[FP]: microprofile-jwt-auth-api-2.0 identified as payara:2.0

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

https://owasp.org/www-project-dependency-check/

Apache License 2.0

6.3k stars 1.26k forks source link

[FP]: microprofile-jwt-auth-api-2.0 identified as payara:2.0 #5375

Closed Lars5678 closed 1 year ago

Lars5678 commented 1 year ago

Package URl

pkg:maven/org.eclipse.microprofile.jwt/microprofile-jwt-auth-api@2.0

CPE

cpe:2.3:a:payara:payara:2.0:*:*:*:*:*:*:*

CVE

CVE-2022-45129

ODC Integration

{"label"=>"Maven Plugin"}

ODC Version

8.0.1

Description

microprofile-jwt-auth-api-2.0 identified as payara:2.0

github-actions[bot] commented 1 year ago

Maven Coordinates

<dependency>
   <groupId>org.eclipse.microprofile.jwt</groupId>
   <artifactId>microprofile-jwt-auth-api</artifactId>
   <version>2.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #5375
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.eclipse\.microprofile\.jwt/microprofile-jwt-auth-api@.*$</packageUrl>
   <cpe>cpe:/a:payara:payara</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/3995279319

aikebah commented 1 year ago

approved

github-actions[bot] commented 1 year ago

Suppress rule has been added to the generatedSuppressions branch.