False positive for a vulnerability detected in the wrong language

finos · Oct 31, 2023 · f5ecc60 · f5ecc60
1 parent 5fbc5d7
commit f5ecc60
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/dev/compliance/owasp-false-positives.xml b/dev/compliance/owasp-false-positives.xml
@@ -158,6 +158,15 @@
         <cpe>cpe:/a:json-java_project:json-java</cpe>
     </suppress>
 
+    <!-- Yet another mis-detection for the wrong language -->
+    <!-- Java module is already updated to a fixed version -->
+    <!-- https://github.com/jeremylong/DependencyCheck/issues/5992 -->
+
+    <suppress>
+        <packageUrl regex="true">^pkg:maven/com\.azure/azure-identity@.*$</packageUrl>
+        <vulnerabilityName>CVE-2023-36415</vulnerabilityName>
+    </suppress>
+
 
     <!-- ================== -->
     <!-- Special exceptions -->