-
Notifications
You must be signed in to change notification settings - Fork 3
/
dependency-check-supress.xml
75 lines (75 loc) · 2.9 KB
/
dependency-check-supress.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: jackson-core-2.15.3.jar
Since the JSON input files are generated, this vulnerability can not occur
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl>
<cve>CVE-2023-5072</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jackson-core-2.15.3.jar
Since the JSON input files are generated, this vulnerability can not occur
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl>
<cve>CVE-2023-5072</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jackson-databind-2.15.3.jar
he vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2023-35116</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jakarta.json-2.0.1.jar
Since the JSON input files are generated, this vulnerability can not occur
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish/jakarta\.json@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jakarta.json-2.0.1.jar
Since the JSON input files are generated, this vulnerability can not occur
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish/jakarta\.json@.*$</packageUrl>
<cve>CVE-2023-5072</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jsonld-java-0.13.4.jar
Since the JSON input files are generated, this vulnerability can not occur
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.github\.jsonld\-java/jsonld\-java@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jackson-core-2.15.3.jar
Since the JSON input files are generated, this vulnerability can not occur
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jsonld-java-0.13.4.jar
Since the JSON input files are generated, this vulnerability can not occur
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.github\.jsonld\-java/jsonld\-java@.*$</packageUrl>
<cve>CVE-2023-5072</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: commons-compress-1.24.0.jar
Since this utility is only called by Jena - it is unlikely to be impacted
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.commons/commons\-compress@.*$</packageUrl>
<cve>CVE-2024-25710</cve>
</suppress>
</suppressions>