[FP]: CVE-2022-25914 for jib-build-plan #6679
Comments
|
Maven Coordinates <dependency>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-build-plan</artifactId>
<version>0.4.0</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6679
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.cloud\.tools/jib-build-plan@.*$</packageUrl>
<cpe>cpe:/a:jib_project:jib</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9169822973 |
|
Jib Build plan is versioned independently of the main jib project, so this is a legit FP. Approved. |
|
Suppress rule has been added to the |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Package URl
pkg:maven/com.google.cloud.tools/[email protected]
CPE
cpe:2.3:a:jib_project:jib:0.4.0:::::::*
CVE
CVE-2022-25914
ODC Integration
None
ODC Version
9.0.5
Description
According to the CVE the vulnerability is in "com.google.cloud.tools:jib-core before 0.22.0". However, the matched maven package is jib-build-plan in version 0.4.0 (which is already the newest).
The text was updated successfully, but these errors were encountered: