Uploaded image for project: 'Build'
  1. Build
  2. BUILD-956

Dismiss false positive about microprofile-config-api/payara (CVE-2022-45129)

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Neutral
    • None
    • None
    • None

    Description

      magnolia-empty-webapp-6.3-SNAPSHOT.war: microprofile-config-api-2.0.jar (pkg:maven/org.eclipse.microprofile.config/microprofile-config-api@2.0, cpe:2.3:a:payara:payara:2.0:*:*:*:*:*:*:*) : CVE-2022-45129 
      

      https://nvd.nist.gov/vuln/detail/CVE-2022-45129

      Payara provides an implementation of the Microprofile Config api. Magnolia doesn't use Payara, it uses SmallRye implementation instead

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                fgrilli Federico Grilli
                fgrilli Federico Grilli
                Foundation
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoR