Skip to content

[FP]: activemq-artemis-native incorrectly matched to Apache ActiveMQ Artemis CPE #8630

Description

@alexisdormoy00

Package URl

pkg:maven/org.apache.activemq/activemq-artemis-native@2.0.0

CPE

'cpe:2.3:a:apache:artemis:2.0.0:::::::*'

CVE

CVE-2021-4040

ODC Integration

None

ODC Version

12.2.2

Description

The artifact activemq-artemis-native is incorrectly matched to the Apache ActiveMQ Artemis CPE. This module is a standalone used for I/O optimizations (e.g., libaio) and does not contain any of the Artemis broker logic (messaging, routing, or security). It also follows its own release cycle and versioning, which is independent from the main Artemis components. The reported vulnerabilities appeared after recent NVD CPE mapping changes that broadly associate Artemis-related artifacts, leading to false positives for this specific module.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions