We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkg:maven/fi.solita.clamav/[email protected]
cpe:2.3:a:clamav:clamav::::::::
CVE-2016-1405
{"label"=>"Maven Plugin"}
10.0.2
Per NVD Affected component: cpe:2.3:a:clamav:clamav::::::::
This https://nvd.nist.gov/vuln/detail/CVE-2016-1405 impacts only on "openid.net" packages as per NVD and cpe provided. But tool is reporting https://nvd.nist.gov/vuln/detail/CVE-2016-1405 on "fi.solita.clamav/[email protected]" jars as well which is wrong.
From Dependency Check tool team, we need confirmation on these false positives. Could you please validate and confirm?
The text was updated successfully, but these errors were encountered:
Maven Coordinates
<dependency> <groupId>fi.solita.clamav</groupId> <artifactId>clamav-client</artifactId> <version>1.0.1</version> </dependency>
Suppression rule:
<suppress base="true"> <notes><![CDATA[ FP per issue #7017 ]]></notes> <packageUrl regex="true">^pkg:maven/fi\.solita\.clamav/clamav-client@.*$</packageUrl> <cpe>cpe:/a:clamav:clamav</cpe> </suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/11228880964
Sorry, something went wrong.
Correction on above description - Impacts on "clamav:clamav" packages, not on open id.
No branches or pull requests
Package URl
pkg:maven/fi.solita.clamav/[email protected]
CPE
cpe:2.3:a:clamav:clamav::::::::
CVE
CVE-2016-1405
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
10.0.2
Description
Per NVD Affected component: cpe:2.3:a:clamav:clamav::::::::
This https://nvd.nist.gov/vuln/detail/CVE-2016-1405 impacts only on "openid.net" packages as per NVD and cpe provided. But tool is reporting https://nvd.nist.gov/vuln/detail/CVE-2016-1405 on "fi.solita.clamav/[email protected]" jars as well which is wrong.
From Dependency Check tool team, we need confirmation on these false positives. Could you please validate and confirm?
The text was updated successfully, but these errors were encountered: