jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.4k stars 1.27k forks source link

[FP]: False positive for azure-core-management@1.15.3 against CVE-2024-43591 #7110

Open lemmbe opened 1 day ago

lemmbe commented 1 day ago

Package URl

pkg:maven/com.azure/azure-core-management@1.15.3

CPE

cpe:2.3:a:microsoft:azure_cli:1.15.3:::::::*

CVE

CVE-2024-43591

ODC Integration

{"label"=>"Maven Plugin"}

ODC Version

11.0.0

Description

Probably the same as the #7066

github-actions[bot] commented 1 day ago

Maven Coordinates

<dependency>
   <groupId>com.azure</groupId>
   <artifactId>azure-core-management</artifactId>
   <version>1.15.3</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #7110
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.azure/azure-core-management@.*$</packageUrl>
   <cpe>cpe:/a:microsoft:azure_cli</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/11550313657

github-actions[bot] commented 1 day ago

Maven Coordinates

<dependency>
   <groupId>com.azure</groupId>
   <artifactId>azure-core-management</artifactId>
   <version>1.15.3</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #7110
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.azure/azure-core-management@.*$</packageUrl>
   <cpe>cpe:/a:microsoft:azure_cli</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/11550365476