Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

suppress cve (#16997)

This commit is contained in:
Laksh Singla 2024-09-04 19:37:23 +05:30 committed by GitHub
parent e28424ea25
commit b698440bfe
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
owasp-dependency-check-suppressions.xml
View File

@ -699,4 +699,13 @@
]]></notes>
<vulnerabilityName>CVE-2024-25638</vulnerabilityName>
</suppress>
<suppress>
<!-- The CVE is also not applicable to xz-java because it does not implement xzgrep and therefore is not vulnerable
~ to the filename validation problem. Druid does not use xzgrep but this CVE is popping up because the CPE matches the
~ Java package too. -->
<notes><![CDATA[
file name: xz-1.9.jar
]]></notes>
<vulnerabilityName>CVE-2022-1271</vulnerabilityName>
</suppress>
</suppressions>