False positif CVE-2023-29827 linked to ejs@3.1.10

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

https://dependencytrack.org/

Apache License 2.0

2.44k stars 531 forks source link

Open JingLeiTalan opened 3 days ago

JingLeiTalan commented 3 days ago

image (1)

1.generate sbom based on one angular project

This CVE should not be liked to current dependency

4.7.x

Container Image

PostgreSQL

No response

Google Chrome

[X] I have read and understand the contributing guidelines
[X] I have checked the existing issues for whether this defect was already reported

VinodAnandan commented 3 days ago

@JingLeiTalan Looks like this was reported by OSS Index. You can request the record to be corrected here: https://ossindex.sonatype.org/doc/report-vulnerability