You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CVE-2014-3576 was detected and reported by Owasp Dependency Check scan for Aapche ActiveMQ 5.17.0. The vulnerability description clearly states that the vulnerability exists in Apache ActiveMQ 5.x before 5.14.0. This is because, in the application code, xx-activemq-log-plugin takes the version as the project version. The Owasp Dependency report is picking and detecting it as ActiveMQ version and reporting the CVE in the scan report. Therefore, it is a false positive.
The text was updated successfully, but these errors were encountered:
your package is likely sone private package. FPs for such nane collisions are to be expected(see the documentation of DependencyCheck) and dealt with internally for non-public artifacts
Package URl
pkg:maven/xx-activemq-log-plugin@2.112.2
CPE
cpe:2.3:a:apache:activemq:2.112.2:::::::*
CVE
CVE-2014-3576
ODC Integration
None
ODC Version
8.4.3
Description
The CVE-2014-3576 was detected and reported by Owasp Dependency Check scan for Aapche ActiveMQ 5.17.0. The vulnerability description clearly states that the vulnerability exists in Apache ActiveMQ 5.x before 5.14.0. This is because, in the application code, xx-activemq-log-plugin takes the version as the project version. The Owasp Dependency report is picking and detecting it as ActiveMQ version and reporting the CVE in the scan report. Therefore, it is a false positive.
The text was updated successfully, but these errors were encountered: