[FP]: `com.zendesk:mysql-binlog-connector-java` misidentified as MySQL

[JackPGreen]

Package URl

pkg:maven/io.debezium/mysql-binlog-connector-java@0.40.2

CPE

cpe:2.3:a:mysql:mysql:0.40.2:::::::*

CVE

No response

ODC Integration

{"label" => "Maven Plugin"}

ODC Version

12.1.3

Description

com.zendesk:mysql-binlog-connector-java misidentified as MySQL, and then has any MySQL vulnerabilities applied.

[github-actions]

Maven Coordinates

<dependency>
   <groupId>io.debezium</groupId>
   <artifactId>mysql-binlog-connector-java</artifactId>
   <version>0.40.2</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #7916
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/io\.debezium/mysql-binlog-connector-java@.*$</packageUrl>
   <cpe>cpe:/a:mysql:mysql</cpe>
</suppress>

Link to test results: https://github.com/dependency-check/DependencyCheck/actions/runs/17562379086

[aikebah]

approved

[github-actions]

Suppress rule has been added to the generatedSuppressions branch.