-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FP]: Nuget packages with Redis in name is marked as vulnerable #4321
Comments
For what it's worth we're getting issues on this as a client library, for example: StackExchange/StackExchange.Redis#2358 I'm not sure how this tool gets data it's depending on, but could we please update the Redis definitions? If that's upstream, just need a pointer of where to look. |
Any news from DependencyCheck? |
Also hitting this issue with ODC for the Python redis library, and there are even more FPs now. CPE CVE ODC Version |
@jeremylong I created a PR to address this ticket - is there anything else I need to do to submit for review? Thanks! |
Package URl
pkg:generic/Microsoft.Extensions.Caching.StackExchangeRedis@6.0.1
pkg:generic/HealthChecks.Redis@5.0.2
CPE
cpe:2.3:a:redis:redis:5.0.2:::::::*
cpe:2.3:a:microsoft:.net_core:6.0.1:::::::*
cpe:2.3:a:microsoft:exchange:6.0.1:::::::*
cpe:2.3:a:redis:redis:6.0.1:::::::*
CVE
CVE-2021-32626
CVE-2021-32627
CVE-2021-32628
CVE-2021-32675
CVE-2021-32687
CVE-2021-32762
CVE-2021-41099
ODC Integration
{"label"=>"CLI"}
ODC Version
Description
It looks like that all Nuget packages with "Redis" in name and with the version similar to a version number used in Redis server are marked with vulnerabilities found in Redis Server.
The text was updated successfully, but these errors were encountered: