Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FP]: Oracle jrockit for CVE-2009-1006 #6881

Open
sadeesh89 opened this issue Aug 6, 2024 · 9 comments
Open

[FP]: Oracle jrockit for CVE-2009-1006 #6881

sadeesh89 opened this issue Aug 6, 2024 · 9 comments
Labels
FP Report pending more information

Comments

@sadeesh89
Copy link

sadeesh89 commented Aug 6, 2024
edited
Loading

Package URl

CPE

cpe:2.3:a:oracle:jrockit:1.8.0.371:::::::*

CVE

CVE-2009-1006

ODC Integration

None

ODC Version

10.0.2

Description

As per CVE, vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6.
We used JDK8.

Note : Package URL was missing in the OWASP scan result, since it is mandatory to provide a package URL to create a issue in GitHub so we provided it manually.
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 6, 2024

Error parsing package url: NA.

Error: Error: purl is missing the required "pkg" scheme component.

Please correct the package URL - consider copying the package url from the HTML report.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 6, 2024

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/10265037355

@aikebah
Copy link
Collaborator

aikebah commented Aug 7, 2024

@sadeesh89 package-url is something you cannot just make up. If package-url is not listed on the report you should simply omit it and describe how to reproduce your finding.

@github-actions GitHub Actions
Copy link
Contributor

Error parsing package url: .

Error: Error: Invalid purl: "type" is a required field.

Please correct the package URL - consider copying the package url from the HTML report.

@github-actions GitHub Actions
Copy link
Contributor

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/10487265871

@github-actions GitHub Actions
Copy link
Contributor

Error parsing package url: .

Error: Error: Invalid purl: "type" is a required field.

Please correct the package URL - consider copying the package url from the HTML report.

@github-actions GitHub Actions
Copy link
Contributor

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/10487298306

@github-actions GitHub Actions
Copy link
Contributor

Error parsing package url: .

Error: Error: Invalid purl: "type" is a required field.

Please correct the package URL - consider copying the package url from the HTML report.

@github-actions GitHub Actions
Copy link
Contributor

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/10487352333

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
FP Report pending more information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aikebah @sadeesh89