DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: False Positive for Microsoft.AspNetCore.Mvc.Testing.Tasks.dll

Open a20nitin opened this issue 1 year ago • 3 comments

Package URl

pkg:generic/[email protected]

CPE

cpe:2.3:a:asp-project:asp-project:6.0.6:::::::*

CVE

CVE-2022-39349

ODC Integration

None

ODC Version

9.0.7

Description

This vulnerability as per description is for Tasks.org Android app but we are using this package in our .NET Web project. So, this vulnerability looks irrelevant for our case. So, package Microsoft.AspNetCore.Mvc.Testing.Tasks should not show any vulnerability for .NET Web project of ours.

CVE-2020-22475 for same packages is also similar case of android application vulnerability which seems to be false positive for our case, so should not get reflected as vulnerability for our project. image

a20nitin avatar Jan 19 '24 06:01 a20nitin

Is there any update on above mentioned false positive? @jeremylong @aikebah

a20nitin avatar Feb 02 '24 11:02 a20nitin

@jeremylong @aikebah any update on this false positive ticket??

Akash-2001-git avatar Feb 06 '24 08:02 Akash-2001-git

Hi @aikebah @jeremylong, this false positive is also causing the issue. If you can help with this one also quickly, it will be a great help. Please let us know the update. Thanks!!

HarshalSuple avatar Feb 06 '24 09:02 HarshalSuple