-
Notifications
You must be signed in to change notification settings - Fork 0
/
owasp-suppressions.xml
95 lines (84 loc) · 3.61 KB
/
owasp-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: wiquery-jquery-ui-9.0.0.jar: jquery-ui.js
We do not include jquery-ui radiobox in our codebose. Only jquery-ui datepicker is included.
]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery\-ui@.*$</packageUrl>
<cve>CVE-2022-31160</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: select2-bootstrap-5-theme-1.3.0.jar
We use select2 4.0.13 ; issues relates to select2 <= 4.0.5.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.webjars\.npm/select2\-bootstrap\-5\-theme@.*$</packageUrl>
<cve>CVE-2016-10744</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jackson-databind-2.14.1.jar
This vulnerability is a DOS when serializing cyclic objects. It is not reachable by external attackers.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2023-35116</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: spring-security-crypto-5.8.0.jar
This is a dependency verison mismatch. Only spring-security < 5.3.3 is affected.
Encryptors.queryableText is not used.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
<vulnerabilityName>CVE-2020-5408</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: spring-web-5.3.24.jar
This vulnerability implies httpinvoker usage. We do not use httpinvoker.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework/spring\-web@.*$</packageUrl>
<cve>CVE-2016-1000027</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: wicket-core-9.12.0.jar: jquery-1.12.4.js
This is a dependency version mismatch. We use jquery 3.6 that is not affected by vulnerability.
]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<cve>CVE-2015-9251</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: wicket-core-9.12.0.jar: jquery-1.12.4.js
This is a dependency version mismatch. We use jquery 3.6 that is not affected by vulnerability.
]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<cve>CVE-2019-11358</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: wicket-core-9.12.0.jar: jquery-1.12.4.js
This is a dependency version mismatch. We use jquery 3.6 that is not affected by vulnerability.
]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<cve>CVE-2020-11022</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: wicket-core-9.12.0.jar: jquery-1.12.4.js
This is a dependency version mismatch. We use jquery 3.6 that is not affected by vulnerability.
]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<cve>CVE-2020-11023</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: wicket-core-9.12.0.jar: jquery-1.12.4.js
This is a dependency version mismatch. We use jquery 3.6 that is not affected by vulnerability.
]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<vulnerabilityName>jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates</vulnerabilityName>
</suppress>
</suppressions>