suppress false positive in dependecy-check (jackrabbit-webdav)

2024-10-06 16:53:31 +00:00 · 2023-08-04 17:01:19 +02:00 · 2023-08-04 17:01:19 +02:00 · 9bd5b45ea7
commit 9bd5b45ea7
parent d08d992768
1 changed files with 7 additions and 0 deletions
--- a/suppression.xml
+++ b/suppression.xml
@ -63,4 +63,11 @@
 		<cve>CVE-2023-35116</cve>
 	</suppress>

+	<suppress>
+		<notes><![CDATA[
+		False positive for jackrabbit-webdav-2.21.15.jar. This component is not affected, see https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw
+   ]]></notes>
+		<packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/jackrabbit\-webdav@.*$</packageUrl>
+		<cve>CVE-2023-37895</cve>
+	</suppress>
 </suppressions>