Open Marvin-Brouwer opened 2 years ago
The same issue is happening for us with different source libraries:
NETStandard.Library.2.0.0.nupkg:
System.Threading.Tasks.dll
System.Threading.Tasks.4.3.0.nupkg:
System.Threading.Tasks.dll
System.Threading.Tasks.4.3.0.nupkg:
System.Threading.Tasks.dll
System.Threading.Tasks.Extensions.4.5.4.nupkg: System.Threading.Tasks.Extensions.dll System.Threading.Tasks.Extensions:4.5.4 System.Threading.Tasks:4.3.0
Package URl
pkg:generic/Nito.AsyncEx.Tasks@5.1.2
CPE
cpe:2.3\:a:tasks:tasks:5.1.2:*:*:*:*:*:*:*
CVE
CVE-2020-22475
ODC Integration
No response
ODC Version
6.5.3
Description
I've seen this one come up in a couple of versions of this library now so I filed a report with the author: https://github.com/StephenCleary/AsyncEx/issues/251
It appears DependencyCheck is looking for a "Tasks" application which has a bug fixed in 9.7.3. However this NuGet is
Nito.AsyncEx.Tasks
so it's matching on the wrong name.