[FP]: Serilog.Sinks.Async #6056
Comments
|
Nuget Coordinates dotnet add package Serilog.Sinks.Async --version 1.5.0Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6056
]]></notes>
<packageUrl regex="true">^pkg:nuget/Serilog\.Sinks\.Async@.*$</packageUrl>
<cpe>cpe:/a:async_project:async</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/6860591340 |
|
approved |
|
Suppress rule has been added to the |
|
Hello @aikebah, the suppression which got approved did not reduced the false positive dependency check count. So I guess Package Url I gave was somewhat wrong. Appologies for that. Can you please check the below image for the package Url.
The Package Url which I mentioned i.e "pkg:nuget/Serilog.Sinks.Async@1.5.0" is correct or it should be like in the image "pkg:generic/Serilog.Sinks.Async@1.5.0" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:nuget/Serilog.Sinks.Async@1.5.0
CPE
cpe:2.3:a:async_project:async:1.5.0:::::::*
CVE
CVE-2021-43138
ODC Integration
None
ODC Version
8.3.1
Description
Vulnerability in https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264 is reported for package "Serilog.Sinks.Async".
Source : https://github.com/serilog/serilog-sinks-async
It should refer the package from the source repository but instead of that it is referring from https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264. Hence showing the "Serilog.Sinks.Async" package as vulnerable.
The text was updated successfully, but these errors were encountered: