DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: Undertow-core CVE-2022-2053 reported after fix in 2.2.19.Final

Open gthazmatt opened this issue 2 years ago • 3 comments

Package URl

pkg:maven/io.undertow/[email protected]

CPE

cpe:2.3:a:io.undertow:undertow-core:2.2.19.Final:*:*:*:*:*:*:*

CVE

CVE-2022-2053

ODC Integration

{"label"=>"Maven Plugin"}

ODC Version

7.1.1

Description

From the report: "This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2."

gthazmatt avatar Aug 17 '22 16:08 gthazmatt

Maven Coordinates

<dependency>
   <groupId>io.undertow</groupId>
   <artifactId>undertow-core</artifactId>
   <version>2.2.19.Final</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4758
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/io\.undertow/undertow-core@.*$</packageUrl>
   <cpe>cpe:/a:io.undertow:undertow-core</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2876753176

github-actions[bot] avatar Aug 17 '22 16:08 github-actions[bot]

Maven Coordinates

<dependency>
   <groupId>io.undertow</groupId>
   <artifactId>undertow-core</artifactId>
   <version>2.2.19.Final</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4758
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/io\.undertow/undertow-core@.*$</packageUrl>
   <cpe>cpe:/a:io.undertow:undertow-core</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2884784727

github-actions[bot] avatar Aug 18 '22 19:08 github-actions[bot]

Reported upstream as https://github.com/OSSIndex/vulns/issues/321

aikebah avatar Aug 18 '22 19:08 aikebah

This has been resolved by an update to the upstream vulnerability source

aikebah avatar Jan 12 '23 18:01 aikebah