search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.2k stars 1.25k forks source link

[FP]: Textract Jar #5712

Open rochish-suresh opened 1 year ago

rochish-suresh commented 1 year ago

Package URl

textract-1.2.0.jar

CPE

cpe:2.3:a:textract_project:textract:1.2.0:::::::*

CVE

CVE-2016-10320

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

8.2.1

Description

The textract jar is not used in the project, but provides a CVE

github-actions[bot] commented 1 year ago

Error parsing package url: textract-1.2.0.jar.

Error: Error: purl is missing the required "pkg" scheme component.

Please correct the package URL - consider copying the package url from the HTML report.

github-actions[bot] commented 1 year ago

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/4936288718