This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 2391336 [owasp] suppress false positive Avro CVE-2021-43045 (#13764)
2391336 is described below
commit 239133670b927741d673e26ad2810b01c6bab8bd
Author: Nicolò Boschi <[email protected]>
AuthorDate: Fri Jan 14 23:57:34 2022 +0100
[owasp] suppress false positive Avro CVE-2021-43045 (#13764)
---
src/owasp-dependency-check-false-positives.xml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/owasp-dependency-check-false-positives.xml
b/src/owasp-dependency-check-false-positives.xml
index 6cc464e..7b945a2 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -47,6 +47,11 @@
<gav regex="true">org\.apache\.avro:.*</gav>
<cve>CVE-2019-17195</cve>
</suppress>
+ <suppress>
+ <notes>CVE-2021-43045 affects only .NET distro, see
https://github.com/apache/avro/pull/1357</notes>
+ <gav regex="true">org\.apache\.avro:.*</gav>
+ <cve>CVE-2021-43045</cve>
+ </suppress>
<suppress base="true">
<notes><