Description
Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
References (3)
Core 3
Core References
Various Sources
http://time4j.com
Various Sources
https://gist.github.com/LLM4IG/624598834f6699e3617d47c675227e97
Various Sources
https://github.com/MenoData/Time4J
Scores
CVSS v3
5.3
EPSS
0.0033
EPSS Percentile
55.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Published
Apr 10, 2024
Tracked Since
Feb 18, 2026