[FP]: CVE-2022-3171 on protobuf-java 3.25.3 #6711
Comments
|
Maven Coordinates <dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-protobuf</artifactId>
<version>1.44.1</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6711
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.http-client/google-http-client-protobuf@.*$</packageUrl>
<cpe>cpe:/a:google:protobuf-java</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9378726218 |
|
approved |
|
Suppress rule has been added to the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/com.google.http-client/google-http-client-protobuf@1.44.1
CPE
cpe:2.3:a:google:protobuf-java:1.44.1:*:*:*:*:*:*:*CVE
CVE-2022-3171
ODC Integration
{"label"=>"Gradle Plugin"}
ODC Version
9.2.0
Description
We are using GCP dependencies with version 5.4.1
We got the HIGH severity vulnerability in the library google-http-client-protobuf-1.44.1.jar
We checked OSSINDEX and there is no vulnerability in the above library https://central.sonatype.com/artifact/com.google.http-client/google-http-client-protobuf/1.44.1/versions
CPE is coming from protobuf-java:1.44.1 but in dependency tree 3.25.3 is there.
The text was updated successfully, but these errors were encountered: