Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Suppress CVE-2020-7692 (#10214) 

Druid is not a native app, so this CVE should not apply.
This commit is contained in:
Suneet Saldanha 2020-07-27 10:52:44 -07:00 committed by GitHub
parent 79dffefbf8
commit 2f28be3f2a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
owasp-dependency-check-suppressions.xml
View File

@ -190,6 +190,13 @@
<packageUrl regex="true">^pkg:npm/node\-sass@.*$</packageUrl>
<vulnerabilityName>CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
Druid is not a native app, so the vulnerability flagged is a false positive.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.oauth-client/google\-oauth\-client@.*$</packageUrl>
<cve>CVE-2020-7692</cve>
</suppress>
<suppress>
<!--
~ TODO: Fix when Apache Ranger 2.1 is released