Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive on openws #2029

Closed
OrangeDog opened this issue Jun 27, 2019 · 0 comments
Closed

False Positive on openws #2029

OrangeDog opened this issue Jun 27, 2019 · 0 comments
Labels
FP Report
Milestone
5.1.1

Comments

@OrangeDog
Copy link

False positive on library openws-1.5.6.jar - reported as cpe:2.3:a:shibboleth:opensaml:1.5.6:*:*:*:*:*:*:* 

<dependency>
   <groupId>org.sample</groupId>
   <artifactId>foo</artifactId>
   <version>1.0</version>
</dependency>

New problem in 5.0.0. It should be (presumably) cpe:2.3:a:shibboleth:openws:1.5.6:*:*:*:*:*:*:* instead. This causes CVE-2013-6440 and others to be incorrectly reported.
@jeremylong jeremylong added this to the 5.1.1 milestone Jul 15, 2019
jeremylong added a commit that referenced this issue Jul 15, 2019
@jeremylong
updates per #1877, #2026, #2029, #2030, #2031, #2047, #2050, #2069, and
faefb19 
#2070
@lock lock bot locked and limited conversation to collaborators Aug 14, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FP Report
Projects
None yet
Milestone
5.1.1
Development

No branches or pull requests
2 participants
@OrangeDog @jeremylong