search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.44k stars 1.28k forks source link

[FP]: flexmark-ext-xwiki-macros-0.62.2.jar flagged with cpe:2.3:a:xwiki:xwiki:0.62.2:*:*:*:*:*:*:* #4728

Closed cmuchinsky closed 2 years ago

cmuchinsky commented 2 years ago

Package URl

pkg:maven/com.vladsch.flexmark/flexmark-ext-xwiki-macros@0.62.2

CPE

cpe:2.3:a:xwiki:xwiki:0.62.2:::::::*

CVE

CVE-2022-29161, CVE-2020-15252, CVE-2010-4641, CVE-2020-13654, CVE-2022-23619, CVE-2020-15171, CVE-2021-32732, CVE-2022-23617, CVE-2021-29459, CVE-2022-23618, CVE-2022-23622, CVE-2021-32730, CVE-2018-16277, CVE-2022-23620, CVE-2022-24819, CVE-2022-24820, CVE-2022-23621, CVE-2010-4642, CVE-2007-4898

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

7.1.1

Description

flexmark-ext-xwiki-macros-0.62.2.jar flagged with cpe:2.3:a:xwiki:xwiki:0.62.2:::::::*

github-actions[bot] commented 2 years ago

Maven Coordinates

<dependency>
   <groupId>com.vladsch.flexmark</groupId>
   <artifactId>flexmark-ext-xwiki-macros</artifactId>
   <version>0.62.2</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4728
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.vladsch\.flexmark/flexmark-ext-xwiki-macros@.*$</packageUrl>
   <cpe>cpe:/a:xwiki:xwiki</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2789671287

aikebah commented 2 years ago

approved

github-actions[bot] commented 2 years ago

Suppress rule has been added to the generatedSuppressions branch.