[FP]: keycloak for CVE-2022-1245 #6411
Comments
|
Maven Coordinates <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-policy-drools</artifactId>
<version>6.0.1</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6411
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak-authz-policy-drools@.*$</packageUrl>
<cpe>cpe:/a:redhat:keycloak</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7580406439 |
|
The provider is released as part of the keycloak project; DependencyCheck project is not attributing NVD CPE associated vulnerabilities to sub-libraries of the CPE |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Package URl
pkg:maven/org.keycloak/[email protected]
CPE
cpe:2.3:a:redhat:keycloak::::::::
CVE
CVE-2022-1245
ODC Integration
None
ODC Version
9.0.5
Description
Actual vulnerable component is keycloak-services jar.
Since #6405 was failed to evaluate, please consider this ticket
pkg:maven/org.keycloak/[email protected]
pkg:maven/org.keycloak/[email protected]
pkg:maven/org.keycloak/[email protected]
The text was updated successfully, but these errors were encountered: