[FP]: Scala-Library Java module for CVE-2017-15288

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

https://owasp.org/www-project-dependency-check/

Apache License 2.0

6.47k stars 1.29k forks source link

[FP]: Scala-Library Java module for CVE-2017-15288 #6372

Open githubuserVenkat opened 10 months ago

githubuserVenkat commented 10 months ago

Package URl

Not showing in the tool

CPE

cpe:2.3:a:scala-lang:scala:2.11.11:20170413::::::

CVE

CVE-2017-15288

ODC Integration

None

ODC Version

9.0.5

Description

Actual vulnerable component is scala programming language compiler which exposes the vulnerability and it has nothing to do with Scala-Library Java module.

github-actions[bot] commented 10 months ago

Error parsing package url: Not showing in the tool.

Error: Error: purl is missing the required "pkg" scheme component.

Please correct the package URL - consider copying the package url from the HTML report.

github-actions[bot] commented 10 months ago

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/7447894672