-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FP]: java-cfenv detected as Spring Framework #6415
Comments
Maven Coordinates <dependency>
<groupId>io.pivotal.cfenv</groupId>
<artifactId>java-cfenv</artifactId>
<version>3.1.3</version>
</dependency> Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6415
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.pivotal\.cfenv/java-cfenv@.*$</packageUrl>
<cpe>cpe:/a:vmware:spring_framework</cpe>
</suppress> Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7613784102 |
Hi, |
approved |
Suppress rule has been added to the |
This was referenced Apr 28, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/io.pivotal.cfenv/java-cfenv@3.1.3
CPE
cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*
CVE
CVE-2022-22965
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
9.0.9
Description
Hello,
The following Maven packages
pkg:maven/io.pivotal.cfenv/java-cfenv@3.1.3
pkg:maven/io.pivotal.cfenv/java-cfenv-jdbc@3.1.3
pkg:maven/io.pivotal.cfenv/java-cfenv-boot@3.1.3
are wrongly assigned to CPE
![image](https://private-user-images.githubusercontent.com/35630862/298641667-c2c1164a-709f-4526-b3a2-796efec0be6f.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE1MDc1MzgsIm5iZiI6MTcyMTUwNzIzOCwicGF0aCI6Ii8zNTYzMDg2Mi8yOTg2NDE2NjctYzJjMTE2NGEtNzA5Zi00NTI2LWIzYTItNzk2ZWZlYzBiZTZmLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIwVDIwMjcxOFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTgzZTQyNDFiMGVlY2MxMWZlZGYyZmEzODU4ODc5NmU1YjYzYmQ3NDA1ZjYzM2Q0Mzc2ZjIwNGNkYTdjOTAxOGQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.zv82Uke3l2FGththrW29iWpsKfGbqDJHV3RUrRTF3JY)
cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*
probably because of some evidences related to Pivotal and Spring:The 3rd listed package pkg:maven/io.pivotal.cfenv/java-cfenv-boot@3.1.3 is also wrongly assigned to CPE
cpe:2.3:a:vmware:spring_boot:3.1.3:*:*:*:*:*:*:*
Thanks.
Regards,
The text was updated successfully, but these errors were encountered: