This is an automated email from the ASF dual-hosted git repository.
abhishek pushed a commit to branch 0.23.0
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.23.0 by this push:
new 7b62bb9046 CVE suppression (#12535) (#12543)
7b62bb9046 is described below
commit 7b62bb9046920604c2908422593b355bd69e7ac5
Author: AmatyaAvadhanula <[email protected]>
AuthorDate: Thu May 19 18:08:56 2022 +0530
CVE suppression (#12535) (#12543)
---
owasp-dependency-check-suppressions.xml | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index 5abf35737f..05e4517831 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -300,6 +300,11 @@
<cve>CVE-2019-20445</cve>
<cve>CVE-2021-37136</cve>
<cve>CVE-2021-37137</cve>
+ <cve>CVE-2021-4104</cve>
+ <cve>CVE-2020-9493</cve>
+ <cve>CVE-2022-23307</cve>
+ <cve>CVE-2022-23305</cve>
+ <cve>CVE-2022-23302</cve>
</suppress>
<suppress>
<!--
@@ -383,6 +388,7 @@
<cve>CVE-2021-29943</cve>
<cve>CVE-2021-27905</cve>
<cve>CVE-2021-29262</cve>
+ <cve>CVE-2021-44548</cve>
</suppress>
<suppress>
@@ -482,4 +488,29 @@
<cve>CVE-2021-43138</cve>
</suppress>
+ <suppress>
+ <!-- Jackson CVEs when processing objects of large depth. Consider
updating -->
+ <notes><![CDATA[
+ file name: *jackson-*.jar
+ ]]></notes>
+ <cve>CVE-2020-36518</cve>
+ </suppress>
+
+ <suppress>
+ <!-- Non-applicable CVE for gson -->
+ <notes><![CDATA[
+ file name: gson-*.jar
+ ]]></notes>
+ <cve>CVE-2022-25647</cve>
+ </suppress>
+
+ <suppress>
+ <!-- Non-applicable CVE for jedis, since we don't use lua scripts -->
+ <notes><![CDATA[
+ file name: jedis-2.9.0.jar
+ ]]></notes>
+ <cve>CVE-2021-32626</cve>
+ <cve>CVE-2022-24735</cve>
+ </suppress>
+
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
