Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FN] CVE-2023-5590 is not reported for Selenium.WebDriver@3.141.0 #288

Closed
prabhu opened this issue Apr 4, 2024 · 1 comment
Closed

[FN] CVE-2023-5590 is not reported for Selenium.WebDriver@3.141.0 #288

prabhu opened this issue Apr 4, 2024 · 1 comment
Labels
false-negative sponsored

Comments

@prabhu
Copy link
Member

prabhu commented Apr 4, 2024 

python depscan/cli.py --purl "pkg:nuget/Selenium.WebDriver@3.141.0" --reports-dir /tmp/reports
@prabhu
Copy link
Member Author

prabhu commented Apr 4, 2024
edited
Loading

vdb6 doesn't have entries for nuget either. So we might need some aliasing magic to make this mapping work.

vdb6-selenium

prabhu added a commit that referenced this issue Apr 4, 2024
@prabhu
Fixes #288
30a451b 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu prabhu mentioned this issue Apr 4, 2024
Merged
prabhu added a commit that referenced this issue Apr 4, 2024
@prabhu
Adhoc FP and FN fixes (#289)
a27b6ec 
* Fixes #288

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Suppress false positives when the package name is core

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Do not match application CVEs from OS distros

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Filter some NVD results based on sw_edition. Trims some amount of false positives

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Update vdb to get alpine version compare false positives

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu prabhu closed this as completed Apr 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
false-negative sponsored
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@prabhu