[FP]: sketch for CVE-2021-40531 #6901

githubuserVenkat · 2024-08-16T07:51:18Z

Package URl

pkg:maven/com.yahoo.datasketches/[email protected]

CPE

cpe:2.3:a:sketch:sketch:0.13.4:::::::*

CVE

CVE-2021-40531

ODC Integration

None

ODC Version

10.0.3

Description

Actual vulnerable is reported on Sketch before 75,however OWASP has reported CVE from sketches-core v0.13.4

github-actions · 2024-08-16T07:52:02Z

Maven Coordinates

<dependency>
   <groupId>com.yahoo.datasketches</groupId>
   <artifactId>sketches-core</artifactId>
   <version>0.13.4</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6901
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.yahoo\.datasketches/sketches-core@.*$</packageUrl>
   <cpe>cpe:/a:sketch:sketch</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/10416592806

aikebah · 2024-08-24T11:18:47Z

approved

github-actions · 2024-08-24T11:19:03Z

Suppress rule has been added to the generatedSuppressions branch.

githubuserVenkat added the FP Report label Aug 16, 2024

github-actions bot added the maven changes to the maven plugin label Aug 16, 2024

github-actions bot closed this as completed Aug 24, 2024

github-actions bot added a commit that referenced this issue Aug 24, 2024

fix(fp): FP per issue #6901

2d45ff9

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FP]: sketch for CVE-2021-40531 #6901

[FP]: sketch for CVE-2021-40531 #6901

githubuserVenkat commented Aug 16, 2024

github-actions bot commented Aug 16, 2024

aikebah commented Aug 24, 2024

github-actions bot commented Aug 24, 2024

[FP]: sketch for CVE-2021-40531 #6901

[FP]: sketch for CVE-2021-40531 #6901

Comments

githubuserVenkat commented Aug 16, 2024

Package URl

CPE

CVE

ODC Integration

ODC Version

Description

github-actions bot commented Aug 16, 2024

aikebah commented Aug 24, 2024

github-actions bot commented Aug 24, 2024