Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FP]: MongoDB.Bson #6128

Open
echalone opened this issue Nov 24, 2023 · 1 comment
Open

[FP]: MongoDB.Bson #6128

echalone opened this issue Nov 24, 2023 · 1 comment
Labels
dotnet FP Report

Comments

@echalone
Copy link
Contributor

Package URl

pkg:nuget/[email protected]

CPE

cpe:2.3:a:mongodb:bson:2.22.0:::::::*

CVE

CVE-2015-4411

ODC Integration

None

ODC Version

8.4.3

Description

A false positive for the mongodb/bson-ruby library (https://github.com/mongodb/bson-ruby) is reported, when in reality it is the MongoDB.Bson NuGet package (https://www.nuget.org/packages/MongoDB.Bson) for which there isn't even a version 3.0.4 released yet that's "required by this CVE to fix it".
@github-actions GitHub Actions
Copy link
Contributor

Nuget Coordinates

dotnet add package MongoDB.Bson --version 2.22.0

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6128
   ]]></notes>
   <packageUrl regex="true">^pkg:nuget/MongoDB\.Bson@.*$</packageUrl>
   <cpe>cpe:/a:mongodb:bson</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/6978033450

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dotnet FP Report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@echalone