Open PrashanthPragadeeswaran opened 1 month ago
Maven Coordinates
<dependency>
<groupId>org.eclipse.jgit</groupId>
<artifactId>org.eclipse.jgit</artifactId>
<version>5.13.3.202401111512-r</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6685
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$</packageUrl>
<cpe>cpe:/a:eclipse:jgit</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9221357087
This is a duplicate of #5943 - please use the search before you open new issues.
Package URl
pkg:maven/org.eclipse.jgit/org.eclipse.jgit@5.13.3.202401111512-r
CPE
cpe:2.3:a:eclipse:jgit:5.13.3:202401111512::::::
CVE
CVE-2023-4759
ODC Integration
None
ODC Version
9.2.0
Description
Updated to latest org.eclipse.jgit@5.13.3.202401111512-r jar and on running the dependency check the jar is getting flagged with old CVE reference "CVE-2023-4759".