[FP]: express:4.21.2 | CVE-2024-10491 #7266
Comments
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/12426648292 |
|
Npm Coordinates npm -i [email protected]Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #7266
]]></notes>
<packageUrl regex="true">^pkg:npm/express@.*$</packageUrl>
<cpe>cpe:/a:N/AC:L/PR</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/12446634008 |
aikebah
added
ossindex
|
Npm Coordinates npm -i [email protected]Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #7266
]]></notes>
<packageUrl regex="true">^pkg:npm/express@.*$</packageUrl>
<cpe>cpe:/a:N/AC:L/PR</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/12446653426 |
|
The (OSSINDEX) behind the CVE indicates that this vuln was sourced from the Sonatype OSSINDEX. You'd have to raise it with them as they list it as affected for this exact version as you can see on https://ossindex.sonatype.org/component/pkg:npm/[email protected] upon sign-in |
|
Closing as 'won't fix'. This issue must be seen with the ossindex team. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:npm/[email protected]
CPE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE
CVE-2024-10491
ODC Integration
{"label"=>"CLI"}
ODC Version
11.1.1
Description
The vulnerability applies to versions up to and including 3.21.2.
https://ogma.in/cve-2024-10491-mitigating-vulnerability-in-express-response-links
The text was updated successfully, but these errors were encountered: