Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Suppress CVEs for Solr and org.codehaus.jackson (#11030) 

* Suppress CVEs for Solr and org.codehaus.jackson

* add a comment
This commit is contained in:
Jihoon Son 2021-03-24 16:44:05 -07:00 committed by GitHub
parent d69533dbd9
commit efc5d7d112
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
owasp-dependency-check-suppressions.xml
View File

@ -315,4 +315,25 @@
]]></notes>
<cve>CVE-2020-13936</cve>
</suppress>
<suppress>
<!-- (ranger, ambari, and aliyun-oss) these vulnerabilities are legit, but their latest releases still use the vulnerable jackson version -->
<notes><![CDATA[
file name: jackson-xc-1.9.x.jar or jackson-jaxrs-1.9.x.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson-(xc|jaxrs)@1.9.*$</packageUrl>
<cve>CVE-2018-14718</cve>
<cve>CVE-2018-7489</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: solr-solrj-7.7.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.solr/solr-solrj@7.7.1$</packageUrl>
<cve>CVE-2020-13957</cve>
<cve>CVE-2019-17558</cve>
<cve>CVE-2019-0193</cve>
<cve>CVE-2020-13941</cve>
</suppress>
</suppressions>