aboutsummaryrefslogtreecommitdiffstats
path: root/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
diff options
context:
space:
mode:
Diffstat (limited to 'archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml')
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml19
1 files changed, 19 insertions, 0 deletions
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
index 2a3f08f77..c18030118 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
@@ -73,4 +73,23 @@
<cpe>cpe:/a:jquery_file_upload_project:jquery_file_upload</cpe>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: jdom2-2.0.6.jar
+ This is a dependency of rometools/rome (RSS library), they addressed the issue (see https://github.com/rometools/rome/issues/469)
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
+ <cpe>cpe:/a:jdom:jdom</cpe>
+ <vulnerabilityName>CVE-2021-33813</vulnerabilityName>
+ </suppress>
+
+ <suppress>
+ <notes><![CDATA[
+ file name: native-protocol-1.5.0.jar
+ This is a vulnerability of cassandra server. We will ignore it for the client driver.
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/com\.datastax\.oss/native\-protocol@.*$</packageUrl>
+ <cpe>cpe:/a:apache:cassandra</cpe>
+ <vulnerabilityName>CVE-2020-13946</vulnerabilityName>
+ </suppress>
</suppressions>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 16:33:51 +0000