-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathdependency-check-suppressions.xml
66 lines (64 loc) · 2.26 KB
/
dependency-check-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
>
<suppress>
<notes><![CDATA[
file name: dirgra-0.3.jar
This file gets detected as jruby v0.3 due to a bad pattern reported
in some older CVEs (listed below)
]]>
</notes>
<gav regex="true">^org\.jruby:dirgra:.*$</gav>
<cve>CVE-2010-1330</cve>
<cve>CVE-2011-4838</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jruby-stdlib-9.2.7.0.jar: jquery.js
JRuby ships a pretty old version of jquery in some dependency for Rdoc.
We don't generate any rdoc, so we should be fine.
]]>
</notes>
<sha1>71cce71820cc47b3bd1098618d248325fcf24ddb</sha1>
<cve>CVE-2012-6708</cve>
<cve>CVE-2015-9251</cve>
<cve>CVE-2019-11358</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: guava-18.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
<cve>CVE-2018-10237</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jruby-stdlib-9.2.7.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.10.2)
]]></notes>
<packageUrl regex="true">^pkg:maven/rubygems/jruby\-openssl@.*$</packageUrl>
<cve>CVE-1999-0428</cve>
<cve>CVE-2009-0590</cve>
<cve>CVE-2011-4838</cve>
<cve>CVE-2016-2106</cve>
<cve>CVE-2010-4252</cve>
<cve>CVE-2016-2176</cve>
<cve>CVE-2016-2108</cve>
<cve>CVE-2016-2109</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jruby-stdlib-9.2.7.0.jar: readline.jar (shaded: rubygems:jruby-readline:1.3.7)
]]></notes>
<packageUrl regex="true">^pkg:maven/rubygems/jruby\-readline@.*$</packageUrl>
<cve>CVE-2010-1330</cve>
<cve>CVE-2011-4838</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jruby-stdlib-9.2.7.0.jar: snakeyaml-1.23.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
<cve>CVE-2017-18640</cve>
<cve>CVE-2011-4838</cve>
</suppress>
</suppressions>