magnolia-community-webapp-6.2-SNAPSHOT.war: jackrabbit-ocm-2.0.1-magnolia.jar (pkg:maven/info.magnolia.ocm/jackrabbit-ocm@2.0.1-magnolia, cpe:2.3:a:apache:jackrabbit:2.0.1:*:*:*:*:*:*:*) : CVE-2015-1833

https://nvd.nist.gov/vuln/detail/CVE-2015-1833

The CVE is about an older JackRabbit core version up to (including) 2.0.5 (Magnolia currently uses JR version 2.20.9) and mistakenly matches our recently released fork of JR OCM library (Magnolia's fork actually resolves another CVE).