Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
[
{
"cpes": [
"cpe:2.3:a:joda:joda_time:2.12.5:*:*:*:*:*:*:*"
],
"vendor": "joda",
"product": "joda_time",
"versions": [
{
"status": "affected",
"version": "2.12.5"
}
],
"defaultStatus": "unknown"
}
]