-
Notifications
You must be signed in to change notification settings - Fork 109
/
cvss-suppressions.xml
80 lines (80 loc) · 3.06 KB
/
cvss-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: partyinfo-model.jar (project :tessera-jaxrs:partyinfo-model).
Suppress CVE-2020-36460, a vulnerability with the Rust crate 'model' that incorrectly triggers due to the naming of the 'partyinfo-model' module.
]]></notes>
<packageUrl regex="true">^pkg:maven/net\.consensys\.quorum\.tessera/partyinfo\-model@.*$</packageUrl>
<cpe>cpe:/a:model_project:model</cpe>
<cve>CVE-2020-36460</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: h2-2.2.224.jar (pkg:maven/com.h2database/h2@2.2.224, cpe:2.3:a:h2database:h2:2.2.224:*:*:*:*:*:*:*) : CVE-2018-14335
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
<cve>CVE-2018-14335</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: spring-beans-5.3.20.jar, and other spring jars
Not applicable to how Spring libraries are used within hashicorp-key-vault module
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework/spring\-.*$</packageUrl>
<cve>CVE-2016-1000027</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: commons-io-2.11.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/commons-io/commons-io@2.11.0</packageUrl>
<cve>CVE-2021-37533</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jcl-over-slf4j-1.7.36.jar
(pkg:maven/org.slf4j/jcl-over-slf4j@1.7.36, cpe:2.3:a:apache:commons_net:1.7.36:*:*:*:*:*:*:*) : CVE-2021-37533
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.slf4j/jcl-over-slf4j@1.7.36</packageUrl>
<cve>CVE-2021-37533</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: eclipselink-utils.jar (project :eclipselink-utils)
]]></notes>
<cve>CVE-2021-4277</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jakarta.json-2.0.1-module.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish/jakarta\.json@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
<cve>CVE-2023-5072</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jsonp-jaxrs-2.0.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish/jsonp-jaxrs@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
<cve>CVE-2023-5072</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jakarta.json-api-2.0.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/jakarta\.json/jakarta\.json-api@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
<cve>CVE-2023-5072</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jackson-core-2.16.2.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson-core@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
<cve>CVE-2023-5072</cve>
</suppress>
</suppressions>