search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.42k stars 1.28k forks source link

[FP]: sqlite-2.4.0.aar / sqlite-framework-2.4.0.aar #6292

Open henrik-klev opened 11 months ago

henrik-klev commented 11 months ago

Package URl

pkg:maven/androidx.sqlite/sqlite@2.4.0

CPE

cpe:2.3:a:sqlite:sqlite:2.4.0:*:*:*:*:*:*:*

CVE

CVE-2017-10989, CVE-2019-19646, CVE-2020-11656, CVE-2015-5895, CVE-2018-20346, CVE-2018-20506, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2018-20505, CVE-2018-8740, CVE-2020-11655, CVE-2022-35737, CVE-2020-13630, CVE-2015-6607, CVE-2016-6153, CVE-2019-19645, CVE-2020-13434, CVE-2020-13435, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

8.4

Description

Likely related to https://github.com/jeremylong/DependencyCheck/issues/1727

github-actions[bot] commented 11 months ago

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/7192360429

aikebah commented 10 months ago

Suspected to be a side-effect of the Ecosystem issue mentioned in #6358