DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: r2dbc-postgresql reported as `cpe:2.3:a:postgresql:postgresql:0.9.1:release:*:*:*:*:*:*`

Open chadlwilson opened this issue 3 years ago • 1 comments
trafficstars

Package URl

pkg:maven/org.postgresql/[email protected]

CPE

cpe:2.3:a:postgresql:postgresql:0.9.1:release:*:*:*:*:*:*

CVE

No response

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

7.1.1

Description

r2dbc-postgresql is the R2DBC driver for postgres and is completely different to postgresql itself.

chadlwilson avatar Aug 15 '22 10:08 chadlwilson

Maven Coordinates

<dependency>
   <groupId>org.postgresql</groupId>
   <artifactId>r2dbc-postgresql</artifactId>
   <version>0.9.1.RELEASE</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4755
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.postgresql/r2dbc-postgresql@.*$</packageUrl>
   <cpe>cpe:/a:postgresql:postgresql</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2860147552

github-actions[bot] avatar Aug 15 '22 10:08 github-actions[bot]

approved

aikebah avatar Sep 20 '22 19:09 aikebah

Suppress rule has been added to the generatedSuppressions branch.

github-actions[bot] avatar Sep 20 '22 19:09 github-actions[bot]