Suppress a CVE false-positive for jackson-databind 2.14.2

Also see https://github.com/cryptomator/cryptomator/pull/2961#issuecomment-1597652134.
This commit is contained in:
Sebastian Schuberth 2023-06-19 22:31:50 +02:00
parent 173b1e8386
commit 4d09728880

View File

@ -55,4 +55,12 @@
<cve>CVE-2022-45688</cve>
</suppress>
</suppressions>
<suppress>
<notes><![CDATA[
False positive for jackson-databind-2.14.2.jar, see https://github.com/FasterXML/jackson-databind/issues/3972
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2023-35116</cve>
</suppress>
</suppressions>