{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-23078", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-01T22:51:11.255Z", "dateReserved": "2024-01-11T00:00:00.000Z", "datePublished": "2024-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-11T19:02:35.760Z"}, "descriptions": [{"lang": "en", "value": "JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://jgrapht.com"}, {"url": "https://github.com/jgrapht/jgrapht"}, {"url": "https://gist.github.com/LLM4IG/5feabadf06a88102df316174123e2770"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "affected": [{"vendor": "jgrapht", "product": "core", "cpes": ["cpe:2.3:a:jgrapht:core:v1.5.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "v1.5.2", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-10T19:23:16.899809Z", "id": "CVE-2024-23078", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T16:01:54.513Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:51:11.255Z"}, "title": "CVE Program Container", "references": [{"url": "http://jgrapht.com", "tags": ["x_transferred"]}, {"url": "https://github.com/jgrapht/jgrapht", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/LLM4IG/5feabadf06a88102df316174123e2770", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://jgrapht.com", "tags": ["x_transferred"]}, {"url": "https://github.com/jgrapht/jgrapht", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/LLM4IG/5feabadf06a88102df316174123e2770", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:51:11.255Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23078", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-10T19:23:16.899809Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:jgrapht:core:v1.5.2:*:*:*:*:*:*:*"], "vendor": "jgrapht", "product": "core", "versions": [{"status": "affected", "version": "v1.5.2"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T16:01:49.181Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://jgrapht.com"}, {"url": "https://github.com/jgrapht/jgrapht"}, {"url": "https://gist.github.com/LLM4IG/5feabadf06a88102df316174123e2770"}], "descriptions": [{"lang": "en", "value": "JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-11T19:02:35.760631"}}}, "cveMetadata": {"cveId": "CVE-2024-23078", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:51:11.255Z", "dateReserved": "2024-01-11T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-08T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification."}, {"lang": "es", "value": "Se descubri\u00f3 que JGraphT Core v1.5.2 conten\u00eda una NullPointerException a trav\u00e9s del componente org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double)."}], "id": "CVE-2024-23078", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-08T20:15:08.500", "references": [{"source": "cve@mitre.org", "url": "http://jgrapht.com"}, {"source": "cve@mitre.org", "url": "https://gist.github.com/LLM4IG/5feabadf06a88102df316174123e2770"}, {"source": "cve@mitre.org", "url": "https://github.com/jgrapht/jgrapht"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jgrapht.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gist.github.com/LLM4IG/5feabadf06a88102df316174123e2770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/jgrapht/jgrapht"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "jgrapht-core: Null Pointer Exception", "id": "2274095", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274095"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-395", "details": ["JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.", "A flaw was found in the JGraphT Core. The affected version of this package contains a Null Pointer Exception via the org.jgrapht.alg.util.ToleranceDoubleComparator::compare component."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-23078", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Not affected", "package_name": "jgrapht-core", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1", "fix_state": "Not affected", "package_name": "jgrapht-core", "product_name": "Migration Toolkit for Runtimes"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "jgrapht-core", "product_name": "Red Hat Process Automation 7"}], "public_date": "2024-04-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-23078\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23078"], "statement": "The Null Pointer Exception in the ToleranceDoubleComparator::compare method of the JGraphT Core library is classified as a moderate severity issue due to its potential to disrupt application stability under certain conditions. This flaw can cause runtime exceptions when null values are encountered during the comparison process, leading to abrupt termination of algorithms that rely on this comparator. While it does not pose a security risk or lead to data corruption, it affects the reliability and robustness of graph-related operations, especially in environments where null inputs might be prevalent.", "threat_severity": "Moderate"}

{}