DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: Serilog.Sinks.Async

Open Akash-2001-git opened this issue 1 year ago • 1 comments

Package URl

pkg:generic/[email protected]

CPE

cpe:2.3🅰️async_project:async:1.5.0:::::::*

CVE

CVE-2021-43138

ODC Integration

None

ODC Version

8.3.1

Description

Vulnerability in https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264 is reported for package "Serilog.Sinks.Async". Source : https://github.com/serilog/serilog-sinks-async image

It should refer the package from the source repository but instead of that it is referring from https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264. Hence showing the "Serilog.Sinks.Async" package as vulnerable.

Earlier we created this issue but wrong package URI got suppressed. Please refer this comment : https://github.com/jeremylong/DependencyCheck/issues/6056#issuecomment-1827150307

Akash-2001-git avatar Dec 05 '23 05:12 Akash-2001-git

@jeremylong : Hi, any update on this issue?

HarshalSuple avatar Jan 19 '24 05:01 HarshalSuple

@jeremylong @aikebah any update on this false positive ticket??

Akash-2001-git avatar Feb 06 '24 08:02 Akash-2001-git