[FP]: False positive for lucene-codecs on CVE-2024-45772 #7048

jubui · 2024-10-15T11:55:09Z

Package URl

pkg:maven/org.apache.lucene/[email protected]

CPE

cpe:2.3:a:apache:lucene:9.10.0: *:*:*:*:*:*:*

CVE

CVE-2024-45772

ODC Integration

None

ODC Version

10.0.3

Description

This applies to all lucene-codec versions, because the reported CVE is against lucene-replicator

The text was updated successfully, but these errors were encountered:

github-actions · 2024-10-15T11:56:42Z

Maven Coordinates

<dependency>
   <groupId>org.apache.lucene</groupId>
   <artifactId>lucene-codecs</artifactId>
   <version>9.10.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #7048
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.apache\.lucene/lucene-codecs@.*$</packageUrl>
   <cpe>cpe:/a:apache:lucene</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/11345495664

aikebah · 2024-10-16T17:23:04Z

See #7049 (comment)

jubui added the FP Report label Oct 15, 2024

github-actions bot added the maven changes to the maven plugin label Oct 15, 2024

aikebah added the won't fix label Oct 16, 2024

aikebah closed this as not planned Won't fix, can't repro, duplicate, stale Oct 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FP]: False positive for lucene-codecs on CVE-2024-45772 #7048

[FP]: False positive for lucene-codecs on CVE-2024-45772 #7048

jubui commented Oct 15, 2024

github-actions bot commented Oct 15, 2024

aikebah commented Oct 16, 2024

[FP]: False positive for lucene-codecs on CVE-2024-45772 #7048

[FP]: False positive for lucene-codecs on CVE-2024-45772 #7048

Comments

jubui commented Oct 15, 2024

Package URl

CPE

CVE

ODC Integration

ODC Version

Description

github-actions bot commented Oct 15, 2024

aikebah commented Oct 16, 2024