[FP]: CVE-2020-15250 on junit reported for dependency com.googlecode.json-simple:json-simple:1.1.1

### Package URl

pkg:maven/junit/junit@4.10

### CPE

cpe:2.3:a:junit:junit4:4.10:*:*:*:*:*:*:*

### CVE

CVE-2020-15250

### ODC Integration

{"label" => "Maven Plugin"}

### ODC Version

12.1.3

### Description

The CVE-2020-15250 is raised when having json-simple 1.1.1 dependency:
<dependency>
    <groupId>com.googlecode.json-simple</groupId>
    <artifactId>json-simple</artifactId>
    <version>1.1.1</version>
</dependency>

Seems that it is due to the pom.xml of json-simple 1.1.1 incorrectly containing the following runtime dependency:
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.10</version>
</dependency>

Wehn googling, the issue seems to have already been raised to json-simple developers a very long time ago several years)  without remediation

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[FP]: CVE-2020-15250 on junit reported for dependency com.googlecode.json-simple:json-simple:1.1.1 #7922

Package URl

CPE

CVE

ODC Integration

ODC Version

Description

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[FP]: CVE-2020-15250 on junit reported for dependency com.googlecode.json-simple:json-simple:1.1.1 #7922

Description

Package URl

CPE

CVE

ODC Integration

ODC Version

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions