False Positive on elastic-apm-agent #3876

OrangeDog · 2021-12-14T15:51:24Z

apm-agent-attach-1.28.1.jar\META-INF/maven/co.elastic.apm/apm-agent-common/pom.xml (pkg:maven/co.elastic.apm/apm-agent-common@1.28.1, cpe:2.3:a:elastic:apm_agent:1.28.1:*:*:*:*:*:*:*) : CVE-2019-7617
apm-agent-attach-1.28.1.jar (pkg:maven/co.elastic.apm/apm-agent-attach@1.28.1, cpe:2.3:a:elastic:apm_agent:1.28.1:*:*:*:*:*:*:*) : CVE-2019-7617
elastic-apm-agent-1.28.1.jar (pkg:maven/co.elastic.apm/elastic-apm-agent@1.28.1, cpe:2.3:a:elastic:apm_agent:1.28.1:*:*:*:*:*:*:*) : CVE-2019-7617

<dependency>
  <groupId>co.elastic.apm</groupId>
  <artifactId>apm-agent-attach</artifactId>
  <version>1.28.1</version>
</dependency>

CVE-2019-7617 is for the Python agent, not the Java agent.
The NVD entry specifies this: cpe:2.3:a:elastic:apm_agent:*:*:*:*:*:python:*:*

The text was updated successfully, but these errors were encountered:

aikebah · 2022-06-08T16:07:26Z

Would need enhancement in DependencyCheck to take target_sw CPE attribute into account

bremme · 2024-12-18T19:54:26Z

I just ran into this issue using version 1.52.1 of the Java APM agent as well.

OrangeDog added the FP Report label Dec 14, 2021

aikebah added the enhancement label Jun 8, 2022

OrangeDog mentioned this issue Nov 13, 2024

fix: use CPE target_sw to populate ecosystem to reduce FP #7139

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

False Positive on elastic-apm-agent #3876

False Positive on elastic-apm-agent #3876

OrangeDog commented Dec 14, 2021 •

edited

Loading

aikebah commented Jun 8, 2022

bremme commented Dec 18, 2024

False Positive on elastic-apm-agent #3876

False Positive on elastic-apm-agent #3876

Comments

OrangeDog commented Dec 14, 2021 • edited Loading

aikebah commented Jun 8, 2022

bremme commented Dec 18, 2024

OrangeDog commented Dec 14, 2021 •

edited

Loading