New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
false positive on java imageio with 4.0.1 #1613
Labels
Comments
This is discussed in #1580 |
Reopening, it still happens with 4.0.1. |
THausherr
changed the title
false positive on java imageio
false positive on java imageio with 4.0.1
Dec 18, 2018
jeremylong
added a commit
that referenced
this issue
Dec 20, 2018
I apologize for closing this one by mistake - the suppression rule will be included in the next release. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This happens when using 4.0.1, not when using 3.3.4:
jai-imageio-core-1.4.0.jar (cpe:/a:git:git:1.4.0, cpe:/a:git_project:git:1.4.0, com.github.jai-imageio:jai-imageio-core:1.4.0) : CVE-2015-7082, CVE-2017-14867, CVE-2010-2542, CVE-2008-5516, CVE-2010-3906, CVE-2015-7545, CVE-2013-0308, CVE-2014-9938
jai-imageio-jpeg2000-1.3.1-SNAPSHOT.jar (com.github.jai-imageio:jai-imageio-jpeg2000:1.3.1-SNAPSHOT, cpe:/a:git:git:1.3.1, cpe:/a:git_project:git:1.3.1) : CVE-2015-7082, CVE-2017-14867, CVE-2010-2542, CVE-2008-5516, CVE-2010-3906, CVE-2015-7545, CVE-2013-0308, CVE-2014-9938
The first two CVEs deal with git, so it has nothing to do with it.
The second jar is a snapshot, but it is mostly identical to the release.
The text was updated successfully, but these errors were encountered: