Skip to content

Commit

Permalink
Remove Jackson CVE supression. Suppress more graalvm warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
@barchetta
barchetta committed Nov 8, 2024
1 parent 019f9c8 commit 4c46cac
Showing 1 changed file with 29 additions and 15 deletions.
44 changes: 29 additions & 15 deletions etc/dependency-check-suppression.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,21 +84,6 @@ https://github.com/jeremylong/DependencyCheck/issues/7019
<vulnerabilityName>CVE-2023-22006</vulnerabilityName>
</suppress>

<!--
This CVE is being disputed by the Jackson project and the community seems in agreement that this
CVE should be rejected. We are suppressing this for now to reduce noise in our scan and will
continue to monitor progress.
https://nvd.nist.gov/vuln/detail/CVE-2023-35116
https://github.com/FasterXML/jackson-databind/issues/3972
-->
<suppress>
<notes><![CDATA[
file name: jackson-databind-2.15.2.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2023-35116</cve>
</suppress>

<!--
This is a FP. We have upgrade jgit to a fixed version, but it is still getting flagged.
Probably due to the funky version string used by jgit. See
Expand Down Expand Up @@ -174,5 +159,34 @@ https://github.com/jeremylong/DependencyCheck/issues/7019
<packageUrl regex="true">^pkg:maven/org\.graalvm\.compiler/compiler@.*$</packageUrl>
<vulnerabilityName>CVE-2024-21138</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: compiler-21.3.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.graalvm\.compiler/compiler@.*$</packageUrl>
<vulnerabilityName>CVE-2024-21235</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: graal-sdk-21.3.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.graalvm\.sdk/graal-sdk@.*$</packageUrl>
<vulnerabilityName>CVE-2024-21235</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: graal-sdk-21.3.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.graalvm\.sdk/graal-sdk@.*$</packageUrl>
<vulnerabilityName>CVE-2024-21094</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: graal-sdk-21.3.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.graalvm\.sdk/graal-sdk@.*$</packageUrl>
<vulnerabilityName>CVE-2023-22045</vulnerabilityName>
</suppress>


</suppressions>

0 comments on commit 4c46cac

Please sign in to comment.