Incorrect vulnerability details for CVE-2018-18928 icu4j

[urld]

Vulnerability URL Provide the URL to the vulnerability. For example:

https://ossindex.sonatype.org/vulnerability/CVE-2018-18928?component-type=maven&component-name=com.ibm.icu%2Ficu4j&utm_source=dependency-check&utm_medium=integration&utm_content=7.1.1

Component URL Provide the URL to the component. For example:

https://ossindex.sonatype.org/component/pkg:maven/com.ibm.icu/icu4j

Description icu4j should not be affected by vulnerarbilities in the c++ implementation of icu. See cpe in https://nvd.nist.gov/vuln/detail/CVE-2018-18928

[ken-duck]

Sorry for the delay. We have been working on getting appropriate internal processes defined for dealing with data issues in the new data set. We are now working on catching up on the backlog.

This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.

[ken-duck]

Sonatype's Deep Dive research determined that the Java component is affected by this vulnerability...

The Java component is a direct port intended to have identical functionality, and while the advisories only pointed towards the C/C++ components, the developers of the project determined that the issue needed to be fixed in both components.