DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

False Positive on elastic-apm-agent

Open OrangeDog opened this issue 3 years ago • 1 comments

apm-agent-attach-1.28.1.jar\META-INF/maven/co.elastic.apm/apm-agent-common/pom.xml (pkg:maven/co.elastic.apm/[email protected], cpe:2.3:a:elastic:apm_agent:1.28.1:*:*:*:*:*:*:*) : CVE-2019-7617 apm-agent-attach-1.28.1.jar (pkg:maven/co.elastic.apm/[email protected], cpe:2.3:a:elastic:apm_agent:1.28.1:*:*:*:*:*:*:*) : CVE-2019-7617 elastic-apm-agent-1.28.1.jar (pkg:maven/co.elastic.apm/[email protected], cpe:2.3:a:elastic:apm_agent:1.28.1:*:*:*:*:*:*:*) : CVE-2019-7617

<dependency>
  <groupId>co.elastic.apm</groupId>
  <artifactId>apm-agent-attach</artifactId>
  <version>1.28.1</version>
</dependency>

CVE-2019-7617 is for the Python agent, not the Java agent. The NVD entry specifies this: cpe:2.3:a:elastic:apm_agent:*:*:*:*:*:python:*:*

OrangeDog avatar Dec 14 '21 15:12 OrangeDog

Would need enhancement in DependencyCheck to take target_sw CPE attribute into account

aikebah avatar Jun 08 '22 16:06 aikebah