DependencyCheck
DependencyCheck copied to clipboard
jeremylong
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.4.0 to 42.4.1. Changelog Sourced from postgresql's changelog. Changelog Notable changes since version 42.0.0, read the complete History of Changes. The format is based on Keep a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
### Package URl pkg:maven/com.openhtmltopdf/[email protected] ### CPE cpe:2.3:a:jsoup:jsoup:1.0.0:*:*:*:*:*:*:* ### CVE CVE-2021-37714, CVE-2015-6748 ### ODC Integration {"label"=>"Gradle Plugin"} ### ODC Version 7.1.1 ### Description openhtmltopdf-jsoup-dom-converter-1.0.0.jar flagged with cpe:2.3:a:jsoup:jsoup:1.0.0:*:*:*:*:*:*:*
[FP]: flexmark-ext-xwiki-macros-0.62.2.jar flagged with cpe:2.3:a:xwiki:xwiki:0.62.2:*:*:*:*:*:*:*
### Package URl pkg:maven/com.vladsch.flexmark/[email protected] ### CPE cpe:2.3:a:xwiki:xwiki:0.62.2:*:*:*:*:*:*:* ### CVE CVE-2022-29161, CVE-2020-15252, CVE-2010-4641, CVE-2020-13654, CVE-2022-23619, CVE-2020-15171, CVE-2021-32732, CVE-2022-23617, CVE-2021-29459, CVE-2022-23618, CVE-2022-23622, CVE-2021-32730, CVE-2018-16277, CVE-2022-23620, CVE-2022-24819, CVE-2022-24820, CVE-2022-23621, CVE-2010-4642, CVE-2007-4898 ### ODC...
### Package URl pkg:maven/com.vladsch.flexmark/[email protected] ### CPE cpe:2.3:a:processing:processing:0.62.2:*:*:*:*:*:*:* ### CVE CVE-2018-1000840 ### ODC Integration {"label"=>"Gradle Plugin"} ### ODC Version 7.1.1 ### Description flexmark-ext-macros-0.62.2.jar flagged with cpe:2.3:a:processing:processing:0.62.2:*:*:*:*:*:*:*
### Package URl pkg:maven/org.jfrog.artifactory.client/[email protected] ### CPE cpe:2.3:a:jfrog:artifactory:2.13.0:*:*:*:*:*:*:* ### CVE CVE-2016-10036, CVE-2019-17444, CVE-2020-7931, CVE-2021-3860, CVE-2018-1000424, CVE-2020-2165, CVE-2019-19937, CVE-2019-10324, CVE-2020-2164, CVE-2021-41834, CVE-2019-10321, CVE-2019-10322, CVE-2019-10323 ### ODC Integration {"label"=>"Gradle Plugin"} ### ODC Version...
Hi there, I am currently using temurin jdk `11.0.15+10` and found that this CVE is resolved in version `11.0.16+8`. Despite upgraded to `11.0.16+8`, this CVE is still being flagged out....
### Package URl pkg:maven/xerces/[email protected] ### CPE `cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*` ### CVE CVE-2017-10355 ### ODC Integration {"label"=>"Gradle Plugin"} ### ODC Version 7.1.1 ### Description I can't see why the pkg matches with the...
### Package URl pkg:maven/org.apache.camel/[email protected] ### CPE `cpe:2.3:a:apache:activemq:3.18.0:*:*:*:*:*:*:*`, `cpe:2.3:a:apache:camel:3.18.0:*:*:*:*:*:*:*` ### CVE Multiple ### ODC Integration {"label"=>"CLI"} ### ODC Version 7.1.1 ### Description This is a tricky one I think... Apache Camel...
### Package URl pkg:maven/com.google.http-client/[email protected] ### CPE cpe:2.3:a:google:gson:1.41.8:*:*:*:*:*:*:* ### CVE CVE-2022-25647 ### ODC Integration _No response_ ### ODC Version 6.5.3 ### Description False positive against [email protected], showing up a cve for...
Due to situations like https://github.com/jeremylong/DependencyCheck/issues/4670, https://github.com/jeremylong/DependencyCheck/issues/4671, https://github.com/jeremylong/DependencyCheck/issues/4677, https://github.com/jeremylong/DependencyCheck/issues/4690 - ODC needs to be able to respond faster and provide an updated suppression file when situations like this occur. 1. Implement...
Metadata
Owner
Metadata
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.