[FP]: spring-boot-starter-web 3.1.5: CVE-2023-34055 #6268
Comments
|
Maven Coordinates <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>3.1.5</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6268
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring-boot-starter-web@.*$</packageUrl>
<cpe>cpe:/a:vmware:spring_boot</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7146868876 |
|
Maven Coordinates <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>3.1.5</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6268
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring-boot-starter-web@.*$</packageUrl>
<cpe>cpe:/a:vmware:spring_boot</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7147931473 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/org.springframework.boot/[email protected]
CPE
cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*CVE
CVE-2023-34055
ODC Integration
{"label"=>"Gradle Plugin"}
ODC Version
9.0.4
Description
Additional information 1
All other
spring-boot-*packages are also detected by OWASP DC as affected by this vulnerability.Additional information 2
In OSS Index for some reason this vulnerability was attributed to
spring-boot-actuatorand notspring-boot:In other places it is attributed to
spring-bootonly:However, it definitely should not be attributed to all
spring-boot-*packages.The text was updated successfully, but these errors were encountered: