Skip to content

Commit

Permalink
Add CVE supression
Browse files Browse the repository at this point in the history
  • Loading branch information
Rawa committed Nov 17, 2023
1 parent f2f1729 commit 4d91843
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions android/config/dependency-check-suppression.xml
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,13 @@
<packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio@.*$</packageUrl>
<cve>CVE-2023-3635</cve>
</suppress>
<suppress>
<notes><![CDATA[
This CVE only affect programs using loadXML and is derived from using ksp.
We do not use the loadXML, ksp is used to generate navigation paths in our code
and not for processesing any user input.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.devtools\.ksp/symbol\-processing.*@.*$</packageUrl>
<cve>CVE-2018-1000840</cve>
</suppress>
</suppressions>

0 comments on commit 4d91843

Please sign in to comment.