Skip to content

Exception in thread "Thread-31" java.lang.IllegalArgumentException at org.owasp.dependencycheck.processing.BundlerAuditProcessor.addCriticalityToVulnerability(BundlerAuditProcessor.java:244) #6304

Closed
Closed
Exception in thread "Thread-31" java.lang.IllegalArgumentException at org.owasp.dependencycheck.processing.BundlerAuditProcessor.addCriticalityToVulnerability(BundlerAuditProcessor.java:244)#6304
Labels
bugquestion
@readonlyuser1

Description

@readonlyuser1
readonlyuser1
opened on Dec 14, 2023

Describe

dependency-check     
-s /builds/xxx/sss/pppppp    
-o /builds/xxx/sss/pppppp    
--suppression owaspdc-suppression-file.xml 
-f ALL     
--noupdate          
--nodeAuditSkipDevDependencies     
--nodePackageSkipDevDependencies     
--disableYarnAudit     
--disableRetireJS     
--disableMSBuild     
--ossIndexUsername [MASKED]     
--ossIndexPassword [MASKED]     
--prettyPrint     
--log owdc-1.log 

[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Launching: [bundle-audit, version] from /tmp/dctemp6d38cd1b-6e3e-47c4-bede-5dfacf3f32fa
[WARN] Warnings from bundle-audit 
[INFO] Ruby Bundle Audit Analyzer is enabled and is using bundle-audit with version details: bundler-audit 0.9.1
. Note: It is necessary to manually run "bundle-audit update" occasionally to keep its database up to date.
[INFO] Launching: [bundle-audit, check, --verbose] from /builds/front/xxx/xxx/xxx/root/node_modules/react-native/template
Exception in thread "Thread-31" java.lang.IllegalArgumentException
	at io.github.jeremylong.openvulnerability.client.nvd.CvssV2Data$Version.fromValue(CvssV2Data.java:859)
	at io.github.jeremylong.openvulnerability.client.nvd.CvssV2Data.<init>(CvssV2Data.java:57)
	at org.owasp.dependencycheck.processing.BundlerAuditProcessor.addCriticalityToVulnerability(BundlerAuditProcessor.java:244)
	at org.owasp.dependencycheck.processing.BundlerAuditProcessor.run(BundlerAuditProcessor.java:145)
	at java.base/java.lang.Thread.run(Thread.java:829)
[INFO] Finished Ruby Bundle Audit Analyzer (2 seconds)
[INFO] Finished File Name Analyzer (0 seconds)

Version of dependency-check used
Dependency-Check Core version 9.0.5
User-agent: dependency-check/9.0.5 (Linux; 6.2.0-37-generic; amd64; 11.0.21)

Log file

2023-12-14 15:34:53,830 org.owasp.dependencycheck.Engine:679
INFO  - Finished Archive Analyzer (0 seconds)
2023-12-14 15:34:53,833 org.owasp.dependencycheck.Engine:829
DEBUG - Initializing Ruby Bundle Audit Analyzer
2023-12-14 15:34:53,835 org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer:190
INFO  - Launching: [bundle-audit, version] from /tmp/dctemp6d38cd1b-6e3e-47c4-bede-5dfacf3f32fa
2023-12-14 15:34:55,297 org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer:219
WARN  - Warnings from bundle-audit 
2023-12-14 15:34:55,299 org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer:249
INFO  - Ruby Bundle Audit Analyzer is enabled and is using bundle-audit with version details: bundler-audit 0.9.1
. Note: It is necessary to manually run "bundle-audit update" occasionally to keep its database up to date.
2023-12-14 15:34:55,300 org.owasp.dependencycheck.Engine:764
DEBUG - Starting Ruby Bundle Audit Analyzer
2023-12-14 15:34:55,301 org.owasp.dependencycheck.Engine:812
DEBUG - Parallel processing with up to 24 threads: Ruby Bundle Audit Analyzer.
2023-12-14 15:34:55,313 org.owasp.dependencycheck.AnalysisTask:86
DEBUG - Begin Analysis of '/builds/front/xxx/xxx/xxx/root/node_modules/react-native/template/Gemfile.lock' (Ruby Bundle Audit Analyzer)
2023-12-14 15:34:55,317 org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer:190
INFO  - Launching: [bundle-audit, check, --verbose] from /builds/front/xxx/xxx/xxx/root/node_modules/react-native/template
2023-12-14 15:34:56,454 org.owasp.dependencycheck.processing.BundlerAuditProcessor:139
DEBUG - bundle-audit (template): Name: activesupport
2023-12-14 15:34:56,543 org.owasp.dependencycheck.processing.BundlerAuditProcessor:298
DEBUG - bundle-audit (template): Version: 6.1.5.1
2023-12-14 15:34:56,544 org.owasp.dependencycheck.processing.BundlerAuditProcessor:187
DEBUG - bundle-audit (template): CVE: CVE-2023-22796
2023-12-14 15:34:56,660 org.owasp.dependencycheck.processing.BundlerAuditProcessor:251
DEBUG - bundle-audit (template): Criticality: Unknown
2023-12-14 15:34:56,661 org.owasp.dependencycheck.processing.BundlerAuditProcessor:206
DEBUG - bundle-audit (template): URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
2023-12-14 15:34:56,662 org.owasp.dependencycheck.processing.BundlerAuditProcessor:139
DEBUG - bundle-audit (template): Name: activesupport
2023-12-14 15:34:56,663 org.owasp.dependencycheck.processing.BundlerAuditProcessor:298
DEBUG - bundle-audit (template): Version: 6.1.5.1
2023-12-14 15:34:56,663 org.owasp.dependencycheck.processing.BundlerAuditProcessor:187
DEBUG - bundle-audit (template): CVE: CVE-2023-28120
2023-12-14 15:34:56,664 org.owasp.dependencycheck.data.nvdcve.CveDB:801
DEBUG - CVE-2023-28120 does not exist in the database
2023-12-14 15:34:56,695 org.owasp.dependencycheck.Engine:679
INFO  - Finished Ruby Bundle Audit Analyzer (2 seconds)
2023-12-14 15:34:56,714 org.owasp.dependencycheck.Engine:829
DEBUG - Initializing File Name Analyzer

To Reproduce
Steps to reproduce the behavior:

  1. run dependency-check
  2. See Exception

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugquestion

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions