Details
-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
-
Yes
Description
One or more dependencies were identified with known vulnerabilities in magnolia-enterprise-pro-webapp: magnolia-empty-webapp-5.7.33-SNAPSHOT.war: ehcache-core-3.3.0.jar (cpe:2.3:a:gradle:gradle:3.3.0:*:*:*:*:*:*:*) : CVE-2023-44387, CVE-2023-42445
https://nvd.nist.gov/vuln/detail/CVE-2023-42445
Clearly a mismatch/false positive: the issue actually concerns Gradle, a build tool, which Magnolia doesn't use.
Checklists
Acceptance criteria