forked from espoon-voltti/evaka
-
Notifications
You must be signed in to change notification settings - Fork 0
/
owasp-suppressions.xml
56 lines (53 loc) · 2.3 KB
/
owasp-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?xml version="1.0" encoding="UTF-8"?>
<!--
SPDX-FileCopyrightText: 2017-2020 City of Espoo
SPDX-License-Identifier: LGPL-2.1-or-later
-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.
]]></notes>
<cve>CVE-2023-38286</cve>
</suppress>
<suppress>
<notes><![CDATA[
Hostname verification is not enabled by default in Netty 4.x. AWS SDK v2 uses Netty 4.x, but explicitly enables hostname verification.
]]></notes>
<cve>CVE-2023-4586</cve>
</suppress>
<suppress>
<notes><![CDATA[
Misidentification. The checkstyle reporter for Ktlint version x.y is not the same as the actual checkstyle library version x.y.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.pinterest\.ktlint/ktlint\-cli\-reporter\-checkstyle@.*$</packageUrl>
<cpe>cpe:/a:checkstyle:checkstyle</cpe>
</suppress>
<suppress>
<notes><![CDATA[
Misidentification
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat-jaspic-api@10\.1\.26$</packageUrl>
<cpe>cpe:/a:apache:tomcat:3.0</cpe>
</suppress>
<suppress>
<notes><![CDATA[
Misidentification
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat-jsp-api@10\.1\.26$</packageUrl>
<cpe>cpe:/a:apache:tomcat:3.1</cpe>
</suppress>
<suppress>
<notes><![CDATA[
Misidentification: flyway-database-postgresql != postgresql
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.flywaydb/flyway\-database\-postgresql@.*$</packageUrl>
<cpe>cpe:/a:postgresql:postgresql</cpe>
</suppress>
<suppress>
<notes><![CDATA[
This vulnerability only affects "simple query mode", which is not the default and we don't use it.
]]></notes>
<cve>CVE-2024-1597</cve>
</suppress>
</suppressions>