[FP]: CVE flagged for reporting the vulnerability on logback version in which it is already fixed. #7399
Comments
vinay871
changed the title
|
Error parsing package url: Package information not available in report.. Error: Error: Invalid purl: missing required "pkg" scheme component Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/13293041521 |
|
Error parsing package url: Package information not available in report.. Error: Error: Invalid purl: missing required "pkg" scheme component Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/13293047631 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
Package information not available in report.
CPE
cpe:2.3:a:qos:logback:1.0.15.53:::::::*
CVE
CVE-2017-5929
ODC Integration
{"label" => "Docker"}
ODC Version
7.1.0
Description
This vulnerability is reported on logback 3PP used in the apppliction. But this vulnerability is applicable on 3PP version <1.2.0. However the version of logback 3PP used in this context is 1.2.13.
The text was updated successfully, but these errors were encountered: