DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: artifactory-java-client-api-2.13.0.jar reported as cpe:2.3:a:jfrog:artifactory:2.13.0:*:*:*:*:*:*:*

Open cmuchinsky opened this issue 2 years ago • 1 comments

Package URl

pkg:maven/org.jfrog.artifactory.client/[email protected]

CPE

cpe:2.3:a:jfrog:artifactory:2.13.0:::::::*

CVE

CVE-2016-10036, CVE-2019-17444, CVE-2020-7931, CVE-2021-3860, CVE-2018-1000424, CVE-2020-2165, CVE-2019-19937, CVE-2019-10324, CVE-2020-2164, CVE-2021-41834, CVE-2019-10321, CVE-2019-10322, CVE-2019-10323

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

7.1.1

Description

The artifactory-java-client--2.13.0.jar files are being reported as cpe:2.3:a:jfrog:artifactory:2.13.0:::::::, however that cpe refers to the web service, not the client jars.

cmuchinsky avatar Aug 03 '22 12:08 cmuchinsky

Maven Coordinates

<dependency>
   <groupId>org.jfrog.artifactory.client</groupId>
   <artifactId>artifactory-java-client-api</artifactId>
   <version>2.13.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4726
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.jfrog\.artifactory\.client/artifactory-java-client-api@.*$</packageUrl>
   <cpe>cpe:/a:jfrog:artifactory</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2789475113

github-actions[bot] avatar Aug 03 '22 12:08 github-actions[bot]

approved

aikebah avatar Sep 20 '22 20:09 aikebah

Suppress rule has been added to the generatedSuppressions branch.

github-actions[bot] avatar Sep 20 '22 20:09 github-actions[bot]