archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
  <suppress until="2020-09-01Z">
    <notes><![CDATA[
   file name: jackson-mapper-asl-1.9.2.jar is a dependency of cassandra - Waiting for update of cassandra
   ]]></notes>
    <packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl>
    <cpe>cpe:/a:fasterxml:jackson-mapper-asl</cpe>
    <cpe>cpe:/a:fasterxml:jackson</cpe>
    <vulnerabilityName>CVE-2017-15095</vulnerabilityName>
    <vulnerabilityName>CVE-2017-7525</vulnerabilityName>
    <vulnerabilityName>CVE-2017-17485</vulnerabilityName>
    <vulnerabilityName>CVE-2018-5968</vulnerabilityName>
    <vulnerabilityName>CVE-2018-14718</vulnerabilityName>
    <vulnerabilityName>CVE-2018-7489</vulnerabilityName>
    <vulnerabilityName>CVE-2018-1000873</vulnerabilityName>
    <vulnerabilityName>CVE-2019-14540</vulnerabilityName>
    <vulnerabilityName>CVE-2019-14893</vulnerabilityName>
    <vulnerabilityName>CVE-2019-16335</vulnerabilityName>
    <vulnerabilityName>CVE-2019-17267</vulnerabilityName>
    <vulnerabilityName>CVE-2020-10672</vulnerabilityName>
    <vulnerabilityName>CVE-2020-10673</vulnerabilityName>
  </suppress>

  <suppress>
    <notes><![CDATA[
   False positive for oak-jcr packages
   ]]></notes>
    <packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/oak\-.*@.*$</packageUrl>
    <cpe>cpe:/a:apache:jackrabbit</cpe>
  </suppress>

  <suppress>
    <notes><![CDATA[
    False positive for oak-segment-tar-1.30.0.jar: netty-transport-4.1.14.Final.jar
    Updated netty to higher version
   ]]></notes>
    <packageUrl regex="true">^pkg:maven/io\.netty/netty\-transport@.*$</packageUrl>
    <cpe>cpe:/a:netty:netty</cpe>
    <vulnerabilityName>CVE-2020-11612</vulnerabilityName>
    <vulnerabilityName>CVE-2019-20445</vulnerabilityName>
    <vulnerabilityName>CVE-2019-20444</vulnerabilityName>
  </suppress>

  <suppress>
    <notes><![CDATA[
    False positive for oak-segment-tar-1.30.0.jar: netty-transport-4.1.14.Final.jar
    Updated netty to higher version
   ]]></notes>
    <packageUrl regex="true">^.*oak-segment-tar.*$</packageUrl>
    <cpe>cpe:/a:netty:netty</cpe>
    <vulnerabilityName>CVE-2020-11612</vulnerabilityName>
    <vulnerabilityName>CVE-2019-20445</vulnerabilityName>
    <vulnerabilityName>CVE-2019-20444</vulnerabilityName>
  </suppress>
  <suppress>
    <notes><![CDATA[
   file name: oak-segment-tar-1.30.0.jar: netty-codec-4.1.14.Final.jar
   ]]></notes>
    <packageUrl regex="true">^pkg:maven/io\.netty/netty\-.*@.*$</packageUrl>
    <cpe>cpe:/a:netty:netty</cpe>
    <vulnerabilityName>CVE-2020-11612</vulnerabilityName>
    <vulnerabilityName>CVE-2019-20445</vulnerabilityName>
    <vulnerabilityName>CVE-2019-20444</vulnerabilityName>
  </suppress>

</suppressions>