This is an automated email from the ASF dual-hosted git repository.
suneet pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 2f28be3 Suppress CVE-2020-7692 (#10214)
2f28be3 is described below
commit 2f28be3f2aad2e2dc09e5506cb06e86a214c3ef0
Author: Suneet Saldanha <[email protected]>
AuthorDate: Mon Jul 27 10:52:44 2020 -0700
Suppress CVE-2020-7692 (#10214)
Druid is not a native app, so this CVE should not apply.
---
owasp-dependency-check-suppressions.xml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index f2b0631..304606e 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -191,6 +191,13 @@
<vulnerabilityName>CWE-400: Uncontrolled Resource Consumption ('Resource
Exhaustion')</vulnerabilityName>
</suppress>
<suppress>
+ <notes><![CDATA[
+ Druid is not a native app, so the vulnerability flagged is a false
positive.
+ ]]></notes>
+ <packageUrl
regex="true">^pkg:maven/com\.google\.oauth-client/google\-oauth\-client@.*$</packageUrl>
+ <cve>CVE-2020-7692</cve>
+ </suppress>
+ <suppress>
<!--
~ TODO: Fix when Apache Ranger 2.1 is released
-->
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
