ThreeTen backport is vulnerable to integer overflow. The vulnerability is due to missing string validation in the org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition)
method, which returns a StringIndexOutOfBoundsException
if the CharSequence is empty.
CPE | Name | Operator | Version |
---|---|---|---|
threeten backport | le | 1.6.9 | |
threeten backport | le | 1.6.9 |