Re: CVEs seems to be related to the wrong dependency

18 views

Skip to first unread message

Jeremy Long

unread,

Apr 27, 2021, 7:54:27 AM4/27/21

to Erik Nilsson, Dependency Check

Please see the documentation:

How does dependency-check work
How to read the report

--Jeremy

On Tue, Apr 27, 2021 at 6:11 AM Erik Nilsson <erik.n...@sitevision.se> wrote:

Hi,

For dependency-check-maven v6.1.5 we received
cassandra-driver-core-3.11.0.jar: CVE-2020-13946, CVE-2018-8016, CVE-2020-17516

Why do we get these CVEs for the driver when it seems to be related to the database itself?

Regards
Erik

--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dependency-check/02b1abd0-07e4-48b7-8381-47499a273039n%40googlegroups.com.

Reply all

Reply to author

Forward

0 new messages