DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: logback-core-1.3.0.jar flagged with cpe:2.3:a:qos:logback:1.3.0:*:*:*:*:*:*:*

Open cmuchinsky opened this issue 2 years ago • 1 comments

Package URl

pkg:maven/ch.qos.logback/[email protected]

CPE

cpe:2.3:a:qos:logback:1.3.0:::::::*

CVE

CVE-2021-42550

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

7.1.2

Description

logback-core-1.3.0.jar flagged with cpe:2.3:a:qos:logback:1.3.0:::::::*

cmuchinsky avatar Aug 30 '22 02:08 cmuchinsky

Maven Coordinates

<dependency>
   <groupId>ch.qos.logback</groupId>
   <artifactId>logback-core</artifactId>
   <version>1.3.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4789
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback-core@.*$</packageUrl>
   <cpe>cpe:/a:qos:logback</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2953045388

github-actions[bot] avatar Aug 30 '22 02:08 github-actions[bot]

Is due to the know issue of not supporting the extended fields of the CPE, so that it gets matched with the alpha releases of 1.3.0

aikebah avatar Sep 20 '22 18:09 aikebah