[FP]: Wrongly reporting vulnerability CVE-2021-41033 on org.eclipse.jface

### Package URl

pkg:maven/org.eclipse.jface/org.eclipse.jface@3.5.0.I20090525-2000

### CPE

cpe:2.3:a:eclipse:equinox:3.7.0:370:*:*:*:*:*:*

### CVE

CVE-2021-41033

### ODC Integration

{"label" => "Maven Plugin"}

### ODC Version

10.0.3

### Description

The above CVE doesn't affect equinox OSGI framework at all according to https://github.com/eclipse-equinox/equinox/discussions/532#discussioncomment-8490883 and similar FP was raised previously too https://github.com/dependency-check/DependencyCheck/issues/5881

Seems like this affects only [P2](https://github.com/eclipse-equinox/p2) eclipse equinox artifacts according to this report https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688 rather than OSGI [eclipse-equinox](https://github.com/eclipse-equinox/equinox)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FP]: Wrongly reporting vulnerability CVE-2021-41033 on org.eclipse.jface #7673

Package URl

CPE

CVE

ODC Integration

ODC Version

Description

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[FP]: Wrongly reporting vulnerability CVE-2021-41033 on org.eclipse.jface #7673

Description

Package URl

CPE

CVE

ODC Integration

ODC Version

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions