[FP]: False positive for CVE-2018-8088 in Java17 on jar rename #7008
Comments
|
Error parsing package url: Empty. Error: Error: Invalid purl: missing required "pkg" scheme component Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/11179658622 |
|
Error parsing package url: Empty. Error: Error: Invalid purl: missing required "pkg" scheme component Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/11179802954 |
|
own custom built jars are subject to own written suppression rules. Especially the CLI is easily subject to such false positives due to How DependencyCheck works |
Package URl
Empty
CPE
cpe:2.3:a:oracle:utilities_framework::::::::
CVE
CVE-2018-8088
ODC Integration
None
ODC Version
10.0.2
Description
I see multiple vulnerabilities in java17 version when artifact id in pom is not same as jar name. Above CVE are reported on java 17 version of jar. No issue is found in java 8 version of same jar. Issue is reported on own custom built jar.
The text was updated successfully, but these errors were encountered: