Comments (8)
Error parsing package url: maven/commons-configuration/[email protected].
Error: Error: purl is missing the required "pkg" scheme component.
Please correct the package URL - consider copying the package url from the HTML report.
from dependencycheck.
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9069037587
from dependencycheck.
Error parsing package url: maven/commons-configuration/[email protected].
Error: Error: purl is missing the required "pkg" scheme component.
Please correct the package URL - consider copying the package url from the HTML report.
from dependencycheck.
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9069069891
from dependencycheck.
Maven Coordinates
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>1.10</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6665
]]></notes>
<packageUrl regex="true">^pkg:maven/commons-configuration/commons-configuration@.*$</packageUrl>
<cpe>cpe:/a:apache:commons_configuration</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9069073455
from dependencycheck.
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9069076873
from dependencycheck.
Maven Coordinates
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>1.10</version>
</dependency>
Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #6665
]]></notes>
<packageUrl regex="true">^pkg:maven/commons-configuration/commons-configuration@.*$</packageUrl>
<cpe>cpe:/a:apache:commons_configuration</cpe>
</suppress>
Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9069075213
from dependencycheck.
duplicate of #6555
The OSSINDEX indicates that the library is vulnerable, we just report their assessment. Whether that assessment is correct or not is something to raise with them.
from dependencycheck.
Related Issues (20)
- [FP]: io.micrometer:micrometer-tracing-bridge-brave 1.3.0 (and other): CVE-2023-28360 (and other) HOT 3
- [FP]: brave-propagation-tracecontext 0.2.0 (and other): CVE-2023-28360 (and other) HOT 3
- CVEs found in dependency check 9.2.0 HOT 1
- [FP]: commons-configuration 1.10 jar flagged for 2 CVEs only applicable to version 2.x HOT 3
- [FP]: prometheus-metrics-model considered for CVE-2020-36460 HOT 3
- [FP]: CVE-2022-3171 on protobuf-java 3.25.3 HOT 3
- How to supply NVD API key when using docker HOT 1
- [FP]: CVE-2017-17762 on EPiServer.CMS.TinyMce HOT 1
- [FP]: CVE-2017-17762 on EPiServer.CloudPlatform.Cms:1.6.1 HOT 1
- [FP]: CVE-2017-17762 on EPiServer.Forms:5.8.2 HOT 1
- [FP]: keycloak-pax-web-undertow-18.0.2 mapped to CVE-2023-6563 and CVE-2023-6291 HOT 4
- Scanning Malware .exe file HOT 3
- JSON Format Schema HOT 1
- [FP]: [email protected] HOT 4
- [FP]: [email protected] HOT 6
- OWASP Depedency Checker support for both C and C++ codebase HOT 1
- [FP]: spring-boot-jarmode-tools incorrectly identified as vmware:tools HOT 3
- Cannot report related dependencies at a time HOT 2
- Recategorise CVSS Score with Environmental Score HOT 1
- org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports due to blank lines in requirements.txt HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependencycheck.