This is an automated email from the ASF dual-hosted git repository.
kfaraz pushed a commit to branch 24.0.1
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/24.0.1 by this push:
new 1f4d892c9a Suppress jackson-databind CVE-2022-42003 and CVE-2022-42004
1f4d892c9a is described below
commit 1f4d892c9a2dbc3ce6df1481fd4c6d242ba0ea8d
Author: Kashif Faraz <[email protected]>
AuthorDate: Thu Oct 20 21:37:25 2022 +0530
Suppress jackson-databind CVE-2022-42003 and CVE-2022-42004
---
owasp-dependency-check-suppressions.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index f3bb997550..79e13c6333 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -88,6 +88,17 @@
<packageUrl
regex="true">^pkg:maven/net\.minidev/accessors\-smart@.*$</packageUrl>
<cve>CVE-2021-27568</cve>
</suppress>
+ <suppress>
+ <!--
+ Suppressing for patch release 24.0.1
+ -->
+ <notes><![CDATA[
+ file name: jackson-databind-2.10.5.1.jar
+ ]]></notes>
+ <packageUrl
regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+ <cve>CVE-2022-42003</cve>
+ <cve>CVE-2022-42004</cve>
+ </suppress>
<suppress>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
