You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per NVD, Spring Framework version 5.0.5 with combination of any Spring Security version is vulnerable to this CVE, but we use Spring Framework version 5.3.24 which is not vulnerable.
Note : Package URL was missing in the OWASP scan result, since it is mandatory to provide a package URL to create a issue in GitHub
The text was updated successfully, but these errors were encountered:
Thank you for raising this issue. This is due to a limitation in DependencyCheck already raised in #1827, the tool does not use the AND capabilities provided by NVD. I am going to close this issue as a duplicate. If you wish to participate into adding this feature, feel welcome! In the meantime, you can use a custom exclusion rule for this CVE in your project if you do not want to have it being raised by DependencyCheck.
Package URl
pkg:maven/org.springframework/spring-framework@5.3.24
CPE
cpe:2.3:a:pivotal_software:spring_security:5.7.6:::::::*
CVE
CVE-2018-1258
ODC Integration
None
ODC Version
9.1.0
Description
As per NVD, Spring Framework version 5.0.5 with combination of any Spring Security version is vulnerable to this CVE, but we use Spring Framework version 5.3.24 which is not vulnerable.
Note : Package URL was missing in the OWASP scan result, since it is mandatory to provide a package URL to create a issue in GitHub
The text was updated successfully, but these errors were encountered: