[FP]: pkg:maven/com.idealista/[email protected] #6340
Comments
|
Maven Coordinates <dependency>
<groupId>com.idealista</groupId>
<artifactId>format-preserving-encryption</artifactId>
<version>1.0.0</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6340
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.idealista/format-preserving-encryption@.*$</packageUrl>
<cpe>cpe:/a:vega_project:vega</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7303092633 |
|
There are some additional CVEs also being flagged against this jar all related to Vega. I can create FP reports for each if needed. 
|
|
approved @kevin-doyle no need for further FP reports... the CPE suppression resulting from this report should also take care of the others. |
|
Suppress rule has been added to the |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Package URl
pkg:maven/com.idealista/[email protected]
CPE
cpe:2.3:a:vega_project:vega:1.0.0:::::::*
CVE
CVE-2020-26296
ODC Integration
{"label"=>"Gradle Plugin"}
ODC Version
9.0.3
Description
This appears to be false positive for a JavaScript CVE being flagged against a Java library
The text was updated successfully, but these errors were encountered: