Status
Justification
Impact
The affected component's suffix is non-standard for Maven parsing. It supports "." as a delimiter, but treats jre11 as an unknown qualifier that sorts after known ones (alpha, beta, rc, ga, etc.), which breaks version matching. This vulnerability was resolved in v25.11.0.114957 of sonarqube[1]. [1]https://github.com/SonarSource/sonarqube/commit/ad603468b3af8284156d532eae7d099464189728
Status