We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkg:maven/org.apache.shiro/shiro-core@2.0.0
cpe:2.3:a:apache:shiro:2.0.0:::::::*
CVE-2023-34478
{"label"=>"Maven Plugin"}
9.0.9
The issue is only up to the 2.0.0-alpha2 version. It seems ODC can't handle that CPE.
There are two other FP on this library (CVE-2023-46749 and CVE-2023-46750) and three on shiro-web-2.0.0 (CVE-2023-34478, CVE-2023-46749 and CVE-2023-46750).
Should I open an issue for each one?
The text was updated successfully, but these errors were encountered:
Maven Coordinates
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>2.0.0</version> </dependency>
Suppression rule:
<suppress base="true"> <notes><![CDATA[ FP per issue #6507 ]]></notes> <packageUrl regex="true">^pkg:maven/org\.apache\.shiro/shiro-core@.*$</packageUrl> <cpe>cpe:/a:apache:shiro</cpe> </suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/8168589126
Sorry, something went wrong.
@giacgbj No need to open other FP reports. The root of the issue is indeed with the lack of support for the update component of CPE
fix(fp): FP per issue #6507 suppress CVEs for the final release that …
af5cb69
…were only valid for the alpha-builds
Suppression should now be active
aikebah
No branches or pull requests
Package URl
pkg:maven/org.apache.shiro/shiro-core@2.0.0
CPE
cpe:2.3:a:apache:shiro:2.0.0:::::::*
CVE
CVE-2023-34478
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
9.0.9
Description
The issue is only up to the 2.0.0-alpha2 version. It seems ODC can't handle that CPE.
There are two other FP on this library (CVE-2023-46749 and CVE-2023-46750) and three on shiro-web-2.0.0 (CVE-2023-34478, CVE-2023-46749 and CVE-2023-46750).
Should I open an issue for each one?
The text was updated successfully, but these errors were encountered: