DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: Hibernate Commons Annotations confused with Hibernate ORM itself

Open chadlwilson opened this issue 3 years ago • 1 comments

Package URl

pkg:maven/org.hibernate/[email protected]

CPE

cpe:/a:hibernate:hibernate_orm

CVE

No response

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

7.1.1

Description

Hibernate Commons Annotations is a different project, versioned separately to the core "Hibernate ORM", so CVEs against this are misleading and false positives.

See https://mvnrepository.com/artifact/org.hibernate/hibernate-commons-annotations

chadlwilson avatar Jul 06 '22 15:07 chadlwilson

Maven Coordinates

<dependency>
   <groupId>org.hibernate</groupId>
   <artifactId>hibernate-commons-annotations</artifactId>
   <version>3.2.0.Final</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4651
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.hibernate/hibernate-commons-annotations@.*$</packageUrl>
   <cpe>cpe:/a:hibernate:hibernate_orm</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2623974667

github-actions[bot] avatar Jul 06 '22 15:07 github-actions[bot]

Maven Coordinates

<dependency>
   <groupId>org.hibernate</groupId>
   <artifactId>hibernate-commons-annotations</artifactId>
   <version>3.2.0.Final</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4651
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.hibernate/hibernate-commons-annotations@.*$</packageUrl>
   <cpe>cpe:/a:hibernate:hibernate_orm`</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/3172107195

github-actions[bot] avatar Oct 03 '22 06:10 github-actions[bot]

Maven Coordinates

<dependency>
   <groupId>org.hibernate</groupId>
   <artifactId>hibernate-commons-annotations</artifactId>
   <version>3.2.0.Final</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4651
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.hibernate/hibernate-commons-annotations@.*$</packageUrl>
   <cpe>cpe:/a:hibernate:hibernate_orm</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/3172119490

github-actions[bot] avatar Oct 03 '22 06:10 github-actions[bot]

approved

aikebah avatar Nov 26 '22 19:11 aikebah

Suppress rule has been added to the generatedSuppressions branch.

github-actions[bot] avatar Nov 26 '22 19:11 github-actions[bot]