[FP]: togglz-mongodb-4.4.0.jar is mixed up with mongodb-4.4.0.jar #6640
Comments
|
Error parsing package url: ^pkg:maven/org.togglz/togglz-mongodb@.*$. Error: Error: purl is missing the required "pkg" scheme component. Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/8936942055 |
|
Error parsing package url: ^pkg:maven/org.togglz/togglz-mongodb@.*$. Error: Error: purl is missing the required "pkg" scheme component. Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/8936950841 |
j-ferreira
changed the title
|
Error parsing package url: ^pkg:maven/org.togglz/togglz-mongodb@.*$. Error: Error: purl is missing the required "pkg" scheme component. Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/8936961988 |
|
Error parsing package url: pkg:maven/org.togglz/togglz-mongodb@.*$. Error: Error: Invalid purl: version must be percent-encoded Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/8937048199 |
|
Error parsing package url: pkg:maven/org.togglz/togglz-mongodb@.*$. Error: Error: Invalid purl: version must be percent-encoded Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/8937158860 |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9000315585 |
|
Maven Coordinates <dependency>
<groupId>org.togglz</groupId>
<artifactId>togglz-mongodb</artifactId>
<version>4.4.0</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6640
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.togglz/togglz-mongodb@.*$</packageUrl>
<cpe>cpe:/a:mongodb:mongodb</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9001817673 |
|
approved |
|
Suppress rule has been added to the |
Package URl
pkg:maven/org.togglz/[email protected]
CPE
cpe:2.3:a:mongodb:mongodb:4.4.0:::::::*
CVE
CVE-2020-7925 CVE-2021-32040 CVE-2023-1409 CVE-2021-32036 CVE-2019-2392 CVE-2020-7926 CVE-2020-7928 CVE-2021-20326 CVE-2021-20330 CVE-2014-8180
ODC Integration
{"label"=>"Maven Plugin"}
ODC Version
9.1.0
Description
We are using tooglz in Version 4.4. with MongoDB. It seems that the dependency togglz-mongodb-4.4.0.jar is mixed up with mongodb-4.4.0.jar
The text was updated successfully, but these errors were encountered: