[FP]: CVE-2019-10743 for archiver:5.3.1

[michaelwdombek]

Package URl

pkg:npm/archiver@5.3.1

CPE

cpe:2.3:a:archiver_project:archiver:5.3.1:::::::*

CVE

CVE-2019-10743

ODC Integration

{"label"=>"CLI"}

ODC Version

7.1.0

Description

Hey,
this looks like a strange miss match,
CVE points to mholt/archiver
but is triggered by npm/archiver

OSS Link stating its clean

[github-actions]

Npm Coordinates

npm -i archiver@5.3.1

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4554
   ]]></notes>
   <packageUrl regex="true">^pkg:npm/archiver@.*$</packageUrl>
   <cpe>cpe:/a:archiver_project:archiver</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2409440233

[github-actions]

Npm Coordinates

npm -i archiver@5.3.1

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4554
   ]]></notes>
   <packageUrl regex="true">^pkg:npm/archiver@.*$</packageUrl>
   <cpe>cpe:/a:archiver_project:archiver</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2409443776