[FP]: CVE flagged for reporting the vulnerability on logback version in which it is already fixed.

[vinay871]

Package URl

Package information not available in report.

CPE

cpe:2.3:a:qos:logback:1.0.15.53:::::::*

CVE

CVE-2017-5929

ODC Integration

{"label" => "Docker"}

ODC Version

7.1.0

Description

This vulnerability is reported on logback 3PP used in the apppliction. But this vulnerability is applicable on 3PP version <1.2.0. However the version of logback 3PP used in this context is 1.2.13.

[github-actions]

Error parsing package url: Package information not available in report..

Error: Error: Invalid purl: missing required "pkg" scheme component

Please correct the package URL - consider copying the package url from the HTML report.

[github-actions]

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/13293041521

[github-actions]

Error parsing package url: Package information not available in report..

Error: Error: Invalid purl: missing required "pkg" scheme component

Please correct the package URL - consider copying the package url from the HTML report.

[github-actions]

Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/13293047631

[jeremylong]

Please re-open the issue and provide a PURL (package URL)