[FP]: Keycloak-services for CVE-2021-3513 #6671
Comments
|
Error parsing package url: keycloak-6.0.1.zip: keycloak-common-6.0.1.jar. Error: Error: purl is missing the required "pkg" scheme component. Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/9111612593 |
|
Updated the package information |
|
Maven Coordinates <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-common</artifactId>
<version>6.0.1</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6671
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak-common@.*$</packageUrl>
<cpe>cpe:/a:keycloak:keycloak</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9111683497 |
|
similar to #6672 it is a sublibrary of the keycloak project and therefor linked by us to any vulnerability listed in NVD against the CPE. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/org.keycloak/keycloak-common@6.0.1
CPE
cpe:2.3:a:keycloak:keycloak:6.0.1:::::::, cpe:2.3:a:redhat:keycloak:6.0.1:::::::
CVE
CVE-2021-3513
ODC Integration
None
ODC Version
9.1.0
Description
Actual vulnerable component is keycloak-services-6.0.1.jar
The text was updated successfully, but these errors were encountered: