Package URl
pkg:npm/minimatch@^3.0.4
CPE
cpe:/a:minimatch_project:minimatch
CVE
CVE-2022-3517
ODC Integration
{"label"=>"CLI"}
ODC Version
7.4.0
Description
Starting with v7.4.0, Dependency Check is flagging CVE-2022-3517 for npm package [email protected], but this is not the correct version. This is run with a package-lock.json, and all dependencies installed.
Looking at the package-lock.json, the test-exclude package has the dependency "minimatch": "^3.0.4", but this is met via [email protected] (per the package-lock.json, and the installed package), which does not have the vulnerability.
Package URl
pkg:npm/minimatch@^3.0.4
CPE
cpe:/a:minimatch_project:minimatch
CVE
CVE-2022-3517
ODC Integration
{"label"=>"CLI"}
ODC Version
7.4.0
Description
Starting with v7.4.0, Dependency Check is flagging CVE-2022-3517 for npm package
[email protected], but this is not the correct version. This is run with a package-lock.json, and all dependencies installed.Looking at the package-lock.json, the
test-excludepackage has the dependency"minimatch": "^3.0.4", but this is met via[email protected](per the package-lock.json, and the installed package), which does not have the vulnerability.