Hans Aikema
Hans Aikema
@jeremylong one solution would be to only support Oracle 23c and above for a central database... as that has finally introduced support for the SQL Boolean datatype https://oracle-base.com/articles/23c/boolean-data-type-23c the issue...
MS SQL Server is likely to suffer from the same issue as the datatype used for booleans in that schema (and the stored procedure update_vulnerability) is BIT. So unless the...
@RobSHK all version of Oracle are affected... there is a type-mismatch between the stored-procedure argument (NUMBER(1)) and the type (java.sql.Types.BOOLEAN) argument of the setNull for boolean fields in Oracle. Same...
Looks like BIT should work for Oracle indeed (it's one of the datatypes for a NUMBER column). As indicated most likely we'll need the same for MS SQL server (where...
CVE description says nothing about the group, only that it's about Axis 1, but your derivation that Axis 1 is the org.apache.axis groupId and Axis 2/Java is the org.apache.axis2 groupId...
Spotted the same on my system as well... on the first update after upgrading to8.4.2. It's related to the [upgrade to JCSv3](https://github.com/jeremylong/DependencyCheck/pull/5114), but I did not spot it in subsequent...
The reason for it can be derived from the ['How it works'](http://jeremylong.github.io/DependencyCheck/general/internals.html) in our documentation: CPE's, which are the key towards CVEs from the NVD vulnerabilities datasource, are derived from...
I'd need to see some substantial proof for 'oftentimes' to even lightly consider this as an available option, but strongly discouraged practice, as in my exeprience most CVEs start off...
Would require an enhancement where the language field of NVD data is taken into account as this CPE has per platform(programming language) a different unbounded up-to-excluding listing https://nvd.nist.gov/vuln/detail/CVE-2023-36415 leading to...
@martin-traverse only relevant for multi-language frameworks like this one, as for single language libs the language component is typically left out in the CPE coordinates