-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathowasp-suppressions.xml
51 lines (51 loc) · 2.38 KB
/
owasp-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
h2 is only used in testing, cannot update to 1.4.200 since it does not work with the newest version of h2gis
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
<vulnerabilityName>CVE-2021-23463</vulnerabilityName>
<vulnerabilityName>CVE-2018-14335</vulnerabilityName>
<vulnerabilityName>CVE-2018-10054</vulnerabilityName>
<vulnerabilityName>CVE-2021-42392</vulnerabilityName>
<vulnerabilityName>CVE-2022-23221</vulnerabilityName>
<vulnerabilityName>CWE-94: Improper Control of Generation of Code ('Code Injection')</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
The artifact is transitive dependency of AWS cloud messaging used for reading configuration from S3.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework/spring\-messaging@.*$</packageUrl>
<cve>CVE-2020-5421</cve>
</suppress>
<suppress until="2022-10-01Z">
<notes><![CDATA[
Check status of https://github.com/spring-projects/spring-security/issues/8980
See also discussion: https://github.com/jeremylong/DependencyCheck/issues/4528
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework/spring\-security\-crypto@.*$</packageUrl>
<cve>CVE-2020-5408</cve>
</suppress>
<suppress>
<notes><![CDATA[
google-http-client-apache-v2-1.39.2 falsely flagged for CVE-2020-13956
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.http\-client/google\-http\-client\-apache\-v2@.*$</packageUrl>
<cve>CVE-2020-13956</cve>
</suppress>
<suppress>
<notes><![CDATA[
False positive, does not affect version 3.x.x
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.batch/spring\-batch\-core@.*$</packageUrl>
<cve>CVE-2020-5411</cve>
</suppress>
<suppress>
<notes><![CDATA[
False positive. See https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework/spring\-web@.*$</packageUrl>
<cve>CVE-2016-1000027</cve>
</suppress>
</suppressions>