Malena Ebert
3 years ago
1 changed files with 55 additions and 0 deletions
+ 55
- 0
owasp-suppressions.xml
View File
| @@ -187,4 +187,59 @@ | |||
| <packageUrl regex="true">pkg:maven/com\.jcraft/jsch\.agentproxy\..*@0.0.7</packageUrl> | |||
| <cve>CVE-2016-5725</cve> | |||
| </suppress> | |||
| <suppress> | |||
| <notes> | |||
| <![CDATA[ | |||
| file name: alm-gallery-client-1.0.2.jar will be matched to a wrong cpe string | |||
| ]]> | |||
| </notes> | |||
| <packageUrl regex="true">^pkg:maven/com\.sonarsource\.vsts/alm\-gallery\-client@.*$</packageUrl> | |||
| <cpe>cpe:/a:gallery:gallery</cpe> | |||
| </suppress> | |||
| <!-- False Positive: Version of kotlin lib is not vulnerable to this CVE --> | |||
| <suppress> | |||
| <notes><![CDATA[ | |||
| file name: kotlin-stdlib-common-1.4.10.jar | |||
| ]]></notes> | |||
| <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib(\-common)?@1.4.10$</packageUrl> | |||
| <cve>CVE-2020-15824</cve> | |||
| </suppress> | |||
| <!-- False Positive: The CVE is for hazelcast:1.8.0 not hazelcast-client-protocol --> | |||
| <suppress> | |||
| <notes><![CDATA[ | |||
| file name: hazelcast-3.12.9.jar (shaded: com.hazelcast:hazelcast-client-protocol:1.8.0) | |||
| ]]></notes> | |||
| <packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast\-client\-protocol@.*$</packageUrl> | |||
| <cve>CVE-2016-10750</cve> | |||
| </suppress> | |||
| <suppress> | |||
| <notes><![CDATA[ | |||
| file name: d3-zoom:1.7.3 | |||
| ]]></notes> | |||
| <packageUrl regex="true">^pkg:npm/d3\-zoom@.*$</packageUrl> | |||
| <cpe>cpe:/a:zoom:zoom</cpe> | |||
| </suppress> | |||
| <suppress> | |||
| <notes><![CDATA[ | |||
| file name: dompurify:1.0.11 | |||
| ]]></notes> | |||
| <packageUrl regex="true">^pkg:npm/dompurify@.*$</packageUrl> | |||
| <cve>CVE-2019-16728</cve> | |||
| <vulnerabilityName>CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</vulnerabilityName> | |||
| </suppress> | |||
| <suppress> | |||
| <notes><![CDATA[ | |||
| file name: lodash:4.17.11 | |||
| ]]></notes> | |||
| <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl> | |||
| <cve>CVE-2019-10744</cve> | |||
| <cve>CVE-2020-8203</cve> | |||
| <vulnerabilityName>CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</vulnerabilityName> | |||
| </suppress> | |||
| </suppressions> | |||
Loading…