search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.37k stars 1.27k forks source link

False Positive on cron4j-2.2.5.jar #3548

Closed iherasymenko closed 3 years ago

iherasymenko commented 3 years ago

False positive on library cron4j-2.2.5.jar - reported as cpe:2.3:a:cron_project:cron:2.2.5:*:*:*:*:*:*:*

<dependency>
    <groupId>it.sauronsoftware.cron4j</groupId>
    <artifactId>cron4j</artifactId>
    <version>2.2.5</version>
</dependency>

https://ossindex.sonatype.org/component/pkg:maven/it.sauronsoftware.cron4j/cron4j@2.2.5?utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2

jeremylong commented 3 years ago

Fixed with https://github.com/jeremylong/DependencyCheck/pull/3556