Skip to content

Commit

Permalink
[owasp] Suppress ZooKeeper 3.8.0 vulnerabilities (apache#14630)
Browse files Browse the repository at this point in the history
  • Loading branch information
@nicoloboschi
nicoloboschi authored Mar 17, 2022
1 parent 1ec2c71 commit 752abd9
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 5 deletions.
66 changes: 66 additions & 0 deletions src/owasp-dependency-check-false-positives.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,4 +59,70 @@
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
<cpe>cpe:/a:netty:netty</cpe>
</suppress>
<suppress>
<!-- Zookkeeper false positive about Jetty and commons-io-->
<!-- https://github.com/apache/zookeeper/pull/1824-->
<notes><![CDATA[
file name: zookeeper-3.8.0.jar
]]></notes>
<sha1>e395c1d8a71557b7569cc6a83487b2e30e2e58fe</sha1>
<cve>CVE-2021-28164</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: zookeeper-3.8.0.jar
]]></notes>
<sha1>e395c1d8a71557b7569cc6a83487b2e30e2e58fe</sha1>
<cve>CVE-2021-29425</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: zookeeper-3.8.0.jar
]]></notes>
<sha1>e395c1d8a71557b7569cc6a83487b2e30e2e58fe</sha1>
<cve>CVE-2021-34429</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: zookeeper-prometheus-metrics-3.8.0.jar
]]></notes>
<sha1>849e8ece2845cb0185d721233906d487a7f1e4cf</sha1>
<cve>CVE-2021-28164</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: zookeeper-prometheus-metrics-3.8.0.jar
]]></notes>
<sha1>849e8ece2845cb0185d721233906d487a7f1e4cf</sha1>
<cve>CVE-2021-29425</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: zookeeper-prometheus-metrics-3.8.0.jar
]]></notes>
<sha1>849e8ece2845cb0185d721233906d487a7f1e4cf</sha1>
<cve>CVE-2021-34429</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: zookeeper-jute-3.8.0.jar
]]></notes>
<sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
<cve>CVE-2021-28164</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: zookeeper-jute-3.8.0.jar
]]></notes>
<sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
<cve>CVE-2021-29425</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: zookeeper-jute-3.8.0.jar
]]></notes>
<sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
<cve>CVE-2021-34429</cve>
</suppress>

</suppressions>
5 changes: 0 additions & 5 deletions src/owasp-dependency-check-suppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,6 @@
<gav>org.apache.thrift:libthrift:0.12.0</gav>
<vulnerabilityName regex="true">.*</vulnerabilityName>
</suppress>
<suppress>
<notes>Suppress Zookeeper 3.6.2 vulnerabilities</notes>
<gav regex="true">org\.apache\.zookeeper:.*:3\.6\.2</gav>
<vulnerabilityName regex="true">.*</vulnerabilityName>
</suppress>

<!-- see https://github.com/apache/pulsar/pull/14629-->
<suppress>
Expand Down

0 comments on commit 752abd9

Please sign in to comment.