Reporting False Positives
- The location of the dependency (Maven GAV, URL to download the dependency, etc.) - dependency-check-maven:3.3.2:check (default-cli)
- The CPE that is believed to be false positive
- cpe:/a:pivotal_software:spring_boot:1.5.16, org.springframework.boot:spring-boot-starter-data-rest:1.5.16.RELEASE, cpe:/a:pivotal_software:spring_data_rest:1.5.16
False positive on library spring-boot-starter-data-rest-1.5.16.RELEASE.jar - reported as cpe:/a:pivotal_software:spring_boot:1.5.16, org.springframework.boot:spring-boot-starter-data-rest:1.5.16.RELEASE, cpe:/a:pivotal_software:spring_data_rest:1.5.16
CVE(2018-1273) is associated with Spring Data Commons and Spring Data REST and not with spring-boot-starter-data-rest according to https://pivotal.io/security/cve-2018-1273.
Spring Boot 1.5.11 or above should not have impact of CVE-2018-1273
https://securityonline.info/cve-2018-1273-spring-data-commons-remote-code-execution-vulnerability/
Reporting False Positives
False positive on library spring-boot-starter-data-rest-1.5.16.RELEASE.jar - reported as cpe:/a:pivotal_software:spring_boot:1.5.16, org.springframework.boot:spring-boot-starter-data-rest:1.5.16.RELEASE, cpe:/a:pivotal_software:spring_data_rest:1.5.16
CVE(2018-1273) is associated with Spring Data Commons and Spring Data REST and not with spring-boot-starter-data-rest according to https://pivotal.io/security/cve-2018-1273.
Spring Boot 1.5.11 or above should not have impact of CVE-2018-1273
https://securityonline.info/cve-2018-1273-spring-data-commons-remote-code-execution-vulnerability/