-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FP]: False positive for CVE-2018-8088 in Java17 on jar rename #7008
Comments
Error parsing package url: Empty. Error: Error: Invalid purl: missing required "pkg" scheme component Please correct the package URL - consider copying the package url from the HTML report. |
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/11179658622 |
Error parsing package url: Empty. Error: Error: Invalid purl: missing required "pkg" scheme component Please correct the package URL - consider copying the package url from the HTML report. |
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/11179802954 |
own custom built jars are subject to own written suppression rules. Especially the CLI is easily subject to such false positives due to How DependencyCheck works |
Package URl
Empty
CPE
cpe:2.3:a:oracle:utilities_framework::::::::
CVE
CVE-2018-8088
ODC Integration
None
ODC Version
10.0.2
Description
I see multiple vulnerabilities in java17 version when artifact id in pom is not same as jar name. Above CVE are reported on java 17 version of jar. No issue is found in java 8 version of same jar. Issue is reported on own custom built jar.
The text was updated successfully, but these errors were encountered: