Open rajeeviiit2108 opened 6 days ago
Maven Coordinates
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-pax-web-undertow</artifactId>
<version>18.0.2</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #7012
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak-pax-web-undertow@.*$</packageUrl>
<cpe>cpe:/a:keycloak:keycloak</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/11209902050
Package URl
pkg:maven/org.keycloak/keycloak-pax-web-undertow@18.0.2
CPE
cpe:2.3:a:keycloak:keycloak:18.0.2:::::::*
CVE
CVE-2024-7341
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
{"label"=>"Maven Plugin"}
Description
While scanning against our Karaf 4.4.4 image, Dependency Checker reports incorrectly matching mvn:org.keycloak/keycloak-osgi-features/18.0.2 to redhat keycloak that is affected by the mentioned CVE