1234567891011121314151617181920212223242526272829303132333435 |
- <?xml version="1.0" encoding="UTF-8"?>
- <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-
- <suppress>
- <!--
- Vulnerabilities in the SWIFT analyzer.
- See https://jira.sonarsource.com/browse/SONARSWIFT-451
- -->
- <filePath regex="true">.*sonar-swift-plugin-4\.2.*\.jar.*</filePath>
- <vulnerabilityName>Remote code execution</vulnerabilityName>
- <cve>CVE-2015-6420</cve>
- <cve>CVE-2017-15708</cve>
- </suppress>
-
- <suppress>
- <!--
- The version of Netty packaged with Elasticsearch 6.8.x suffers from a few vulnerabilities.
- The latter are considered as low risk by the Elastic team. Upgrading Netty in Elasticsearch 6.8.x
- is not planned. See https://github.com/elastic/elasticsearch/issues/49396
- -->
- <packageUrl regex="true">^pkg:maven/io\.netty/netty-.*@4\.1\.32.*$</packageUrl>
- <cve>CVE-2019-16869</cve>
- <cve>CVE-2019-20444</cve>
- <cve>CVE-2019-20445</cve>
- <cve>CVE-2020-11612</cve>
- </suppress>
-
- <suppress>
- <!--
- AssertJ should not be bundled with the Kotlin analyzer. Should be fixed in 1.6.
- -->
- <filePath regex="true">.*sonar-kotlin-plugin-1\.5.*\.jar.*</filePath>
- <vulnerabilityName>CWE-476: NULL Pointer Dereference</vulnerabilityName>
- </suppress>
- </suppressions>
|