Closed gkecskemjlr closed 11 months ago
Describe the bug When running a dependency check on a project that depends on this project, the dependency check fails.
To Reproduce Add the dependency to the pom:
<dependency> <groupId>io.asyncer</groupId> <artifactId>r2dbc-mysql</artifactId> <version>1.0.3</version> </dependency>
Add owasp dependency check to the pom's build plugins section:
<plugin> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> <version>8.4.0</version> <configuration> <failBuildOnCVSS>4</failBuildOnCVSS> <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled> </configuration> <executions> <execution> <goals> <goal>check</goal> </goals> </execution> </executions> </plugin>
Run: mvn dependency-check:check
mvn dependency-check:check
Expected behavior There should not be any security issues raised.
Current result: r2dbc-mysql-1.0.3.jar (pkg:maven/io.asyncer/r2dbc-mysql@1.0.3, cpe:2.3:a:mysql:mysql:1.0.3:*:*:*:*:*:*:*) : CVE-2017-15945, CVE-2009-4028, CVE-2010-1621, CVE-2007-2691, CVE-2015-2575, CVE-2007-5925, CVE-2009-0819, CVE-2010-3677, CVE-2010-3682, CVE-2010-1626, CVE-2007-1420
r2dbc-mysql-1.0.3.jar (pkg:maven/io.asyncer/r2dbc-mysql@1.0.3, cpe:2.3:a:mysql:mysql:1.0.3:*:*:*:*:*:*:*) : CVE-2017-15945, CVE-2009-4028, CVE-2010-1621, CVE-2007-2691, CVE-2015-2575, CVE-2007-5925, CVE-2009-0819, CVE-2010-3677, CVE-2010-3682, CVE-2010-1626, CVE-2007-1420
Thank you very much for bringing up this issue. It appears to be a false positive. I have just created a ticket for it. You can find the ticket here: link.
Resolved
Describe the bug When running a dependency check on a project that depends on this project, the dependency check fails.
To Reproduce Add the dependency to the pom:
Add owasp dependency check to the pom's build plugins section:
Run:
mvn dependency-check:check
Expected behavior There should not be any security issues raised.
Current result:
r2dbc-mysql-1.0.3.jar (pkg:maven/io.asyncer/r2dbc-mysql@1.0.3, cpe:2.3:a:mysql:mysql:1.0.3:*:*:*:*:*:*:*) : CVE-2017-15945, CVE-2009-4028, CVE-2010-1621, CVE-2007-2691, CVE-2015-2575, CVE-2007-5925, CVE-2009-0819, CVE-2010-3677, CVE-2010-3682, CVE-2010-1626, CVE-2007-1420