Open rokoman13 opened 1 week ago
Maven Coordinates
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.12.2</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6999
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.azure/azure-identity@.*$</packageUrl>
<cpe>cpe:/a:microsoft:azure_sdk_for_java</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/11101458486
Package URl
pkg:maven/com.azure/azure-identity@1.12.2
CPE
cpe:2.3:a:microsoft:azure_sdk_for_java:1.12.2:*:*:*:*:*:*:*
CVE
CVE-2023-36415
ODC Integration
None
ODC Version
10.0.4
Description
I see that vuln is actual for azure-identity (java) up to 1.10.2, but my version is 1.12.2 and CVE is still in the report (also tried azure-identity 1.13.3, the same thing)