forked from openanalytics/shinyproxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
owasp-suppression.xml
81 lines (70 loc) · 2.71 KB
/
owasp-suppression.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<!--
https://nvd.nist.gov/vuln/detail/CVE-2018-1258
Vulnerability only applies when using spring-framework 5.0.5 -> we are not using that version.
-->
<suppress>
<!-- <notes><![CDATA[-->
<!-- file name: spring-security-ldap-5.3.9.RELEASE.jar-->
<!-- ]]></notes>-->
<!-- <packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-ldap@.*$</packageUrl>-->
<cve>CVE-2018-1258</cve>
</suppress>
<!--
https://nvd.nist.gov/vuln/detail/CVE-2021-22112
Only applies if using Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE,
we are using 5.3.9.
-->
<suppress>
<notes><![CDATA[
file name: spring-security-jwt-1.1.1.RELEASE.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-jwt@.*$</packageUrl>
<cve>CVE-2021-22112</cve>
</suppress>
<!--
https://nvd.nist.gov/vuln/detail/CVE-2020-14359
Only applies to Keycloak-gatekeeper not the keycloak libraries.
-->
<suppress>
<cve>CVE-2020-14359</cve>
</suppress>
<!--
https://nvd.nist.gov/vuln/detail/CVE-2020-8908
Only applies if using com.google.common.io.Files.createTempDir().
We are not using this function directly. We are dependent on our library to remove the usage of this method.
(the method is not fixed/removed from Guava so updating has no influence)
-->
<suppress>
<cve>CVE-2020-8908</cve>
</suppress>
<!--
https://nvd.nist.gov/vuln/detail/CVE-2020-8554
Only applies to Kubernetes API server not the kubernetes libraries.
-->
<suppress>
<cve>CVE-2020-8554</cve>
</suppress>
<!--
Only applies to the official Kubernetes Java client, not the client from fabric8io we are using.
-->
<suppress>
<cve>CVE-2020-8570</cve>
</suppress>
<!--
https://nvd.nist.gov/vuln/detail/CVE-2021-29425
Only applies to Apache Commons IO before 2.7, but we are using 2.7. (however somewhere this version is referred).
-->
<suppress>
<sha1>7e39112810f6096061c43504188d18edc7d7eece</sha1>
<cve>CVE-2021-29425</cve>
</suppress>
<!--
https://tanzu.vmware.com/security/cve-2015-5258
Only applies to springframework-social before 1.1.3, but we are using 1.1.6 (however somewhere this version is referred).
-->
<suppress>
<cve>CVE-2015-5258</cve>
</suppress>
</suppressions>