DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: CVE-2018-14335 on newest versions of H2 Database

Open kelvinqian00 opened this issue 3 years ago • 2 comments

Package URl

pkg:maven/com.h2database/[email protected]

CPE

cpe:2.3:a:h2database:h2:2.1.212:::::::*

CVE

CVE-2018-14335

ODC Integration

No response

ODC Version

7.1.0

Description

According to the maintainer of the H2 database, this CVE should only affect versions 1.4.197 and older. However, ever since OSS Index was updated on May 25, 2022, newer versions such as 2.1.212 have been marked as affected.

Link: https://github.com/h2database/h2database/issues/3175#issuecomment-1142186324

kelvinqian00 avatar May 31 '22 14:05 kelvinqian00

Maven Coordinates

<dependency>
   <groupId>com.h2database</groupId>
   <artifactId>h2</artifactId>
   <version>2.1.212</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4555
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
   <cpe>cpe:/a:h2database:h2</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2415604019

github-actions[bot] avatar May 31 '22 14:05 github-actions[bot]

Is reported upstream to the vulnerability datasource that reports it as https://github.com/OSSIndex/vulns/issues/277

aikebah avatar Jun 06 '22 09:06 aikebah

Has been resolved by OSSINDEX

aikebah avatar Aug 17 '22 13:08 aikebah