[FP]: java spring-boot-starter-cache library is marked affected by CVE-2020-36448 for Rust

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

https://owasp.org/www-project-dependency-check/

Apache License 2.0

6.29k stars 1.26k forks source link

[FP]: java spring-boot-starter-cache library is marked affected by CVE-2020-36448 for Rust #6874

Closed lor1an0 closed 2 weeks ago

lor1an0 commented 1 month ago

Package URl

pkg:maven/org.springframework.boot/spring-boot-starter-cache@3.3.1

CPE

cpe:2.3:a:cache_project:cache:3.3.1:::::::*

CVE

CVE-2020-36448

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

10.0.3

Description

Original CPE cpe:2.3:a:cache_project:cache:*:*:*:*:*:rust:*:* specifies rust language.

github-actions[bot] commented 1 month ago

Maven Coordinates

<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-cache</artifactId>
   <version>3.3.1</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6874
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring-boot-starter-cache@.*$</packageUrl>
   <cpe>cpe:/a:cache_project:cache</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/10108956447

aikebah commented 2 weeks ago

approved

github-actions[bot] commented 2 weeks ago

Suppress rule has been added to the generatedSuppressions branch.