search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.32k stars 1.26k forks source link

[FP]: org.apache.wink:wink-server:1.1.2-incubating #4331

Open jpcmonster opened 2 years ago

jpcmonster commented 2 years ago

Package URl pkg:maven/org.apache.wink/wink-server@1.1.2-incubating

CPE cpe:2.3:a:apache:wink:1.1.2::::::: cpe:2.3:a:wink:wink:1.1.2:::::::

CVE https://nvd.nist.gov/vuln/detail/CVE-2017-5249

ODC Integration {"label"=>"Gradle Plugin"}

ODC Version 7.0.4

Description CVE-2017-5249 is incorrectly reported for org.apache.wink:wink-server:1.1.2-incubating; this CVE appears to be associated with a different android Wink (no mention of apache) https://www.rapid7.com/blog/post/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/ It does not appear that other sources report direct vulnerabilities in apache wink 1.1.2: https://mvnrepository.com/artifact/org.apache.wink/wink-server/1.1.2-incubating https://snyk.io/vuln/maven:org.apache.wink:wink-server

jpcmonster commented 2 years ago

@jeremylong very sorry if I filed this incorrectly - did I overlook a doc on FP filing? just checking, sorry to bother.