[FP]: Azure identity SDK for Java, CVE-2023-36415 #7320
Comments
|
Error parsing package url: https://mvnrepository.com/artifact/com.azure/azure-identity/1.15.0. Error: Error: Invalid purl: missing required "pkg" scheme component Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/12809232863 |
github-actions
bot
added
pending more information
and removed
pending more information
labels
|
Maven Coordinates <dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.14.2</version>
</dependency>Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #7320
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.azure/azure-identity@.*$</packageUrl>
<cpe>cpe:/a:microsoft:azure_identity_sdk</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/12811253846 |
|
Duplicate of #5992 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/com.azure/[email protected]
CPE
cpe:2.3:a:microsoft:azure_identity_sdk::::::java::*
CVE
CVE-2023-36415
ODC Integration
None
ODC Version
12.0.0
Description
The CVE states for Java that the vulnerability is in till "Up to (excluding) 1.10.2". But it's stil found in 1.15.0.
Could you please verify.
The text was updated successfully, but these errors were encountered: