-
Notifications
You must be signed in to change notification settings - Fork 12
/
owasp-suppression.xml
105 lines (105 loc) · 3.14 KB
/
owasp-suppression.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes>
<![CDATA[file name: slf4j-api-1.8.0-beta2.jar]]>
</notes>
<gav regex="true">^org\.slf4j:slf4j-api:.*$</gav>
<cve>CVE-2018-8088</cve>
</suppress>
<suppress>
<notes>
<![CDATA[file name: jose4j-0.6.5.jar]]>
</notes>
<gav regex="true">^org\.bitbucket\.b_c:jose4j:.*$</gav>
<cve>CVE-2018-1000539</cve>
</suppress>
<suppress>
<notes>
<![CDATA[file name: tripwire:1.0.0]]>
</notes>
<cve>CVE-1999-0464</cve>
</suppress>
<suppress>
<notes>
<![CDATA[file name: jboss_enterprise_application_platform:7.0]]>
</notes>
<cve>CVE-2016-6311</cve>
</suppress>
<suppress>
<notes>
<![CDATA[
file name: maven-resolver-1.9.4.pom
]]>
</notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.maven\.resolver/maven\-resolver@.*$</packageUrl>
<cve>CVE-2021-23406</cve>
</suppress>
<suppress>
<notes>
<![CDATA[
file name: greenmail-standalone-2.0.0-alpha-3.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.13.3)
]]>
</notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2022-42003</cve>
</suppress>
<suppress>
<notes>
<![CDATA[
file name: greenmail-standalone-2.0.0-alpha-3.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.13.3)
]]>
</notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2022-42004</cve>
</suppress>
<suppress base="true">
<notes>
<![CDATA[
Suppress many FPs in apache projects that have james in the (developer) evidences now triggering apache james
#4123, #4128, #4132, #4136, #4137, #4138, #4145, #4146
]]>
</notes>
<packageUrl regex="true">^pkg:maven/(?!org\.apache\.james/).*$</packageUrl>
<cpe>cpe:/a:apache:james</cpe>
</suppress>
<suppress>
<notes>
<![CDATA[
file name: guava-31.1-jre.jar
]]>
</notes>
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
<cpe>cpe:/a:google:guava</cpe>
</suppress>
<suppress>
<notes>
<![CDATA[
file name: guava-31.1-jre.jar
]]>
</notes>
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
<vulnerabilityName>CVE-2020-8908</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: de.flapdoodle.embed.mongo-4.12.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/de\.flapdoodle\.embed/de\.flapdoodle\.embed\.mongo@.*$</packageUrl>
<cpe>cpe:/a:mongodb:mongodb</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: de.flapdoodle.embed.mongo.packageresolver-4.11.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/de\.flapdoodle\.embed/de\.flapdoodle\.embed\.mongo\.packageresolver@.*$</packageUrl>
<cpe>cpe:/a:mongodb:mongodb</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: embedded-mongodb-8.1.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/de\.svenkubiak/embedded\-mongodb@.*$</packageUrl>
<cpe>cpe:/a:mongodb:mongodb</cpe>
</suppress>
</suppressions>