[FP]: CVE-2016-8735 on JSP Standard Tag Library (JSTL). #6765
Labels
Comments
|
Maven Coordinates <dependency>
<groupId>org.apache.taglibs</groupId>
<artifactId>taglibs-standard-impl</artifactId>
<version>1.2.5</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6765
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.taglibs/taglibs-standard-impl@.*$</packageUrl>
<cpe>cpe:/a:apache:tomcat</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9757161612 |
|
False positive is not reproducible in maven |
|
also with the docker image |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Package URl
pkg:maven/org.apache.taglibs/[email protected]
CPE
cpe:2.3:a:apache:tomcat:::::::: versions up to (excluding) 6.0.48
CVE
CVE-2016-8735
ODC Integration
{"label"=>"Docker"}
ODC Version
9.2.0
Description
Since the cpe where updated on 6/27/2024 3:23:35 PM (see: https://nvd.nist.gov/vuln/detail/CVE-2016-8735#VulnChangeHistorySection), we have encountered false positives with Apache Tomcat versions 9.0.90 and 10.1.25.
Can you please check this quickly?
The text was updated successfully, but these errors were encountered: