[FP]: Wrongly reporting vulnerability CVE-2023-4218 on org.eclipse.core.expressions

### Package URl

pkg:maven/org.eclipse.core/org.eclipse.core.expressions@3.4.300

### CPE

cpe:2.3:a:eclipse:org.eclipse.core.runtime:3.4.300:370:*:*:*:*:*:*

### CVE

CVE-2023-4218

### ODC Integration

{"label" => "Maven Plugin"}

### ODC Version

10.0.3

### Description

According to the discussion [here](https://github.com/eclipse-equinox/equinox/discussions/532), this CVE doesn't affect org.eclipse.core.expressions jar at all. (seems it's not affecting org.eclipse.platform:org.eclipse.osgi also even though it has some changes since it does no XML parsing)

To add more, it only affects Eclipse IDE rather than OSGI jar applications

![Image](https://github.com/user-attachments/assets/1bba5d12-f98a-48f5-a2aa-8618fcef7604)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[FP]: Wrongly reporting vulnerability CVE-2023-4218 on org.eclipse.core.expressions #7661

Package URl

CPE

CVE

ODC Integration

ODC Version

Description

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[FP]: Wrongly reporting vulnerability CVE-2023-4218 on org.eclipse.core.expressions #7661

Description

Package URl

CPE

CVE

ODC Integration

ODC Version

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions