jlengrand/helidon
1
0
Fork 0
mirror of https://github.com/jlengrand/helidon.git synced 2026-03-10 08:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
59fec6151f5fbac5d782a6e7f1bd1fa4f08e7ef6
helidon/etc/dependency-check-suppression.xml
Joe DiPol c64b139d15 Upgrade apache-httpclient, google-api-client and snakeyaml (#2482) 
* Upgrade apache-httpclient, google-api-client and snakeyaml
2020-10-27 11:27:47 -07:00

126 lines
4.2 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<!-- For information see https://jeremylong.github.io/DependencyCheck/general/suppression.html -->
<!-- Applies to Oracle HTTP Server -->
<suppress>
<notes><![CDATA[
file name: helidon-microprofile-server-2.1.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.helidon\.microprofile\.server/helidon\-microprofile\-server@.*$</packageUrl>
<cpe>cpe:/a:oracle:http_server</cpe>
</suppress>
<!-- Applies to Processing:Processing -->
<suppress>
<notes><![CDATA[
file name: jsonp-jaxrs-1.1.6.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish/jsonp\-jaxrs@.*$</packageUrl>
<cpe>cpe:/a:processing:processing</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: jakarta.json-api-1.1.6.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/jakarta\.json/jakarta\.json\-api@.*$</packageUrl>
<cpe>cpe:/a:processing:processing</cpe>
</suppress>
<!-- weld-probe-core contains META-INF/client/probe.js which has some javascript
CVEs. This javascript appears to be for developement and is never served
by Helidon. So we exclude these CVEs
-->
<suppress>
<notes><![CDATA[
file name: weld-probe-core-3.1.4.Final.jar: probe.js
]]></notes>
<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
<cve>CVE-2015-9251</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: weld-probe-core-3.1.4.Final.jar: probe.js
]]></notes>
<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
<cve>CVE-2018-14040</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: weld-probe-core-3.1.4.Final.jar: probe.js
]]></notes>
<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
<cve>CVE-2018-14041</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: weld-probe-core-3.1.4.Final.jar: probe.js
]]></notes>
<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
<cve>CVE-2018-14042</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: weld-probe-core-3.1.4.Final.jar: probe.js
]]></notes>
<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
<cve>CVE-2019-11358</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: weld-probe-core-3.1.4.Final.jar: probe.js
]]></notes>
<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
<cve>CVE-2019-8331</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: weld-probe-core-3.1.4.Final.jar: probe.js
]]></notes>
<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
<cve>CVE-2020-11022</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: weld-probe-core-3.1.4.Final.jar: probe.js
]]></notes>
<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
<cve>CVE-2020-11023</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: weld-probe-core-3.1.4.Final.jar: probe.js
]]></notes>
<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
<vulnerabilityName>reDOS - regular expression denial of service</vulnerabilityName>
</suppress>
<!-- End of Weld/javascript related supressions -->
<!-- This CVE is against the etcd server. We ship a Java client -->
<suppress>
<notes><![CDATA[
file name: etcd4j-2.17.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.mousio/etcd4j@.*$</packageUrl>
<cpe>cpe:/a:etcd:etcd</cpe>
</suppress>
<!-- This CVE is against the Java Websocket project. Not the Jakarta WebSocket API.
See https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339
-->
<suppress>
<notes><![CDATA[
file name: jakarta.websocket-api-1.1.2.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/jakarta\.websocket/jakarta\.websocket\-api@.*$</packageUrl>
<cpe>cpe:/a:java-websocket_project:java-websocket</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: javax.websocket-api-1.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/javax\.websocket/javax\.websocket\-api@.*$</packageUrl>
<cpe>cpe:/a:java-websocket_project:java-websocket</cpe>
</suppress>
</suppressions>
Reference in New Issue View Git Blame Copy Permalink