Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FP]: pkg:maven/com.azure.resourcemanager/[email protected] and CVE-2024-43591 #7280

Closed
dampcake opened this issue Jan 1, 2025 · 4 comments
Closed

[FP]: pkg:maven/com.azure.resourcemanager/[email protected] and CVE-2024-43591 #7280

dampcake opened this issue Jan 1, 2025 · 4 comments
Labels
FP Report maven changes to the maven plugin

Comments

@dampcake
Copy link

dampcake commented Jan 1, 2025

Package URl

pkg:maven/com.azure.resourcemanager/[email protected]

CPE

cpe:2.3:a:microsoft:azure_cli:2.31.0:*:*:*:*:*:*:*

CVE

CVE-2024-43591

ODC Integration

{"label"=>"Maven Plugin"}

ODC Version

10.0.4

Description

See #7066, #7110, #7124, #7215, and #7216 for this CVE being incorrectly matched against the java libraries.
@dampcake dampcake changed the title [FP]: [FP]: pkg:maven/com.azure.resourcemanager/[email protected] and CVE-2024-43591 Jan 1, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 1, 2025

Maven Coordinates

<dependency>
   <groupId>com.azure.resourcemanager</groupId>
   <artifactId>azure-resourcemanager-storage</artifactId>
   <version>2.31.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #7280
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.azure\.resourcemanager/azure-resourcemanager-storage@.*$</packageUrl>
   <cpe>cpe:/a:microsoft:azure_cli</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/12574452074

@github-actions github-actions bot added the maven changes to the maven plugin label Jan 1, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 1, 2025

Maven Coordinates

<dependency>
   <groupId>com.azure.resourcemanager</groupId>
   <artifactId>azure-resourcemanager-storage</artifactId>
   <version>2.31.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #7280
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.azure\.resourcemanager/azure-resourcemanager-storage@.*$</packageUrl>
   <cpe>cpe:/a:microsoft:azure_cli</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/12574454562

@chadlwilson
Copy link
Contributor

approved

We probably need to consolidate these into a more generic custom suppression as there are many, many libs that are part of the Azure SDK for Java :-(

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 2, 2025

Suppress rule has been added to the generatedSuppressions branch.

@github-actions github-actions bot closed this as completed Jan 2, 2025
github-actions bot added a commit that referenced this issue Jan 2, 2025
@github-actions
fix(fp): FP per issue #7280
7d03b82
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
FP Report maven changes to the maven plugin
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dampcake @chadlwilson