Skip to content

Commit

Permalink
Suppression of invalid CVE warning. (#1138)
Browse files Browse the repository at this point in the history 
* Suppression of invalid CVE warning.

* Further suppressions
  • Loading branch information
@davidsloan
davidsloan authored Apr 12, 2024
1 parent ad5507a commit 2a9ed77
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions suppression.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,4 +73,34 @@
<packageUrl regex="true">^pkg:maven/com\.azure/azure\-identity@.*$</packageUrl>
<cpe>cpe:/a:microsoft:azure_cli</cpe>
</suppress>

<!--This CVE is not valid, verified by the project author.
https://github.com/JodaOrg/joda-time/issues/780
-->
<suppress>
<notes><![CDATA[
file name: kafka-connect-common-assembly-6.4-SNAPSHOT.jar (shaded: joda-time:joda-time:2.10.8)
]]></notes>
<packageUrl regex="true">^pkg:maven/joda\-time/joda\-time@.*$</packageUrl>
<vulnerabilityName>CVE-2024-23080</vulnerabilityName>
</suppress>

<!-- Similar to the above, there seems to be insufficient evidence for this one
https://vulners.com/cve/CVE-2024-23081
https://vulners.com/cve/CVE-2024-23082
-->
<suppress>
<notes><![CDATA[
file name: kafka-connect-gcp-storage-assembly-6.4-SNAPSHOT.jar (shaded: org.threeten:threetenbp:1.6.8)
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.threeten/threetenbp@.*$</packageUrl>
<vulnerabilityName>CVE-2024-23081</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: kafka-connect-gcp-storage-assembly-6.4-SNAPSHOT.jar (shaded: org.threeten:threetenbp:1.6.8)
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.threeten/threetenbp@.*$</packageUrl>
<vulnerabilityName>CVE-2024-23082</vulnerabilityName>
</suppress>
</suppressions>

0 comments on commit 2a9ed77

Please sign in to comment.