[PLUTO-802] Dependabot identifies false positive CVE-2021-26291 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.1
Fix Version/s: 3.1.2
Component/s: build system
Labels:
None

Description

Dependabot has falsely identified CVE-2021-26291 as a security vulnerability due to a build system property named maven.version due to usage of the following dependency:

<dependency>
    <groupId>org.apache.maven</groupId>
    <artifactId>maven-core</artifactId>
    <version>2.0.5</version>
</dependency>

However, at the time of this writing, Maven Central does not list any vulnerabilities for this version.

Attachments

Activity

People

Assignee:: Neil Griffin

Reporter:: Neil Griffin

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Dec/23 22:43

Updated:: 08/Dec/23 01:47

Resolved:: 08/Dec/23 01:47