Closed j-ferreira closed 1 week ago
Error parsing package url: ^pkg:maven/org.togglz/togglz-mongodb@.*$.
Error: Error: purl is missing the required "pkg" scheme component.
Please correct the package URL - consider copying the package url from the HTML report.
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/8936942055
Error parsing package url: ^pkg:maven/org.togglz/togglz-mongodb@.*$.
Error: Error: purl is missing the required "pkg" scheme component.
Please correct the package URL - consider copying the package url from the HTML report.
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/8936950841
Error parsing package url: ^pkg:maven/org.togglz/togglz-mongodb@.*$.
Error: Error: purl is missing the required "pkg" scheme component.
Please correct the package URL - consider copying the package url from the HTML report.
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/8936961988
Error parsing package url: pkg:maven/org.togglz/togglz-mongodb@.*$.
Error: Error: Invalid purl: version must be percent-encoded
Please correct the package URL - consider copying the package url from the HTML report.
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/8937048199
Error parsing package url: pkg:maven/org.togglz/togglz-mongodb@.*$.
Error: Error: Invalid purl: version must be percent-encoded
Please correct the package URL - consider copying the package url from the HTML report.
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/8937158860
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9000315585
Maven Coordinates
<dependency>
<groupId>org.togglz</groupId>
<artifactId>togglz-mongodb</artifactId>
<version>4.4.0</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6640
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.togglz/togglz-mongodb@.*$</packageUrl>
<cpe>cpe:/a:mongodb:mongodb</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9001817673
approved
Suppress rule has been added to the generatedSuppressions
branch.
Package URl
pkg:maven/org.togglz/togglz-mongodb@4.4.0
CPE
cpe:2.3:a:mongodb:mongodb:4.4.0:::::::*
CVE
CVE-2020-7925 CVE-2021-32040 CVE-2023-1409 CVE-2021-32036 CVE-2019-2392 CVE-2020-7926 CVE-2020-7928 CVE-2021-20326 CVE-2021-20330 CVE-2014-8180
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
9.1.0
Description
We are using tooglz in Version 4.4. with MongoDB. It seems that the dependency togglz-mongodb-4.4.0.jar is mixed up with mongodb-4.4.0.jar