FP on Ruby

[erpraba]

Package URl

Ruby

CPE

cpe:2.3:a:bundler:bundler::::::ruby::*

CVE

CVE-2019-3881

ODC Integration

None

ODC Version

12.1.0

Description

[FP]: Hi Team, we have the following CVE's CVE-2016-7954 CVE-2018-1000201 CVE-2019-3881 CVE-2021-28965 CVE-2024-41123 CVE-2024-41946 CVE-2021-43809, which was reported in as part of OWASP scan. Based upon our analysis we have concluded these were FP. could you pls Check on that.

[github-actions]

Error parsing package url: Ruby.

Error: Error: Invalid purl: missing required "pkg" scheme component

Please correct the package URL - consider copying the package url from the HTML report.

[github-actions]

Failed to automatically evaluate the false positive. See: https://github.com/dependency-check/DependencyCheck/actions/runs/18554987420

[chadlwilson]

Please correct the package url for the dependency which the tool/report (incorrectly) thinks is bundler. We can't evaluate without that.

[chadlwilson]

Will re-open if corrected.