Open AndreyMZ opened 10 months ago
Maven Coordinates
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>3.1.5</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6268
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring-boot-starter-web@.*$</packageUrl>
<cpe>cpe:/a:vmware:spring_boot</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7146868876
Maven Coordinates
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>3.1.5</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6268
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring-boot-starter-web@.*$</packageUrl>
<cpe>cpe:/a:vmware:spring_boot</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7147931473
Package URl
pkg:maven/org.springframework.boot/spring-boot-starter-web@3.1.5
CPE
cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*
CVE
CVE-2023-34055
ODC Integration
{"label"=>"Gradle Plugin"}
ODC Version
9.0.4
Description
Additional information 1
All other
spring-boot-*
packages are also detected by OWASP DC as affected by this vulnerability.Additional information 2
In OSS Index for some reason this vulnerability was attributed to
spring-boot-actuator
and notspring-boot
:In other places it is attributed to
spring-boot
only:However, it definitely should not be attributed to all
spring-boot-*
packages.