I am using BlackDuck to run security scan on a JAVA project. My project uses protobuf-java with the version 3.23.0. However, BlackDuck does not detect the version and hence, displays that the protobuf component have 2 vulnerabilities while it does not. blackduck scan
I already checked the whole java project, it has two components that uses protobuf, but both with the same version 3.23.0. The version is only defined in the parent POM of both components.