This repository has been archived by the owner on Feb 7, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nvd_suppressions.xml
79 lines (75 loc) · 2.78 KB
/
nvd_suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<!-- This is an automatically generated config file by nvd-clojure. -->
<!-- Feel free to tweak it, version-control it and remove any comment. -->
<!-- You can find suppression examples in https://jeremylong.github.io/DependencyCheck/general/suppression.html -->
<!-- Axis-vulnerabilities: These affect when using it as a server,
we use it as a client to communicate with a trusted party (suomi.fi)-->
<suppress>
<notes><![CDATA[
file name: axis-1.4.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.axis/axis@.*$</packageUrl>
<cve>CVE-2019-0227</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: axis-1.4.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.axis/axis@.*$</packageUrl>
<cve>CVE-2018-8032</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: axis-1.4.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.axis/axis@.*$</packageUrl>
<cve>CVE-2012-5784</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: axis-1.4.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.axis/axis@.*$</packageUrl>
<cve>CVE-2014-3596</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: axis-1.4.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.axis/axis@.*$</packageUrl>
<vulnerabilityName>CVE-2007-2353</vulnerabilityName>
</suppress>
<!-- ServiceFactory.getService is vulnerable. We don't use it. -->
<suppress>
<notes><![CDATA[
file name: axis-1.4.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.axis/axis@.*$</packageUrl>
<vulnerabilityName>CVE-2023-40743</vulnerabilityName>
</suppress>
<!-- CVE itself is false -->
<suppress>
<notes><![CDATA[
file name: jackson-databind-2.14.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2023-35116</cve>
</suppress>
<!-- CVE is completely unrelated to commons-discovery -->
<suppress>
<notes><![CDATA[
file name: commons-discovery-0.5.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/commons\-discovery/commons\-discovery@.*$</packageUrl>
<cve>CVE-2022-0869</cve>
</suppress>
<!-- OpenSAML C++, not Java -->
<suppress>
<notes><![CDATA[
file name: opensaml-2.5.1-1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.opensaml/opensaml@.*$</packageUrl>
<cve>CVE-2017-16853</cve>
</suppress>
</suppressions>