search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.38k stars 1.27k forks source link

[FP]: Apache Ranger plugin for Hive matches Apache Hive #4950

Closed laurentgo closed 1 year ago

laurentgo commented 2 years ago

Package URl

pkg:maven/org.apache.ranger/ranger-hive-plugin@1.1.0

CPE

cpe:2.3:a:apache:hive:1.1.0:::::::*

CVE

No response

ODC Integration

{"label"=>"Maven Plugin"}

ODC Version

7.2.1

Description

The Apache Ranger plugin for Hive matches Apache Hive itself.

It seems there's also a False Negative with Apache Ranger not matching cpe:2.3:a:apache:ranger:*:*:*:*:*:*:*:* cpe

github-actions[bot] commented 2 years ago

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/3269379478