You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A bug in OWASP DependencyCheck <7.4.4 causes exceptions when loading
certain poorly formed CVE definitions.
see: jeremylong/DependencyCheck#5220
Update the DependencyCheck version to 7.4.4 which fixes this issue.
Describe the bug
CVE-2020-36569 was updated in the NIST database recently with a field which caused exceptions when ingesting into the local database. See jeremylong/DependencyCheck#5220 .
This has been fixed in DependencyCheck 7.4.4
Version of sbt-dependency-check used
The problem occurs using version 4.1.0 of the the plugin.
Log file
https://gist.github.com/davidcheney-livongo/c207f15f0d5931786cbea33578d0ef21
To Reproduce
Steps to reproduce the behavior:
sbt dependencyCheck
Expected behavior
the dependencyCheck target should succeed or output a report of vulnerable dependencies
Additional context
The text was updated successfully, but these errors were encountered: