Skip to content

Commit

Permalink
suppress CVEs
Browse files Browse the repository at this point in the history
  • Loading branch information
LakshSingla committed Nov 6, 2023
1 parent d60f7cf commit 5b254e6
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions owasp-dependency-check-suppressions.xml
Original file line number Diff line number Diff line change
Expand Up @@ -760,6 +760,7 @@
<cve>CVE-2023-37475</cve> <!-- Suppressing since CVE wrongly linked to apache:avro project - https://github.com/jeremylong/DependencyCheck/issues/5843 -->
<cve>CVE-2023-39410</cve> <!-- This seems to be a legitimate vulnerability. But there is no fix as of yet in Hadoop repo -->
<cve>CVE-2023-44487</cve> <!-- Occurs in the version of Hadoop used by Jetty, but it hasn't been fixed by Hadoop yet-->
<cve>CVE-2023-36478</cve> <!-- Occurs in the version of Hadoop used by Jetty, but it hasn't been fixed by Hadoop yet-->
</suppress>
<suppress>
<!-- from extensions using hadoop-client-api, these dependencies are shaded in the jar -->
Expand Down Expand Up @@ -839,4 +840,11 @@
]]></notes>
<cve>CVE-2023-4586</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: jose4j-0.7.3.jar
]]></notes>
<cve>CVE-2023-31582</cve>
</suppress>
</suppressions>

0 comments on commit 5b254e6

Please sign in to comment.