mirror of https://github.com/apache/druid.git
Suppress CVEs (#14648)
CVE-2023-34462 - (Allows malicious allocation of resources without throttling) Not applicable as the Netty requests in Druid are internal, and not user facing. CVE-2016-2402 - (Man in the middle with okhttp by sending certificate chains) Not applicable as okhttp requests in Druid are also internal
This commit is contained in:
parent
2f9619a96f
commit
6566bda57c
|
@ -230,6 +230,7 @@
|
||||||
<cve>CVE-2021-43797</cve> <!-- We don't decode user HTTP requests nor forward them to remote systems, we also don't support for java 6 or lower - https://github.com/advisories/GHSA-wx5j-54mm-rqqq -->
|
<cve>CVE-2021-43797</cve> <!-- We don't decode user HTTP requests nor forward them to remote systems, we also don't support for java 6 or lower - https://github.com/advisories/GHSA-wx5j-54mm-rqqq -->
|
||||||
<cve>CVE-2022-24823</cve> <!-- We don't decode user HTTP requests nor forward them to remote systems, we also don't support for java 6 or lower - https://github.com/advisories/GHSA-269q-hmxg-m83q -->
|
<cve>CVE-2022-24823</cve> <!-- We don't decode user HTTP requests nor forward them to remote systems, we also don't support for java 6 or lower - https://github.com/advisories/GHSA-269q-hmxg-m83q -->
|
||||||
<cve>CVE-2022-41881</cve>
|
<cve>CVE-2022-41881</cve>
|
||||||
|
<cve>CVE-2023-34462</cve> <!-- Suppressed since netty requests in Druid are internal, and not user-facing -->
|
||||||
</suppress>
|
</suppress>
|
||||||
<suppress>
|
<suppress>
|
||||||
<!-- TODO: Fix by upgrading hadoop-auth version -->
|
<!-- TODO: Fix by upgrading hadoop-auth version -->
|
||||||
|
@ -688,6 +689,7 @@
|
||||||
file name: okhttp-*.jar
|
file name: okhttp-*.jar
|
||||||
]]></notes>
|
]]></notes>
|
||||||
<cve>CVE-2021-0341</cve>
|
<cve>CVE-2021-0341</cve>
|
||||||
|
<cve>CVE-2016-2402</cve> <!-- Suppressed since okhttp requests in Druid are internal, and not user-facing -->
|
||||||
</suppress>
|
</suppress>
|
||||||
|
|
||||||
<suppress>
|
<suppress>
|
||||||
|
|
Loading…
Reference in New Issue