DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: pkg:npm/opener

Open SkippedTurn opened this issue 2 years ago • 1 comments

Package URl

pkg:npm/[email protected]

CPE

cpe:2.3:a:opener_project:opener:1.5.2:*:*:*:*:*:*:*

CVE

CVE-2021-27478, CVE-2021-27482, CVE-2021-27498, CVE-2021-27500

ODC Integration

{"label"=>"Maven Plugin"}

ODC Version

7.1.0

Description

The mentioned vulnerabilities are present in the EIPStackGroup/OpENer library, not in the npm opener package mentioned in this report.

SkippedTurn avatar May 24 '22 11:05 SkippedTurn

Npm Coordinates

npm -i [email protected]

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4525
   ]]></notes>
   <packageUrl regex="true">^pkg:npm/opener@.*$</packageUrl>
   <cpe>cpe:/a:opener_project:opener</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2377401722

github-actions[bot] avatar May 24 '22 11:05 github-actions[bot]

Any intention to address this false positive?

JoergHeinicke5005 avatar Jan 14 '23 20:01 JoergHeinicke5005

can we get an update on this? the latest NPM version itself has opener installed so it is really annoying

jjoshm avatar Mar 21 '23 10:03 jjoshm