Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FP]: False Positive for cross-platform-appiancorp-json-parser-java.jar #4993

Closed
vindhyahegde31 opened this issue Oct 27, 2022 · 4 comments · Fixed by #5504
Closed

[FP]: False Positive for cross-platform-appiancorp-json-parser-java.jar #4993

vindhyahegde31 opened this issue Oct 27, 2022 · 4 comments · Fixed by #5504
Labels
FP Report pending more information
Milestone
8.1.1

Comments

@vindhyahegde31
Copy link

vindhyahegde31 commented Oct 27, 2022
edited by aikebah
Loading

Package URl

pkg:maven/com.appiancorp/appiancorp-json-parser-java@23.1.0.135

CPE

cpe:2.3:a:json_project:json:23.1.0.135:::::::*

CVE

CVE-2020-10675

ODC Integration

{"label"=>"CLI"}

ODC Version

7.0.4

Description

we are using our own custom implementation of JSON parser but tool is giving CVE for this cross-platform-appiancorp-json-parser-java.jar
Here is the reference : buger/jsonparser#188
@github-actions
Copy link
Contributor

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/3337291304

@aikebah
Copy link
Collaborator

aikebah commented Nov 19, 2022

Your lib appears to not be publicly available, so you'll have to mitigate this FP yourself

@github-actions
Copy link
Contributor

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/3505302301

@github-actions
Copy link
Contributor

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/3505302844

@aikebah aikebah linked a pull request Feb 25, 2023 that will close this issue
fix(FP): Several FPs not suitable for our automation #5504
Merged
@aikebah aikebah added this to the 8.1.1 milestone Feb 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
FP Report pending more information
Projects
None yet
Milestone
8.1.1
Development

Successfully merging a pull request may close this issue.

fix(FP): Several FPs not suitable for our automation jeremylong/DependencyCheck
2 participants
@aikebah @vindhyahegde31