[FP]: CVE-2019-12401 org.codehaus.woodstox:wstx-asl:3.2.6 identified as vulnerable for Apache Solr #7212
Comments
|
Maven Coordinates <dependency>
<groupId>org.codehaus.woodstox</groupId>
<artifactId>wstx-asl</artifactId>
<version>3.2.6</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #7212
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.woodstox/wstx-asl@.*$</packageUrl>
<cpe>cpe:/a:org.codehaus.woodstox:wstx-asl</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/12142917822 |
|
Maven Coordinates <dependency>
<groupId>org.codehaus.woodstox</groupId>
<artifactId>wstx-asl</artifactId>
<version>3.2.6</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #7212
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.woodstox/wstx-asl@.*$</packageUrl>
<cpe>cpe:/a:org.codehaus.woodstox:wstx-asl</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/12142974232 |
|
Not a false positive, it's not identified as Apache SOLR, but OSSINDEX has listed the library as subject to the vulnerability. Whether or not that would be correct is something to take up with the folks over at OSSINDEX. ODC correctly reports that OSSINDEX links the CVE also to this library |
aikebah
added
won't fix
ossindex
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/org.codehaus.woodstox/wstx-asl@3.2.6
CPE
cpe:2.3:a:org.codehaus.woodstox:wstx-asl:3.2.6:::::::*
CVE
CVE-2019-12401
ODC Integration
{"label"=>"Gradle Plugin"}
ODC Version
10.0.3
Description
In our project wstx-asl is transitive from https://mvnrepository.com/artifact/org.apache.abdera/abdera-parser/1.1.3
The text was updated successfully, but these errors were encountered: