[FP]: glassfish project implementations (JAXB etc) mistaken for glassfish server #7015
Comments
|
Maven Coordinates <dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-core</artifactId>
<version>4.0.5</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #7015
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish\.jaxb/jaxb-core@.*$</packageUrl>
<cpe>cpe:/a:eclipse:glassfish</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/11227870573 |
chadlwilson
changed the title
|
Maven Coordinates <dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-core</artifactId>
<version>4.0.5</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #7015
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish\.jaxb/jaxb-core@.*$</packageUrl>
<cpe>cpe:/a:eclipse:glassfish</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/11228009768 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/org.glassfish.jaxb/[email protected]
CPE
cpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*CVE
CVE-2024-9329
ODC Integration
{"label"=>"Gradle Plugin"}
ODC Version
10.0.4
Description
https://nvd.nist.gov/vuln/detail/CVE-2024-9329 has been reported on Glassfish server however is being reported on all manner of projects maintained separately under
org.glassfish.xgroups in Maven Central.I'll attempt to submit a custom generatedSuppression to turn #6626 into something more generic. (this CVE had a lower bound affected version so didn't lead to too many false positives)
The text was updated successfully, but these errors were encountered: