Hello,
I am having a problem where sonarqube has created thousands of security issues which do not make sense.
Looks like it thinks we have old PHP version or something like that.
Our project is using Laravel 10 and PHP 8.3
For example, few of those issues:
- [Filename: php-font-lib:0.5.6 | Reference: CVE-2007-6039 | CVSS Score: 2.1 | Category: CWE-20 | PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string…
- Filename: php-cors:1.3.0 | Reference: CVE-2012-2336 | CVSS Score: 5.0 | Category: CWE-20 | sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3
- [Filename: polyfill-php83:1.31.0 | Reference: CVE-2007-5899 | CVSS Score: 4.3 | Category: CWE-200 | The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL…
We are using “Developer Edition v2025.1 (102418)”
Thank you!