Describe the bug
Today I updated spring-boot dependency
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.9</version>
<relativePath />
</parent>
in my project and after I run mvn org.owasp:dependency-check-maven:aggregate I saw this:
[INFO] --- dependency-check:10.0.3:aggregate (default-cli) @ xxxxxxx ---
[WARNING] The artifact com.github.wnameless:json-flattener:jar:0.7.1 has been relocated to com.github.wnameless.json:json-flattener:jar:0.7.1
[INFO] Checking for updates
[INFO] NVD API has 233 records in this update
[INFO] Downloaded 233/233 (100%)
[ERROR] Failed to process CVE-2024-8033
java.lang.NullPointerException
at java.util.stream.ReferencePipeline$7$1.accept (ReferencePipeline.java:273)
at java.util.stream.ReferencePipeline$3$1.accept (ReferencePipeline.java:197)
at java.util.ArrayList$ArrayListSpliterator.tryAdvance (ArrayList.java:1602)
at java.util.stream.ReferencePipeline$7$1.accept (ReferencePipeline.java:280)
at java.util.stream.ReferencePipeline$3$1.accept (ReferencePipeline.java:197)
at java.util.ArrayList$ArrayListSpliterator.tryAdvance (ArrayList.java:1602)
at java.util.stream.ReferencePipeline.forEachWithCancel (ReferencePipeline.java:129)
at java.util.stream.AbstractPipeline.copyIntoWithCancel (AbstractPipeline.java:527)
at java.util.stream.AbstractPipeline.copyInto (AbstractPipeline.java:513)
at java.util.stream.AbstractPipeline.wrapAndCopyInto (AbstractPipeline.java:499)
at java.util.stream.MatchOps$MatchOp.evaluateSequential (MatchOps.java:230)
at java.util.stream.MatchOps$MatchOp.evaluateSequential (MatchOps.java:196)
at java.util.stream.AbstractPipeline.evaluate (AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.anyMatch (ReferencePipeline.java:632)
at org.owasp.dependencycheck.data.nvdcve.CveItemOperator.testCveCpeStartWithFilter (CveItemOperator.java:228)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability (CveDB.java:1098)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.updateCveDb (NvdApiProcessor.java:119)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:96)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:40)
at java.util.concurrent.FutureTask.run (FutureTask.java:264)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1136)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:635)
at java.lang.Thread.run (Thread.java:840)
[INFO] Completed processing batch 1/1 (100%) in 482ms
[INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (6187 ms)
[INFO] Check for updates complete (10451 ms)
[INFO]
No NPE was seen in the second run.
Version of dependency-check used
mvn org.owasp:dependency-check-maven:aggregate
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>10.0.3</version>
To Reproduce
I can't reproduce it.
Expected behavior
No NPE.
Describe the bug
Today I updated spring-boot dependency
in my project and after I run
mvn org.owasp:dependency-check-maven:aggregateI saw this:No NPE was seen in the second run.
Version of dependency-check used
mvn org.owasp:dependency-check-maven:aggregate
To Reproduce
I can't reproduce it.
Expected behavior
No NPE.