Re: CVE referencing Tomcat are not also referencing Tomcat-embed

On 06/09/2023 20:04, Francois Marot wrote: Hello, I'm in the process of switching from Dependency-check [1] to Dependency-track [2] to analyse vulnerabilities on my dependencies. I analyze a classic spring boot webapp depending upon org.apache.tomcat.embed:tomcat-embed-core. Dependency Check

CVE referencing Tomcat are not also referencing Tomcat-embed

Hello, I'm in the process of switching from Dependency-check [1] to Dependency-track [2] to analyse vulnerabilities on my dependencies. I analyze a classic spring boot webapp depending upon org.apache.tomcat.embed:tomcat-embed-core. Dependency Check who uses a kind of fuzzy logic detects