DependencyCheck [FP]: False positive against google-http-client-gson@1.41.8, showing up a cve for google.gson lower than 2.8.9

Package URl

pkg:maven/com.google.http-client/[email protected]

CPE

cpe:2.3:a:google:gson:1.41.8:::::::*

CVE

CVE-2022-25647

ODC Integration

No response

ODC Version

6.5.3

Description

False positive against [email protected], showing up a cve for google.gson lower than 2.8.9

Aug 01 '22 23:08 isijara

Maven Coordinates

<dependency>
   <groupId>com.google.http-client</groupId>
   <artifactId>google-http-client-gson</artifactId>
   <version>1.41.8</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4722
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.google\.http-client/google-http-client-gson@.*$</packageUrl>
   <cpe>cpe:/a:google:gson</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2778574169

Aug 01 '22 23:08 github-actions[bot]

Maven Coordinates

<dependency>
   <groupId>com.google.http-client</groupId>
   <artifactId>google-http-client-gson</artifactId>
   <version>1.41.8</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4722
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.google\.http-client/google-http-client-gson@.*$</packageUrl>
   <cpe>cpe:/a:google:gson</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2778576383

Aug 01 '22 23:08 github-actions[bot]

Please update to 7.1.1 and your issue is resolved

Aug 02 '22 21:08 aikebah

[FP]: False positive against [email protected], showing up a cve for google.gson lower than 2.8.9

Package URl

CPE

CVE

ODC Integration

ODC Version

Description