File tree Expand file tree Collapse file tree 1 file changed +6
-24
lines changed
Expand file tree Collapse file tree 1 file changed +6
-24
lines changed Original file line number Diff line number Diff line change 11<?xml version =" 1.0" encoding =" UTF-8"
22<suppressions xmlns =" https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
3+ <!-- False positive matches of non-dependencies. These do not need monthly review. -->
34 <suppress >
45 <notes ><![CDATA[
56 This suppresses a false positive CPE match
910 </suppress >
1011 <suppress >
1112 <notes ><![CDATA[
12- The client libraries do not use Jackson with the UNWRAP_SINGLE_VALUE_ARRAYS feature enabled
13- ]]> </notes >
14- <packageUrl regex =" true" packageUrl >
15- <cve >CVE-2022-42003</cve >
16- </suppress >
17- <suppress >
18- <notes ><![CDATA[
19- The client libraries are not vulnerable to this deserialization bug in Jackson
13+ Payara is not a dependency of ESS
2014 ]]> </notes >
21- <packageUrl regex =" true" com\.fasterxml\.jackson\.core/jackson\-databind @.*$</packageUrl >
22- <cve >CVE-2022-42004</ cve >
15+ <packageUrl regex =" true" org\.eclipse\.microprofile\.config/microprofile\-config\-api @.*$</packageUrl >
16+ <cpe >cpe:/a:payara:payara</ cpe >
2317 </suppress >
18+
19+ <!-- Suppressed vulnerabilities. These need monthly review. -->
2420 <suppress >
2521 <notes ><![CDATA[
2622 CWE-121 Stack-based Buffer Overflow,
2925 <packageUrl regex =" true" packageUrl >
3026 <cve >CVE-2023-35116</cve >
3127 </suppress >
32- <suppress >
33- <notes ><![CDATA[
34- Payara is not a dependency of ESS
35- ]]> </notes >
36- <packageUrl regex =" true" packageUrl >
37- <cpe >cpe:/a:payara:payara</cpe >
38- </suppress >
39- <suppress >
40- <notes ><![CDATA[
41- This vulnerability does not affect the client code
42- ]]> </notes >
43- <packageUrl regex =" true" packageUrl >
44- <cve >CVE-2022-41881</cve >
45- </suppress >
4628</suppressions >
You can’t perform that action at this time.
0 commit comments