We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkg:maven/org.springframework.boot/[email protected]
cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*
CVE-2023-34055
{"label"=>"Gradle Plugin"}
9.0.4
All other spring-boot-* packages are also detected by OWASP DC as affected by this vulnerability.
spring-boot-*
In OSS Index for some reason this vulnerability was attributed to spring-boot-actuator and not spring-boot:
spring-boot-actuator
spring-boot
In other places it is attributed to spring-boot only:
However, it definitely should not be attributed to all spring-boot-* packages.
The text was updated successfully, but these errors were encountered:
Maven Coordinates
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> <version>3.1.5</version> </dependency>
Suppression rule:
<suppress base="true"> <notes><![CDATA[ FP per issue #6268 ]]></notes> <packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring-boot-starter-web@.*$</packageUrl> <cpe>cpe:/a:vmware:spring_boot</cpe> </suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7146868876
Sorry, something went wrong.
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/7147931473
No branches or pull requests
Package URl
pkg:maven/org.springframework.boot/[email protected]
CPE
cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*
CVE
CVE-2023-34055
ODC Integration
{"label"=>"Gradle Plugin"}
ODC Version
9.0.4
Description
Additional information 1
All other
spring-boot-*
packages are also detected by OWASP DC as affected by this vulnerability.Additional information 2
In OSS Index for some reason this vulnerability was attributed to
spring-boot-actuator
and notspring-boot
:In other places it is attributed to
spring-boot
only:However, it definitely should not be attributed to all
spring-boot-*
packages.The text was updated successfully, but these errors were encountered: