DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard
verified publisher icon jeremylong

[FP]: prometheus-metrics-* packages are identified as prometheus server (CVE-2019-3826)

Open aggeboe opened this issue 1 year ago • 9 comments

Package URl

pkg:maven/io.prometheus/[email protected]

CPE

cpe:2.3:a:prometheus:prometheus:1.2.1:::::::*

CVE

CVE-2019-3826

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

8.4.3

Description

prometheus-metrics-config-1.2.1.jar (pkg:maven/io.prometheus/[email protected], cpe:2.3:a:prometheus:prometheus:1.2.1:::::::) : CVE-2019-3826 prometheus-metrics-core-1.2.1.jar (pkg:maven/io.prometheus/[email protected], cpe:2.3:a:prometheus:prometheus:1.2.1:::::::) : CVE-2019-3826 prometheus-metrics-exposition-formats-1.2.1.jar (pkg:maven/io.prometheus/[email protected], cpe:2.3:a:prometheus:prometheus:1.2.1:::::::) : CVE-2019-3826 prometheus-metrics-model-1.2.1.jar (pkg:maven/io.prometheus/[email protected], cpe:2.3:a:prometheus:prometheus:1.2.1:::::::) : CVE-2019-3826 prometheus-metrics-shaded-protobuf-1.2.1.jar (pkg:maven/io.prometheus/[email protected], cpe:2.3:a:prometheus:prometheus:1.2.1:::::::, cpe:2.3:a:protobuf:protobuf:1.2.1:::::::) : CVE-2019-3826 prometheus-metrics-tracer-common-1.2.1.jar (pkg:maven/io.prometheus/[email protected], cpe:2.3:a:prometheus:prometheus:1.2.1:::::::*) : CVE-2019-3826

aggeboe avatar May 24 '24 10:05 aggeboe