[FP]: CVE-2022-36437

[Subrhamanya]

Package URl

pkg:maven/com.hazelcast/hazelcast-eureka-two@3.0.1

CPE

cpe:2.3:a:hazelcast:hazelcast:3.0.1:*:*:*:*:*:*:*

CVE

CVE-2022-36437

ODC Integration

{"label" => "Maven Plugin"}

ODC Version

12.1.6

Description

This CVE affects only hazelcast github repo jars and not hazelcast-eureka-two jars according to hazelcast-security-advisory

[github-actions]

Maven Coordinates

<dependency>
   <groupId>com.hazelcast</groupId>
   <artifactId>hazelcast-eureka-two</artifactId>
   <version>3.0.1</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #8018
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast-eureka-two@.*$</packageUrl>
   <cpe>cpe:/a:hazelcast:hazelcast</cpe>
</suppress>

Link to test results: https://github.com/dependency-check/DependencyCheck/actions/runs/18373349099

[Subrhamanya]

@jeremylong please approve this.

[chadlwilson]

approved

Please don't tag/hassle the maintainers. We'll get to it when we have time. If you are in a rush, you can manage your own suppressions.

[github-actions]

Suppress rule has been added to the generatedSuppressions branch.