[FP]: edu.washington.cs.knowitall.opennlp-postag-models-1.5 matched as Apache OpenNLP

[andreasb-ro]

Package URl

pkg:maven/edu.washington.cs.knowitall/opennlp-postag-models@1.5

CPE

cpe:2.3:a:apache:opennlp:1.5.0:::::::*

CVE

CVE-2017-12620

ODC Integration

{"label" => "CLI"}

ODC Version

12.1.3

Description

The CVE-2017-12620 is reported for edu.washington.cs.knowitall.opennlp-postag-models-1.5.jar as it incorrectly matches a vulnerable Apache OpenNLP library.

[github-actions]

Maven Coordinates

<dependency>
   <groupId>edu.washington.cs.knowitall</groupId>
   <artifactId>opennlp-postag-models</artifactId>
   <version>1.5</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #7734
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/edu\.washington\.cs\.knowitall/opennlp-postag-models@.*$</packageUrl>
   <cpe>cpe:/a:apache:opennlp</cpe>
</suppress>

Link to test results: https://github.com/dependency-check/DependencyCheck/actions/runs/15580917873