Suppress CVE-2020-7692 (#10214)

Druid is not a native app, so this CVE should not apply.
This commit is contained in:
Suneet Saldanha 2020-07-27 10:52:44 -07:00 committed by GitHub
parent 79dffefbf8
commit 2f28be3f2a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions

View File

@ -190,6 +190,13 @@
<packageUrl regex="true">^pkg:npm/node\-sass@.*$</packageUrl> <packageUrl regex="true">^pkg:npm/node\-sass@.*$</packageUrl>
<vulnerabilityName>CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')</vulnerabilityName> <vulnerabilityName>CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')</vulnerabilityName>
</suppress> </suppress>
<suppress>
<notes><![CDATA[
Druid is not a native app, so the vulnerability flagged is a false positive.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.oauth-client/google\-oauth\-client@.*$</packageUrl>
<cve>CVE-2020-7692</cve>
</suppress>
<suppress> <suppress>
<!-- <!--
~ TODO: Fix when Apache Ranger 2.1 is released ~ TODO: Fix when Apache Ranger 2.1 is released