False positive for quarkus-core 3.8.4 vulnerability

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.66k stars 304 forks source link

False positive for quarkus-core 3.8.4 vulnerability #4483

Open khaledgithubwl opened 1 month ago

khaledgithubwl commented 1 month ago

hello I am experiencing some issues regarding this component I am using quarkus-core 3.8.4 and it raises whith github advisories this finding: https://github.com/advisories/GHSA-f8h5-v2vg-46rr Can you please tell me why i get this vulnerability in this version.. as I am seeing in the link here that the version 3.8.4 is a patched version.

Best regards,

codespearhead commented 3 weeks ago

What tool is alerting you that 3.8.4 is affected by CVE-2024-2700?

khaledgithubwl commented 3 weeks ago

@codespearhead it is dependency track