forked from finos/common-domain-model
-
Notifications
You must be signed in to change notification settings - Fork 7
/
allow-list.xml
53 lines (53 loc) · 2.18 KB
/
allow-list.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
YAML is not used via jackson-databind, see https://nvd.nist.gov/vuln/detail/CVE-2022-1471
]]></notes>
<gav>org.yaml:snakeyaml:1.33</gav>
<cve>CVE-2022-1471</cve>
</suppress>
<suppress>
<notes><![CDATA[
HTTP is not used, see https://nvd.nist.gov/vuln/detail/CVE-2021-41033
]]></notes>
<gav>org.eclipse.platform:org.eclipse.equinox.common:3.16.100</gav>
<cve>CVE-2021-41033</cve>
</suppress>
<suppress>
<notes><![CDATA[
HTTP is not used, see https://nvd.nist.gov/vuln/detail/CVE-2021-41033
]]></notes>
<cve>CVE-2021-41033</cve>
</suppress>
<suppress>
<notes><![CDATA[
XSemantics version used was released in September 2022, so it is not affected by this CVE; false alarm. More info on https://nvd.nist.gov/vuln/detail/CVE-2019-10249
]]></notes>
<gav>org.eclipse.xsemantics:org.eclipse.xsemantics.runtime:1.22.0</gav>
<cve>CVE-2019-10249</cve>
</suppress>
<suppress>
<notes><![CDATA[
This CVE refers to Xtext & Xtend versions prior to 2.18.0, we use Xtext & Xtend version 2.27.0.
The dependency org.eclipse.emf.ecore.xcore.lib has separate versioning (latest version is 1.7.0); false alarm. More info on https://nvd.nist.gov/vuln/detail/CVE-2019-10249
]]></notes>
<gav>org.eclipse.emf:org.eclipse.emf.ecore.xcore.lib:1.6.0</gav>
<cve>CVE-2019-10249</cve>
</suppress>
<suppress>
<notes><![CDATA[
This CVE is not about org.junit.platform.commons. It seems the check is
too loose. See https://nvd.nist.gov/vuln/detail/CVE-2020-27225
]]></notes>
<cve>CVE-2020-27225</cve>
</suppress>
<suppress>
<notes><![CDATA[
Suppress false positive CVE-2023-35116 in jackson-databind.
See issue https://github.com/FasterXML/jackson-databind/issues/3972
See CVE https://nvd.nist.gov/vuln/detail/CVE-2023-35116
]]></notes>
<cve>CVE-2023-35116</cve>
</suppress>
</suppressions>