Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive on batik-i18n #3350

Closed
dr0ps opened this issue May 4, 2021 · 2 comments
Closed

False Positive on batik-i18n #3350

dr0ps opened this issue May 4, 2021 · 2 comments
Labels
FP Report
Milestone
6.2.0

Comments

@dr0ps
Copy link

dr0ps commented May 4, 2021

False positive on library batik-i18n.jar - reported as cpe:2.3:a:i18n_project:i18n::::::asp.net::*

<dependency>
    <groupId>org.apache.xmlgraphics</groupId>
    <artifactId>batik-i18n</artifactId>
    <version>1.14</version>
</dependency>

The issue is in turquoiseowl/i18n#387 and not in batik-i18n
@dr0ps dr0ps added the FP Report label May 4, 2021
@kwwall
Copy link

kwwall commented May 6, 2021

I just got this for ESAPI as well using 6.1.6 version of Dependency Check. Seems like maybe the entire CPE should be used for the matching criteria. The 'asp.net::*' at the end seems like a dead give away that it should apply to Java and if one looks at the details of CVE-2020-7791, the current description references two C# source files which also confirms this is an FP.

@jellisgwn
Copy link
Contributor

Will attempt to provide a PR to exclude this tomorrow.

jellisgwn added a commit to jellisgwn/DependencyCheck that referenced this issue May 11, 2021
@jellisgwn
FP on org.apache.xmlgraphics:batik-i18n jeremylong#3350
1c523e4
@jellisgwn jellisgwn mentioned this issue May 11, 2021
Merged
jeremylong added a commit that referenced this issue May 14, 2021
@jeremylong
Merge pull request #3369 from jellisgwn/batik-i18n-FP3350
660bb44 
FP on org.apache.xmlgraphics:batik-i18n #3350
@jeremylong jeremylong added this to the 6.2.0 milestone May 14, 2021
@mprins mprins mentioned this issue May 18, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
FP Report
Projects
None yet
Milestone
6.2.0
Development

No branches or pull requests
4 participants
@jeremylong @kwwall @jellisgwn @dr0ps