mirror of https://github.com/apache/druid.git
Suppress CVE-2020-7692 (#10214)
Druid is not a native app, so this CVE should not apply.
This commit is contained in:
parent
79dffefbf8
commit
2f28be3f2a
|
@ -190,6 +190,13 @@
|
||||||
<packageUrl regex="true">^pkg:npm/node\-sass@.*$</packageUrl>
|
<packageUrl regex="true">^pkg:npm/node\-sass@.*$</packageUrl>
|
||||||
<vulnerabilityName>CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')</vulnerabilityName>
|
<vulnerabilityName>CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')</vulnerabilityName>
|
||||||
</suppress>
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<notes><![CDATA[
|
||||||
|
Druid is not a native app, so the vulnerability flagged is a false positive.
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/com\.google\.oauth-client/google\-oauth\-client@.*$</packageUrl>
|
||||||
|
<cve>CVE-2020-7692</cve>
|
||||||
|
</suppress>
|
||||||
<suppress>
|
<suppress>
|
||||||
<!--
|
<!--
|
||||||
~ TODO: Fix when Apache Ranger 2.1 is released
|
~ TODO: Fix when Apache Ranger 2.1 is released
|
||||||
|
|
Loading…
Reference in New Issue