This is an automated email from the ASF dual-hosted git repository.
ddiederen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 5f3b3d6738 ZOOKEEPER-4755: owaspSuppressions.xml: Temporarily suppress
CVE-2023-4586
5f3b3d6738 is described below
commit 5f3b3d673891b32742bd9895f320181c8487ab53
Author: Damien Diederen <[email protected]>
AuthorDate: Tue Oct 3 18:05:42 2023 +0000
ZOOKEEPER-4755: owaspSuppressions.xml: Temporarily suppress CVE-2023-4586
CVE-2023-4586 looks like a real vulnerability in Netty, but no report or
patch has been published so far. This has to be monitored and will probably
have to be remediated.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586
Relevant discussion and pointers:
https://github.com/jeremylong/DependencyCheck/issues/5912#issuecomment-1699387994
Author: Damien Diederen <[email protected]>
Reviewers: Andor Molnar <[email protected]>, Damien Diederen
<[email protected]>
Closes #2075 from ztzg/ZOOKEEPER-4755-netty-CVE-2023-4586
---
owaspSuppressions.xml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index 0c09a096f7..9a18c5fb2b 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -38,6 +38,13 @@
<!-- https://github.com/jeremylong/DependencyCheck/issues/1653
False positive on Netty 4.x-->
<cve>CVE-2018-12056</cve>
+ <!-- ZOOKEEPER-4755: looks like a real vulnerability in Netty,
+ but no report or patch has been published so far. This has
+ to be monitored and will probably have to be remediated.
+
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586
+ -->
+ <cve>CVE-2023-4586</cve>
</suppress>
<suppress>
<!-- Seems like false positive - we are not using Prometheus
