returns a StringIndexOutOfBoundsException if the CharSequence is empty...
CVE-2024-23082
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a...
CVE-2024-23082
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a...
CVE-2024-23082
CVE-2024-23082 concerns ThreeTen Backport v1.6.8, with an integer overflow in DateTimeFormatter.parse(CharSequence, ParsePosition). Multiple sources dispute the vulnerability’s existence; no solid public exploit details are provided in the documents. Red Hat/IBM postings flag a potential denial-o...
PT-2024-19661 · Unknown · Threeten Backport
Name of the Vulnerable Software and Affected Versions: ThreeTen Backport version 1.6.8 Description: The issue is related to an integer overflow in the org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition component. However, it is noted that the existence of this issue is...
ThreeTen backport project 安全漏洞
ThreeTen backport project is a simple backport for ThreeTen open source. A security vulnerability exists in ThreeTen backport project version v1.6.8, which stems from a null pointer exception contained in the component org. Threeten.bp.format.DateTimeFormatter parseCharSequence, ParsePosition...
CVE-2024-23082
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a...
CVE-2024-23082
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a...