[FP]: CVE-2019-3774 on [email protected] #6613
Comments
|
Maven Coordinates <dependency>
<groupId>org.springframework.batch.extensions</groupId>
<artifactId>spring-batch-excel</artifactId>
<version>0.1.1</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6613
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.batch\.extensions/spring-batch-excel@.*$</packageUrl>
<cpe>cpe:/a:pivotal_software:spring_batch</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/8754328951 |
|
approved |
|
Suppress rule has been added to the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/org.springframework.batch.extensions/[email protected]
CPE
cpe:2.3:a:pivotal_software:spring_batch:0.1.1:::::::*
CVE
CVE-2019-3774
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
7.4.4
Description
DependencyCheck 7.4.4 is currently reporting [email protected] to be affected by CVE-2019-3774.
However, is seems that this issue occours due to the fact that [email protected] is associated to
cpe:2.3:a:pivotal_software:spring_batch:0.1.1:*:*:*:*:*:*:*which is itself affected by CVE-2019-3774.Instead, [email protected] should not be affected by CVE-2019-3774.
Moreover, Maven Repository does not report any vulnerability for [email protected]
https://mvnrepository.com/artifact/org.springframework.batch.extensions/spring-batch-excel/0.1.1
Should it be marked as false positive?
The text was updated successfully, but these errors were encountered: