DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: logback-classic-1.3.0.jar flagged with cpe:2.3:a:qos:slf4j:1.3.0:*:*:*:*:*:*:*

Open cmuchinsky opened this issue 2 years ago • 1 comments

Package URl

pkg:maven/ch.qos.logback/[email protected]

CPE

cpe:2.3:a:qos:slf4j:1.3.0:::::::*

CVE

CVE-2018-8088

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

7.1.2

Description

logback-classic-1.3.0.jar flagged with cpe:2.3:a:qos:slf4j:1.3.0:::::::*

cmuchinsky avatar Aug 30 '22 02:08 cmuchinsky

Maven Coordinates

<dependency>
   <groupId>ch.qos.logback</groupId>
   <artifactId>logback-classic</artifactId>
   <version>1.3.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4790
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback-classic@.*$</packageUrl>
   <cpe>cpe:/a:qos:slf4j</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2953072964

github-actions[bot] avatar Aug 30 '22 02:08 github-actions[bot]

approved

aikebah avatar Sep 20 '22 18:09 aikebah

Suppress rule has been added to the generatedSuppressions branch.

github-actions[bot] avatar Sep 20 '22 18:09 github-actions[bot]