jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.47k stars 1.29k forks source link

[FP]: Oracle JDBC driver internationalization support identified as Oracle database #5651

Open zubata opened 1 year ago

zubata commented 1 year ago

Package URl

pkg:maven/com.oracle.database.nls/orai18n@21.7.0.0

CPE

cpe:2.3:a:oracle:text:18c:::::::*

CVE

CVE-2020-14734, CVE-2021-2045

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

8.0.2

Description

No response

github-actions[bot] commented 1 year ago

Maven Coordinates

<dependency>
   <groupId>com.oracle.database.nls</groupId>
   <artifactId>orai18n</artifactId>
   <version>21.7.0.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #5651
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.oracle\.database\.nls/orai18n@.*$</packageUrl>
   <cpe>cpe:/a:oracle:text</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/4618639726

mousumis commented 9 months ago

Is there an estimate on when this false positive will be addressed?