Skip to content

Commit 9a24b8f

Browse files
jframejframe
committed
Suppress warning for CVE-2023-35116 as there is no fix for this issue and it is not considered a CVE according to discussion in FasterXML/jackson-databind#3972 
1 parent 38e6e4d commit 9a24b8f

File tree

1 file changed

+3
-7
lines changed

1 file changed

+3
-7
lines changed

gradle/owasp-suppression.xml

+3-7
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,11 @@
11
<?xml version="1.0" encoding="UTF-8"?>
22
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
33
<!-- See https://jeremylong.github.io/DependencyCheck/general/suppression.html for examples -->
4-
54
<suppress>
65
<notes><![CDATA[
7-
Suppress false positive for CVE-2020-8908 as it is only applicable for versions up to 30.0. We use 31.1.
8-
Our code does not use com.google.common.io.Files.createTempDir() as well.
9-
- https://nvd.nist.gov/vuln/detail/cve-2020-8908
10-
- https://github.com/jeremylong/DependencyCheck/issues/5526
11-
- https://github.com/google/guava/issues/4011
6+
Suppress CVE-2023-35116 as this is not considered a CVE according to discussion in https://github.com/FasterXML/jackson-databind/issues/3972
127
]]></notes>
13-
<cve>CVE-2020-8908</cve>
8+
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
9+
<vulnerabilityName>CVE-2023-35116</vulnerabilityName>
1410
</suppress>
1511
</suppressions>

0 commit comments

Comments
 (0)