github-actions[bot]
commented
1 month ago Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9222420898
Open aggeboe opened 1 month ago
github-actions[bot]
commented
1 month ago Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9222420898
github-actions[bot]
commented
1 month ago Error parsing package url: pkg:maven/io.prometheus/prometheus-metrics-config@1.2.1,.
Error: Error: Invalid purl: version must be percent-encoded
Please correct the package URL - consider copying the package url from the HTML report.
github-actions[bot]
commented
1 month ago Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9222454485
github-actions[bot]
commented
1 month ago Maven Coordinates
<dependency>
<groupId>io.prometheus</groupId>
<artifactId>prometheus-metrics-config</artifactId>
<version>1.2.1</version>
</dependency>Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6686
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.prometheus/prometheus-metrics-config@.*$</packageUrl>
<cpe>cpe:/a:prometheus:prometheus</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9222469707
github-actions[bot]
commented
1 month ago Error parsing package url: pkg:maven/io.prometheus/prometheus-metrics-config@1.2.1 pkg:maven/io.prometheus/prometheus-metrics-core@1.2.1.
Error: Error: Invalid purl: version must be percent-encoded
Please correct the package URL - consider copying the package url from the HTML report.
github-actions[bot]
commented
1 month ago Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9222513263
github-actions[bot]
commented
1 month ago Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9222543399
github-actions[bot]
commented
1 month ago Maven Coordinates
<dependency>
<groupId>io.prometheus</groupId>
<artifactId>prometheus-metrics-config</artifactId>
<version>1.2.1</version>
</dependency>Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6686
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.prometheus/prometheus-metrics-config@.*$</packageUrl>
<cpe>cpe:/a:prometheus:prometheus</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9222601109
aggeboe
commented
1 month ago The suppression rule should be updated to something like
<suppress base="true">
<notes><![CDATA[
FP per issue #6686
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.prometheus/prometheus-metrics-.*@.*$</packageUrl>
<cpe>cpe:/a:prometheus:prometheus</cpe>
</suppress>
Package URl
pkg:maven/io.prometheus/prometheus-metrics-config@1.2.1
CPE
cpe:2.3:a:prometheus:prometheus:1.2.1:::::::*
CVE
CVE-2019-3826
ODC Integration
{"label"=>"Gradle Plugin"}
ODC Version
8.4.3
Description
prometheus-metrics-config-1.2.1.jar (pkg:maven/io.prometheus/prometheus-metrics-config@1.2.1, cpe:2.3:a:prometheus:prometheus:1.2.1:::::::) : CVE-2019-3826 prometheus-metrics-core-1.2.1.jar (pkg:maven/io.prometheus/prometheus-metrics-core@1.2.1, cpe:2.3:a:prometheus:prometheus:1.2.1:::::::) : CVE-2019-3826 prometheus-metrics-exposition-formats-1.2.1.jar (pkg:maven/io.prometheus/prometheus-metrics-exposition-formats@1.2.1, cpe:2.3:a:prometheus:prometheus:1.2.1:::::::) : CVE-2019-3826 prometheus-metrics-model-1.2.1.jar (pkg:maven/io.prometheus/prometheus-metrics-model@1.2.1, cpe:2.3:a:prometheus:prometheus:1.2.1:::::::) : CVE-2019-3826 prometheus-metrics-shaded-protobuf-1.2.1.jar (pkg:maven/io.prometheus/prometheus-metrics-shaded-protobuf@1.2.1, cpe:2.3:a:prometheus:prometheus:1.2.1:::::::, cpe:2.3:a:protobuf:protobuf:1.2.1:::::::) : CVE-2019-3826 prometheus-metrics-tracer-common-1.2.1.jar (pkg:maven/io.prometheus/prometheus-metrics-tracer-common@1.2.1, cpe:2.3:a:prometheus:prometheus:1.2.1:::::::*) : CVE-2019-3826