-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FP]: Wrongly reporting vulnerability CVE-2024-23741 on org.hsqldb:hsqldb #6460
Comments
Maven Coordinates <dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>2.7.1</version>
</dependency> Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6460
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.hsqldb/hsqldb@.*$</packageUrl>
<cpe>cpe:/a:hsqldb:hypersql_database</cpe>
</suppress> Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7847012733 |
Maven Coordinates <dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>2.7.1</version>
</dependency> Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6460
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.hsqldb/hsqldb@.*$</packageUrl>
<cpe>cpe:/a:hsqldb:hypersql_database</cpe>
</suppress> Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7847023293 |
@hen-corix the idea for the CPE field of the FP report is to put the wrongly identified CPE in there (it is used for the automatically generated suppression rule) |
Maven Coordinates <dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>2.7.1</version>
</dependency> Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6460
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.hsqldb/hsqldb@.*$</packageUrl>
<cpe>cpe:/a:hyper:hyper</cpe>
</suppress> Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7855859599 |
approved |
Suppress rule has been added to the |
Package URl
pkg:maven/org.hsqldb/[email protected]
CPE
cpe:2.3:a:hyper:hyper:2.7.1:*:*:*:*:*:*:*
CVE
CVE-2024-23741
ODC Integration
{"label"=>"Ant Task"}
ODC Version
9.0.9
Description
The following vulnerability IDs are attached to the false positive artifact:
cpe:2.3:a:hsqldb:hypersql_database:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:hyper:hyper:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:www-sql_project:www-sql:2.7.1:*:*:*:*:*:*:*
The text was updated successfully, but these errors were encountered: