Describe the bug
As spotted on

stleary/JSON-java#720 (comment)

CVE-2022-45688 is still reported for org.json:json version 20230227

A quick'n'dirty evalution with debug logging indicates that it is because the library version is not properly evaluated, leading to comparing the vulnerable software ranges to a version '*' of the library

Check vs cpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:* versions up to (excluding) 20220924 against targetVersion *

Note: the NVD entry is currently incorrect regarding the version range, that should've been up to (excluding) 20230227, but nevertheless the CVE should not have surfaced on reports for version 20230227

Version of dependency-check used
The problem occurs using version 8.1.1 as well as 8.1.2 of the maven plugin

Log file
When reporting errors, 99% of the time log file output is required. Please post the log file as a gist and provide a link in the new issue.

To Reproduce
Steps to reproduce the behavior:

1. Create a maven-project with a dependency on the fixed org.json package

   <dependency>
   <groupId>org.json</groupId>
   <artifactId>json</artifactId>
   <version>20230227</version>
   </dependency>

2. Run mvn org.owasp:dependency-check-maven:8.1.2:check on this project
3. Observe that the CVE is still reported

Expected behavior
CVE not reported, as the version of the dependency is beyond the vulnerable version range