forked from lensesio/stream-reactor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
suppression.xml
71 lines (68 loc) · 3.06 KB
/
suppression.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<!-- Module: AWS-S3 -->
<!-- This is a false positive. The "common" module is pulling in an acceptable version of this
dependency however after packaging it is being read as an older version. -->
<suppress>
<notes><![CDATA[
file name: kafka-connect-aws-s3-kafka-2-8-assembly-1.1-SNAPSHOT.jar (shaded: net.minidev:json-smart:1.3.2)
]]></notes>
<packageUrl regex="true">^pkg:maven/net\.minidev/json\-smart@.*$</packageUrl>
<cve>CVE-2021-31684</cve>
</suppress>
<!-- Module: HazelCast -->
<!-- This is a false positive. HazelCast dependencies are not synchronised by version number.
Newer versions of these modules are flagged because they contain the word "hazelcast"
and have versions lower than 4.2.x -->
<suppress>
<notes><![CDATA[
file name: kafka-connect-hazelcast-kafka-3-1-assembly-1.1-SNAPSHOT.jar (shaded: com.hazelcast:hazelcast-azure:2.1)
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast\-azure@.*$</packageUrl>
<cve>CVE-2016-10750</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kafka-connect-hazelcast-kafka-3-1-assembly-1.1-SNAPSHOT.jar (shaded: com.hazelcast:hazelcast-gcp:2.1)
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast\-gcp@.*$</packageUrl>
<cve>CVE-2016-10750</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kafka-connect-hazelcast-kafka-3-1-assembly-1.1-SNAPSHOT.jar (shaded: com.hazelcast:hazelcast-hibernate53:2.1.1)
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast\-hibernate53@.*$</packageUrl>
<cve>CVE-2016-10750</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kafka-connect-hazelcast-kafka-3-1-assembly-1.1-SNAPSHOT.jar (shaded: com.hazelcast:hazelcast-wm:4.0)
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast\-wm@.*$</packageUrl>
<cve>CVE-2020-26168</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kafka-connect-hazelcast-kafka-3-1-assembly-1.1-SNAPSHOT.jar
]]></notes>
<sha1>a03873d8e131851a7ec07a3535bd1e5db0b899fc</sha1>
<cpe>cpe:/a:hazelcast:hazelcast</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: kafka-connect-hazelcast-kafka-2-8-assembly-1.1-SNAPSHOT.jar
]]></notes>
<sha1>7036f443754737ebe2715bcc6b37f48e89097139</sha1>
<cve>CVE-2016-10750</cve>
</suppress>
<!-- Module: Kudu -->
<!-- This is a false positive. It appears to be identifying a different async project. -->
<suppress>
<notes><![CDATA[
file name: kafka-connect-kudu-kafka-3-1-assembly-1.1-SNAPSHOT.jar (shaded: com.stumbleupon:async:1.4.1)
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.stumbleupon/async@.*$</packageUrl>
<cve>CVE-2021-43138</cve>
</suppress>
</suppressions>