Open MidasJAF opened 2 hours ago
Maven Coordinates
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-core-amqp</artifactId>
<version>2.9.9</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #7124
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.azure/azure-core-amqp@.*$</packageUrl>
<cpe>cpe:/a:microsoft:azure_cli</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/11611990932
Package URl
pkg:maven/com.azure/azure-core-amqp@2.9.9
CPE
cpe:2.3:a:microsoft:azure_cli:2.9.9:*:*:*:*:*:*:*
CVE
CVE-2024-43591
ODC Integration
{"label"=>"CLI"}
ODC Version
10.0.2
Description
Releated to https://github.com/jeremylong/DependencyCheck/issues/7066 and https://github.com/jeremylong/DependencyCheck/issues/7110. Obviously it doesn't look like a java library for amqp is related to the azure cli, but I suppose it isn't impossible. It seems it's just the pattern that confuses anything azure related. Are the patterns themselves enough to conclude this is a false positive?