-
Notifications
You must be signed in to change notification settings - Fork 637
/
owasp-suppressions.xml
126 lines (126 loc) · 4.46 KB
/
owasp-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?xml version="1.0" encoding="UTF-8"?>
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib@.*$
</packageUrl>
<cve>CVE-2019-10101</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib@.*$
</packageUrl>
<cve>CVE-2019-10102</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib@.*$
</packageUrl>
<cve>CVE-2019-10103</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-common-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$
</packageUrl>
<cve>CVE-2019-10101</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-common-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$
</packageUrl>
<cve>CVE-2019-10102</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-common-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$
</packageUrl>
<cve>CVE-2019-10103</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: netty-tcnative-classes-2.0.46.Final.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$
</packageUrl>
<cve>CVE-2019-20445</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: netty-tcnative-classes-2.0.46.Final.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$
</packageUrl>
<cve>CVE-2019-20444</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: tensorflow-1.15.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.tensorflow/tensorflow@.*$
</packageUrl>
<vulnerabilityName>CVE-2021-35958</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: spring-.*-5.3.20.jar
We don't use http invoker/features of Spring. In addition it's an old vulnerability
and reactivated by NVD for some unknown reason. Take a look at the references and discussions
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework/spring\-.*@.*$</packageUrl>
<cve>CVE-2016-1000027</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: snakeyaml-1.30.jar
snakeyaml is being used through redisson->jackson-databind-yaml.
There is no yaml usage of Redisson in Ant Media Server
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
<vulnerabilityName>CVE-2022-1471</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: ffmpeg-5.1.2-1.5.8.jar,ffmpeg-platform-5.1.2-1.5.8.jar, cuda-11.8-8.6-1.5.8.jar, cuda-platform-11.8-8.6-1.5.8.jar
This vulnerability is about to github actions of the original repo. It's not related to Ant Media Server.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.bytedeco/(ffmpeg|cuda).*@.*$</packageUrl>
<cve>CVE-2023-34112</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: ffmpeg-5.1.2-1.5.8.jar,ffmpeg-platform-5.1.2-1.5.8.jar, ffmpeg-5.1.2-1.5.8-linux-x86.jar
This vulnerability is about using mpegvideoencoder. We don't use mpegvideo encoder in our end
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.bytedeco/(ffmpeg|cuda).*@.*$</packageUrl>
<cve>CVE-2024-32230</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: ffmpeg-5.1.2-1.5.8.jar,ffmpeg-platform-5.1.2-1.5.8.jar, ffmpeg-5.1.2-1.5.8-linux-x86.jar
This vulnerability is about using mpegvideoencoder. We don't use mpegvideo encoder in our end
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.bytedeco/(ffmpeg|cuda).*@.*$</packageUrl>
<cve>CVE-2024-32229</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: tomcat-coyote-10.1.19.jar
This vulnerability is about Tomcat fails to handle some cases of excessive HTTP headers correctly. We don't have problem with our headers in our end
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat-coyote@10\.1\.19$</packageUrl>
<cve>CVE-2024-34750</cve>
</suppress>
</suppressions>