New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FP]: CVE-2022-2191 on wrong version range #4663
Comments
Error parsing package url: jetty-io-9.4.44.v20210927. Error: Error: purl is missing the required "pkg" scheme component. Please correct the package URL - consider copying the package url from the HTML report. |
Error parsing package url: jetty-io-9.4.44.v20210927. Error: Error: purl is missing the required "pkg" scheme component. Please correct the package URL - consider copying the package url from the HTML report. |
Will likely be resolved in the vulnerability sources once the advisory updates get processed by them. |
See prior comments about version range, and jetty managed advisory (the master database at github has not been updated yet):
Also, Jetty 9.4.x is now at End of Community Support, you are strongly encouraged to upgrade to Jetty 10+ as soon as possible. See: |
Thank you! Closed as upstream fix this false positive. |
Package URl
pkg:maven/org.eclipse.jetty/jetty-io@9.4.44.v20210927
CPE
Unknown
CVE
CVE-2022-2191
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
7.1.0
Description
It seems CVE-2022-2191 affects 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions. However, a failure is reported on 9.4.44.
The text was updated successfully, but these errors were encountered: