Closed jubui closed 2 weeks ago
Error parsing package url: maven/commons-configuration/commons-configuration@1.10.
Error: Error: purl is missing the required "pkg" scheme component.
Please correct the package URL - consider copying the package url from the HTML report.
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9069037587
Error parsing package url: maven/commons-configuration/commons-configuration@1.10.
Error: Error: purl is missing the required "pkg" scheme component.
Please correct the package URL - consider copying the package url from the HTML report.
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9069069891
Maven Coordinates
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>1.10</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6665
]]></notes>
<packageUrl regex="true">^pkg:maven/commons-configuration/commons-configuration@.*$</packageUrl>
<cpe>cpe:/a:apache:commons_configuration</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9069073455
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9069076873
Maven Coordinates
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>1.10</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6665
]]></notes>
<packageUrl regex="true">^pkg:maven/commons-configuration/commons-configuration@.*$</packageUrl>
<cpe>cpe:/a:apache:commons_configuration</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9069075213
duplicate of #6555 The OSSINDEX indicates that the library is vulnerable, we just report their assessment. Whether that assessment is correct or not is something to raise with them.
Package URl
pkg:maven/commons-configuration/commons-configuration@1.10
CPE
cpe:2.3:a:apache:commons_configuration:1.10:*:*:*:*:*:*:*
CVE
CVE-2024-29131 CVE-2024-29133
ODC Integration
None
ODC Version
8.1.2
Description
CVE-2024-29131 and CVE-2024-29133 both indicate that the affected versions are [2.0,2.10.1) and so this version (1.10) is not affected.