[FP]: Multiple False positives found in dependency check scan

[NamineniVaishnavi]

Package URl

jre-8u431-linux-x64.rpm: jfr.jar

CPE

cpe:2.3:a:oracle:jrockit:1.8.0.431

CVE

CVE-2009-1006

ODC Integration

None

ODC Version

7.1.0

Description

False Positives ticket.docx
Multiple false positives vulnerabilities were identified while running dependency checker scan. I have mentioned only one CVE in the ticket. Since there are numerous CVE's filing multiple reports is time consuming, so I have attached a document with all the CVE's and the justification for them being False positive. Please consider the same.

[github-actions]

Error parsing package url: jre-8u431-linux-x64.rpm: jfr.jar.

Error: Error: Invalid purl: missing required "pkg" scheme component

Please correct the package URL - consider copying the package url from the HTML report.

[github-actions]

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/13234611865

[aikebah]

ODC 7.1.0 is outdated as indicated on #7384 I cannot reproduce the FPs with an up-to-date CLI