forked from codice/ddf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dependency-check-maven-config.xml
87 lines (78 loc) · 2.98 KB
/
dependency-check-maven-config.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
<!--
CVE-2007-1085 is a cross-site scripting (XSS) vulnerability related to Google Desktop
which does not apply here.
-->
<suppress>
<cve>CVE-2007-1085</cve>
</suppress>
<!--
CVE-2007-3150 is a JavaScript injection vulnerability related to Google Desktop which does
not apply here.
-->
<suppress>
<cve>CVE-2007-3150</cve>
</suppress>
<!--
CVE-2010-1807 is related to a client side/browser vulnerability in WebKit. Marking the
vulnerability as a false positive since the vulnerable code is not currently used and
the code is executed server-side.
-->
<suppress>
<cve>CVE-2010-1807</cve>
</suppress>
<!--
CVE-2011-2730 is related to a vulnerability in the VMware SpringSource Spring
Framework, where OWASP flags jars that are unrelated or have no dependency on
Spring, so marking it as a false positive.
-->
<suppress>
<cve>CVE-2011-2730</cve>
</suppress>
<suppress>
<notes>
CVE-2011-5034: Applies to org.apache.servicemix.specs.activation-api-1.1-2.5.0.jar/META-INF/maven/org.apache.geronimo.specs/geronimo-activation_1.1_spec/pom.xml ServiceMix embeds some Specs provided by Geronimo but does not use any of the effected libraries.
</notes>
<cve>CVE-2011-5034</cve>
</suppress>
<!--
Suppressing vulnerabilities CVE-2013-4221 and CVE-2013-4221 as the offending jar file (org.restlet-2.1.1.jar)
is being manually removed from the Solr War and replaced with the fixed version. These should be removed when
Solr is updated (DDF-1110). See pom file for details.
-->
<suppress>
<notes><![CDATA[
file name: solr-4.7.2.war: org.restlet-2.1.1.jar
]]></notes>
<sha1>E12C23B962C925F2681729AFA1E40066A350AD27</sha1>
<cve>CVE-2013-4221</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: solr-4.7.2.war: org.restlet-2.1.1.jar
]]></notes>
<sha1>E12C23B962C925F2681729AFA1E40066A350AD27</sha1>
<cve>CVE-2013-4271</cve>
</suppress>
<!--
CVE-2014-0050: Applies to commons-fileupload-1.2.1, suppressing due to replacing jar when packaging war
-->
<suppress>
<cve>CVE-2014-0050</cve>
</suppress>
<suppress>
<notes><![CDATA[
false positive the effected camel version is 2.12 this uses a later version and does use the XSLT component
file name: proxy-camel-servlet-2.9.0-SNAPSHOT.jar
]]></notes>
<cve>CVE-2014-0002</cve>
</suppress>
<suppress>
<notes><![CDATA[
false positive the effected camel version is 2.12 this uses a later version and does use the XSLT component
file name: proxy-camel-servlet-2.9.0-SNAPSHOT.jar
]]></notes>
<cve>CVE-2014-0003</cve>
</suppress>
</suppressions>