Suppress CVEs for jackson-mapper-asl:1.9.13 (#9604)

The jackson-mapper-asl:1.9.13 CVEs via curator-x-discovery are all suppressed for now as fixing them requires updating the curator version.
2020-04-03 10:33:52 -07:00 · 2020-04-03 10:33:52 -07:00 · b5419962f0
parent 1852bf33ea
commit b5419962f0
1 changed files with 2 additions and 11 deletions
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@ -122,17 +122,8 @@
    <notes><![CDATA[
   file name: jackson-mapper-asl-1.9.13.jar
   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl>
-    <cve>CVE-2017-7525</cve>
-    <cve>CVE-2017-15095</cve>
-    <cve>CVE-2017-17485</cve>
-    <cve>CVE-2018-5968</cve>
-    <cve>CVE-2018-7489</cve>
-    <cve>CVE-2018-14718</cve>
-    <cve>CVE-2019-10172</cve>
-    <cve>CVE-2019-14540</cve>
-    <cve>CVE-2019-16335</cve>
-    <cve>CVE-2019-17267</cve>
+    <packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@1.9.13$</packageUrl>
+    <cvssBelow>10</cvssBelow>  <!-- suppress all CVEs for jackson-mapper-asl:1.9.13 ince it is via curator-x-discovery -->
  </suppress>
  <suppress>
    <!-- TODO: Fix by updating org.apache.druid.java.util.http.client.NettyHttpClient to use netty 4 -->