This is an automated email from the ASF dual-hosted git repository.
capistrant pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new a05c1a79b07 Suppress grpc cve that is a false positive picked up by
scanner. This CVE applies to the grpc cpp libs not java (#18361)
a05c1a79b07 is described below
commit a05c1a79b07710945163122d69a88b2f97026daf
Author: Lucas Capistrant <[email protected]>
AuthorDate: Mon Aug 4 09:08:36 2025 -0500
Suppress grpc cve that is a false positive picked up by scanner. This CVE
applies to the grpc cpp libs not java (#18361)
---
owasp-dependency-check-suppressions.xml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index 6476c18b579..7ea810a6d79 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -753,4 +753,11 @@
]]></notes>
<vulnerabilityName>CVE-2024-45772</vulnerabilityName>
</suppress>
+
+ <suppress>
+ <notes><![CDATA[
+ file name: grpc-core-1.65.1.jar
+ ]]></notes>
+ <vulnerabilityName>CVE-2024-11407</vulnerabilityName> <!-- This CVE is a
false positive for java. The CVE is related to their cpp library, not java -->
+ </suppress>
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
