Precondition
Describe the bug
The link to NIST's NVD via https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Astruts&cpe_version=cpe%3A%2F%3Aapache%3Astruts%3A1.2.9 showed 311.310 CVEs
Version of dependency-check used
dependency-check version: 12.1.3
Log file
none
To Reproduce
Scan something e.g. with Apache Struts v1.2.x
Expected behavior
I passed a WAR file to dependency check which contains a defined set of Java libs. Here specifically: ./WEB-INF/lib/struts-1.2.9.jar . So my expectation was to be precise on the software used.
Maybe pass the product (CNA) .
Additional context
(not that it matters much: Results from MVN are less : 4x HIGH (trivy: 2 CVEs MEDIUM)
Precondition
Describe the bug
The link to NIST's NVD via https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Astruts&cpe_version=cpe%3A%2F%3Aapache%3Astruts%3A1.2.9 showed 311.310 CVEs
Version of dependency-check used
dependency-check version: 12.1.3
Log file
none
To Reproduce
Scan something e.g. with Apache Struts v1.2.x
Expected behavior
I passed a WAR file to dependency check which contains a defined set of Java libs. Here specifically:
./WEB-INF/lib/struts-1.2.9.jar. So my expectation was to be precise on the software used.Maybe pass the product (CNA) .
Additional context
(not that it matters much: Results from MVN are less : 4x HIGH (trivy: 2 CVEs MEDIUM)