False-Positive: Receiving findings for [email protected] #353
Labels
false-positive
A wrongly identified vulnerability
Comments
|
I am confused. It says no oss vulnerabilities in the screenshot. Is the bug that jsonlines report is incorrect? |
|
You are correct @prabhu , I checked the html output and did not find this entry there. |
|
We have removed the jsonlines reporting format in v6. Will think of a way to bring back some kind of json export for such direct purl queries. |
|
Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
PURL of wrongly matched component
pkg:npm/[email protected]
Depscan findings
Receiving {"id": "CVE-2019-1010266", "package": "npm:lodash", "purl": "pkg:npm/[email protected]", "package_type": "npm", "package_usage": "required", "version": "4.17.21", "fix_version": "4.17.11", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "# Regular Expression Denial of Service (ReDoS) in lodash\nlodash prior to 4.7.11 is affected by: CWE 400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.\nUpgrade to version 4.17.11 or later", "related_urls": [], "occurrence_count": 2192, "reachable_flows": 537}
Output:
The text was updated successfully, but these errors were encountered: