[FP]: False positives on spring ai library #7359
Labels
Comments
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/13026362184 |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/13026385368 |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/13026398731 |
|
Raised #7368 to fix the automation here, then we can re-run this as the FP looks valid. |
|
@pturczyk can you please make a dummy edit to the description? The automation should work this time. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/org.springframework.ai/[email protected]
CPE
cpe:2.3:a:vmware:spring_boot:1.0.0:m5::::::
CVE
CVE-2017-8046
ODC Integration
{"label" => "Maven Plugin"}
ODC Version
12.0.1
Description
Numerous false-positive vulnerabilities (CVE-2017-8046, CVE-2021-26987, CVE-2023-20873, CVE-2022-27772, CVE-2023-20883, CVE-2018-1196) have been reported for the relatively new Spring project
org.springframework.ai:spring-ai-spring-boot-autoconfiguredue to an incorrect CPE: cpe:2.3:a:vmware:spring_boot:1.0.0:m5::::::.”The text was updated successfully, but these errors were encountered: