[FP]: keycloak-pax-web-undertow-18.0.2 mapped to CVE-2024-7341 #7012
Comments
|
Maven Coordinates <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-pax-web-undertow</artifactId>
<version>18.0.2</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #7012
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak-pax-web-undertow@.*$</packageUrl>
<cpe>cpe:/a:keycloak:keycloak</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/11209902050 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/org.keycloak/[email protected]
CPE
cpe:2.3:a:keycloak:keycloak:18.0.2:::::::*
CVE
CVE-2024-7341
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
{"label"=>"Maven Plugin"}
Description
While scanning against our Karaf 4.4.4 image, Dependency Checker reports incorrectly matching mvn:org.keycloak/keycloak-osgi-features/18.0.2 to redhat keycloak that is affected by the mentioned CVE
The text was updated successfully, but these errors were encountered: