Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FP]: No web project GO module used in Keycloak 6.0.1 CVE-2021-4236 #6369

Closed
githubuserVenkat opened this issue Jan 8, 2024 · 4 comments
Closed

[FP]: No web project GO module used in Keycloak 6.0.1 CVE-2021-4236 #6369

githubuserVenkat opened this issue Jan 8, 2024 · 4 comments
Labels
FP Report maven changes to the maven plugin

Comments

@githubuserVenkat
Copy link

githubuserVenkat commented Jan 8, 2024
edited by aikebah
Loading

Package URl

pkg:maven/org.wildfly.security.elytron-web/[email protected]

CPE

cpe:2.3:a:web_project:web:1.4.0:::::::*

CVE

CVE-2021-4236

ODC Integration

None

ODC Version

9.0.5

Description

No web project GO module is used in Keycloak 6.0.1
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 8, 2024

Maven Coordinates

<dependency>
   <groupId>org.wildfly.security.elytron-web</groupId>
   <artifactId>undertow-server</artifactId>
   <version>1.4.0.Final</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6369
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.wildfly\.security\.elytron-web/undertow-server@.*$</packageUrl>
   <cpe>cpe:/a:redhat:undertow</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7443758006

@github-actions github-actions bot added the maven changes to the maven plugin label Jan 8, 2024
@github-actions GitHub Actions
Copy link
Contributor

Maven Coordinates

<dependency>
   <groupId>org.wildfly.security.elytron-web</groupId>
   <artifactId>undertow-server</artifactId>
   <version>1.4.0.Final</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6369
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.wildfly\.security\.elytron-web/undertow-server@.*$</packageUrl>
   <cpe>cpe:/a:web_project:web</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7476995683

@aikebah
Copy link
Collaborator

aikebah commented Jan 10, 2024

approved

@github-actions GitHub Actions
Copy link
Contributor

Suppress rule has been added to the generatedSuppressions branch.

github-actions bot added a commit that referenced this issue Jan 10, 2024
@github-actions
fix(fp): FP per issue #6369
6159848
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FP Report maven changes to the maven plugin
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aikebah @githubuserVenkat