Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect CPE classification for quartz-scheduler #2776

Closed
Rob-Conan opened this issue Aug 27, 2020 · 1 comment
Closed

Incorrect CPE classification for quartz-scheduler #2776

Rob-Conan opened this issue Aug 27, 2020 · 1 comment
Labels
bug
Milestone
6.0.0

Comments

@Rob-Conan
Copy link

Describe the bug
Dependency Check when scanning pkg:maven/org.quartz-scheduler/quartz@1.8.4 fails to successfully generate the CPE required to match against the NVD

Version of dependency-check used
CLI and version used: 5.3.2

Log file
Scan results for this module: https://gist.github.com/Rob-Conan/3f04d98fe9b1140c493434277b95fde3

To Reproduce
When scanning the above module the evidence collected does not provide the information capable of generating the correct CPE to match against the NVD.
The issue itself was fixed in v2.3.2 as per this thread: quartz-scheduler/quartz#467

Expected behavior
Return the correct CPE and CVE finds https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3A%2Fa%3Asoftwareag%3Aquartz%3A1.8.4
@Rob-Conan Rob-Conan added the bug label Aug 27, 2020
@jeremylong jeremylong added this to the 6.0.0 milestone Sep 3, 2020
jeremylong added a commit that referenced this issue Sep 3, 2020
@jeremylong
resolve FN #2776
61f6866
@jeremylong
Copy link
Owner

The fix will be included in the 6.0.0 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
6.0.0
Development

No branches or pull requests
2 participants
@jeremylong @Rob-Conan