Our vulnerability scans have recently started returning the following error and failing our CICD jobs. Is this a known issue?
I am running version 12.0.2 and java 21
[2025-02-15 21:02:02.042] [ERROR] org.owasp.dependencycheck.Engine - Error updating the NVD Data
org.owasp.dependencycheck.data.update.exception.UpdateException: Error updating the NVD Data
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:399)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:117)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:903)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:708)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:634)
at nvd.task.check$scan_and_analyze$fn__793.invoke(check.clj:52)
at nvd.task.check$scan_and_analyze.invokeStatic(check.clj:51)
at nvd.task.check$scan_and_analyze.invoke(check.clj:46)
at nvd.task.check$impl.invokeStatic(check.clj:89)
at nvd.task.check$impl.invoke(check.clj:81)
at nvd.task.check$_main.invokeStatic(check.clj:148)
at nvd.task.check$_main.doInvoke(check.clj:100)
at clojure.lang.RestFn.invoke(RestFn.java:424)
at clojure.lang.Var.invoke(Var.java:390)
at user$eval138.invokeStatic(form-init10682709095142075290.clj:1)
at user$eval138.invoke(form-init10682709095142075290.clj:1)
at clojure.lang.Compiler.eval(Compiler.java:7700)
at clojure.lang.Compiler.eval(Compiler.java:7690)
at clojure.lang.Compiler.load(Compiler.java:8165)
at clojure.lang.Compiler.loadFile(Compiler.java:8103)
at clojure.main$load_script.invokeStatic(main.clj:476)
at clojure.main$init_opt.invokeStatic(main.clj:478)
at clojure.main$init_opt.invoke(main.clj:478)
at clojure.main$initialize.invokeStatic(main.clj:509)
at clojure.main$null_opt.invokeStatic(main.clj:543)
at clojure.main$null_opt.invoke(main.clj:540)
at clojure.main$main.invokeStatic(main.clj:665)
at clojure.main$main.doInvoke(main.clj:617)
at clojure.lang.RestFn.applyTo(RestFn.java:140)
at clojure.lang.Var.applyTo(Var.java:707)
at clojure.main.main(main.java:40)
Caused by: io.github.jeremylong.openvulnerability.client.nvd.NvdApiException: Failed to parse NVD data
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:389)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:357)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:355)
... 30 more
Caused by: com.fasterxml.jackson.databind.exc.ValueInstantiationException: Cannot construct instance of `io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data$ModifiedCiaType`, problem: SAFETY
at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 1, column: 1283671] (through reference chain: io.github.jeremylong.openvulnerability.client.nvd.CveApiJson20["vulnerabilities"]->java.util.ArrayList[405]->io.github.jeremylong.openvulnerability.client.nvd.DefCveItem["cve"]->io.github.jeremylong.openvulnerability.client.nvd.CveItem["metrics"]->io.github.jeremylong.openvulnerability.client.nvd.Metrics["cvssMetricV40"]->java.util.ArrayList[0]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4["cvssData"]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data["modifiedSubsequentSystemIntegrity"])
Our vulnerability scans have recently started returning the following error and failing our CICD jobs. Is this a known issue?
I am running version 12.0.2 and java 21