ThreeTen backport is vulnerable to integer overflow. The vulnerability is due to missing string validation in the org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition)
method, which returns a StringIndexOutOfBoundsException
if the CharSequence is empty.