[FP]: Eclipse IDE vulnerability reported for Yasson #4218
Comments
|
Maven Coordinates <dependency>
<groupId>org.eclipse</groupId>
<artifactId>yasson</artifactId>
<version>1.0.11</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #4218
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.eclipse/yasson@.*$</packageUrl>
<cpe>cpe:/a:eclipse:eclipse_ide</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/1997565407 |
|
@agatarychter should solved with the new released 7.0.1 |
|
verified as resolved in 7.0.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/org.eclipse/yasson@1.0.11
CPE
cpe:2.3:a:eclipse:eclipse_ide:1.0.11:::::::*
CVE
CVE-2008-7271
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
7.0.0
Description
CVE-2008-7271 is reported for Yasson dependency. In vulnerability description, the Eclipse IDE is mentioned. And AFAIK, there is no Eclipse IDE bounded in the Yasson dependency.
The text was updated successfully, but these errors were encountered: