[FP]: very old cve flagged CVE-2014-8314 for ngdbc-2.19.15.jar

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

https://owasp.org/www-project-dependency-check/

Apache License 2.0

6.34k stars 1.26k forks source link

[FP]: very old cve flagged CVE-2014-8314 for ngdbc-2.19.15.jar #6416

Open proo4509 opened 8 months ago

proo4509 commented 8 months ago

Package URl

pkg:maven/com.sap.cloud.db.jdbc/ngdbc@2.19.15

CPE

cpe:2.3:a:sap:hana:2.19.15::::::: cpe:2.3:a:sap:s\/4_hana:2.19.15:::::::

CVE

CVE-2014-8314

ODC Integration

{"label"=>"CLI"}

ODC Version

9.0.9

Description

No response

github-actions[bot] commented 8 months ago

Error parsing package url: https://ossindex.sonatype.org/component/pkg:maven/com.sap.cloud.db.jdbc/ngdbc@2.19.15?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.9.

Error: Error: purl is missing the required "pkg" scheme component.

Please correct the package URL - consider copying the package url from the HTML report.

github-actions[bot] commented 8 months ago

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/7614494532

proo4509 commented 8 months ago

https://ossindex.sonatype.org/component/pkg:maven/com.sap.cloud.db.jdbc/ngdbc@2.11.17?utm_source=dependency-check&utm_medium=integration&utm_content=9.0.9

github-actions[bot] commented 2 months ago

Maven Coordinates

<dependency>
   <groupId>com.sap.cloud.db.jdbc</groupId>
   <artifactId>ngdbc</artifactId>
   <version>2.19.15</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6416
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.sap\.cloud\.db\.jdbc/ngdbc@.*$</packageUrl>
   <cpe>cpe:/a:sap:hana</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9829575328