Upstream DependencyCheck bug causes exceptions (fixed in DependencyCheck 7.4.4) #282
Labels
Comments
|
@davidcheney-livongo waiting for it so much |
davidcheney-livongo
added a commit
to davidcheney-livongo/sbt-dependency-check
that referenced
this issue
Jan 7, 2023
A bug in OWASP DependencyCheck <7.4.4 causes exceptions when loading certain poorly formed CVE definitions. see: jeremylong/DependencyCheck#5220 Update the DependencyCheck version to 7.4.4 which fixes this issue.
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
CVE-2020-36569 was updated in the NIST database recently with a field which caused exceptions when ingesting into the local database. See jeremylong/DependencyCheck#5220 .
This has been fixed in DependencyCheck 7.4.4
Version of sbt-dependency-check used
The problem occurs using version 4.1.0 of the the plugin.
Log file
https://gist.github.com/davidcheney-livongo/c207f15f0d5931786cbea33578d0ef21
To Reproduce
Steps to reproduce the behavior:
sbt dependencyCheckExpected behavior
the dependencyCheck target should succeed or output a report of vulnerable dependencies
Additional context
The text was updated successfully, but these errors were encountered: