DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

https://dependencytrack.org/

False positive with jetty

amergey opened this issue 2 months ago · comments

Arnaud Mergey commented 2 months ago

Current Behavior

Dependency track detect GHSA-58qw-p7qm-5rvh from github analyzer against jetty 9.4.53 while it was fixed in 9.4.52

Steps to Reproduce

1.run dependency track on a project with jetty 9.4.53

Expected Behavior

GHSA-58qw-p7qm-5rvh not reported

Dependency-Track Version

4.10.1

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

No response

Browser

Google Chrome

Checklist

I have read and understand the contributing guidelines
I have checked the existing issues for whether this defect was already reported