You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per snyk reference the vulnerable component is plexus-utils, however in OWASP scan result subject CVE is reported on plexus-cipher & plexus-interpolation.
The vulnerable is applicable for version before 3.0.24, however latest available version from maven of plexus-cipher is 2.1.0 and plexus-interpolation is 1.27
Have raised this one with the NVD as a data anomaly in the NVD data. There is a better CPE available in the CPE dictionary to link to the plexus-utils project explicitly (and the currently linked CPE is not registered in the CPE dictionary).
Package URl
pkg:maven/org.codehaus.plexus/plexus-cipher@2.0
CPE
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:::::::*
CVE
CVE-2022-4244
ODC Integration
None
ODC Version
10.0.3
Description
As per snyk reference the vulnerable component is plexus-utils, however in OWASP scan result subject CVE is reported on plexus-cipher & plexus-interpolation.
The vulnerable is applicable for version before 3.0.24, however latest available version from maven of plexus-cipher is 2.1.0 and plexus-interpolation is 1.27
https://security.snyk.io/vuln/SNYK-CENTOS7-PLEXUSUTILS-3183869
The text was updated successfully, but these errors were encountered: