You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I scroll down to jetty-servlets-9.4.8.v20171121.jar in the dependenct list, the following CPEs are identified for jetty-servlets-9.4.8.v20171121.jar.
Thus, vulnerabilities exist for my (transitive) dependencies but the produced report is empty of vulnerabilities.
Bug? General or specific to jetty? Is it a problem with CPE 2.2 vs 2.3? Or XML/JSON format?
How can we proceed to get a true positive on jetty-servlets-9.4.8.v20171121.jar
Hello,
I'm running the following test gradle project and think I have a false negative on Jetty via Dropwizard. (related to #1512 ???):
In the HTML vulnerability report I get
If I scroll down to jetty-servlets-9.4.8.v20171121.jar in the dependenct list, the following CPEs are identified for jetty-servlets-9.4.8.v20171121.jar.
If I search the first CPE on https://nvd.nist.gov/vuln/search resulting in:
Thus, vulnerabilities exist for my (transitive) dependencies but the produced report is empty of vulnerabilities.
Bug? General or specific to jetty? Is it a problem with CPE 2.2 vs 2.3? Or XML/JSON format?
How can we proceed to get a true positive on jetty-servlets-9.4.8.v20171121.jar
gradle clean check dependencyCheckAnalyze -info -debug > check_issue.log in https://gist.github.com/andyswe/48b4a4934ae780c2a21cc026bc1df585
Best regards, Andreas
Details on jetty-servlets-9.4.8.v20171121.jar in the report:
The text was updated successfully, but these errors were encountered: