[FP]: Some client libraries are marked with server vulnerabilities (e.g. etcd, prometheus) #6981
Comments
|
Maven Coordinates <dependency>
<groupId>io.etcd</groupId>
<artifactId>jetcd-core</artifactId>
<version>0.8.3</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6981
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.etcd/jetcd-core@.*$</packageUrl>
<cpe>cpe:/a:etcd:etcd</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/10995780026 |
|
approved |
|
Suppress rule has been added to the |
aikebah
added a commit
that referenced
this issue
Oct 16, 2024
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Package URl
pkg:maven/io.etcd/[email protected]
CPE
cpe:2.3:a:etcd:etcd:::::::: versions up to (excluding) 3.3.23
CVE
CVE-2020-15113
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
10.0.4
Description
Similar situation with prometheus:
cpe:2.3:a:prometheus:prometheus:1.2.1:::::::* (Confidence:Highest) suppress
The text was updated successfully, but these errors were encountered: