-
Notifications
You must be signed in to change notification settings - Fork 3
/
.grype.yaml
94 lines (90 loc) · 3.09 KB
/
.grype.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# see https://github.com/anchore/grype#specifying-matches-to-ignore
ignore:
# CVE-2022-21511; CVE-2022-21510:
# - https://www.oracle.com/security-alerts/cpujul2022.html
# - https://github.com/anchore/grype/issues/1186
- vulnerability: CVE-2022-21511
package:
name: xdb
- vulnerability: CVE-2022-21511
package:
name: xmlparserv2
- vulnerability: CVE-2022-21511
package:
name: ojdbc10
- vulnerability: CVE-2022-21510
package:
name: xdb
- vulnerability: CVE-2022-21510
package:
name: xmlparserv2
- vulnerability: CVE-2022-21510
package:
name: ojdbc10
# CVE-2011-5034, CVE-2008-0732, CVE-2006-0254
# - https://issues.apache.org/jira/browse/GERONIMO-6814
# - https://github.com/anchore/grype/issues/1071
- vulnerability: CVE-2011-5034
package:
name: geronimo-jms_1.1_spec
- vulnerability: CVE-2011-5034
package:
name: geronimo-j2ee-management_1.1_spec
- vulnerability: CVE-2011-5034
package:
name: geronimo-j2ee-management_1.0_spec
- vulnerability: CVE-2008-0732
package:
name: geronimo-jms_1.1_spec
- vulnerability: CVE-2008-0732
package:
name: geronimo-j2ee-management_1.1_spec
- vulnerability: CVE-2008-0732
package:
name: geronimo-j2ee-management_1.0_spec
- vulnerability: CVE-2006-0254
package:
name: geronimo-j2ee-management_1.0_spec
# - https://github.com/anchore/grype/issues/431
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-util (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-transport-http (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-transport-file (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-transport-classpath (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-spi (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-named-locks (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-impl (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-connector-basic (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-api (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-ant-tasks (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-provider (maven-resolver-ant-tasks-1.4.0-uber.jar)
- vulnerability: CVE-2021-26291
package:
name: maven-resolver-impl (maven-resolver-ant-tasks-1.4.0-uber.jar)
# CVE-2020-1945 is about Apache Ant itself, not about the ant-crontib.jar
# marked packages:
# - ant-contrib.jar
- vulnerability: CVE-2020-1945
package:
name: ant-contrib