[FP]: pkg:maven/info.picocli/[email protected]

[kevin-doyle]

Package URl

pkg:maven/info.picocli/[email protected]

CPE

cpe:2.3:a:line:line:4.5.2:::::::*

CVE

CVE-2015-0897

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

9.0.3

Description

Would it be possible to add this package to the base suppression list? Similar to #6088, picocli is being flagged for CVE-2015-0897

[github-actions]

Maven Coordinates

<dependency>
   <groupId>info.picocli</groupId>
   <artifactId>picocli</artifactId>
   <version>4.5.2</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6286
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/info\.picocli/picocli@.*$</packageUrl>
   <cpe>cpe:/a:line:line</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7186902237

[aikebah]

approved

[github-actions]

Suppress rule has been added to the generatedSuppressions branch.