-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathowasp-suppressions.xml
54 lines (54 loc) · 2.25 KB
/
owasp-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<?xml version="1.0" encoding="UTF-8"?>
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: org.rdkit.knime.wizards_*.jar
The RDKit Wizard will not be installed in KNIME, but in an IDE for development.
It requires an Eclipse IDE and extends it, therefore we have to tolerate the IDE itself.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.rdkit\.knime/org\.rdkit\.knime\.wizards@.*$
</packageUrl>
<cve>CVE-2008-7271</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: org.rdkit.knime.wizards_*.jar
The RDKit Wizard will not be installed in KNIME, but in an IDE for development.
It requires an Eclipse IDE and extends it, therefore we have to tolerate the IDE itself.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.rdkit\.knime/org\.rdkit\.knime\.wizards@.*$
</packageUrl>
<cve>CVE-2023-4218</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: org.rdkit.knime.nodes_*.jar: commons-io-2.12.0.jar
Brought in by OPSIN library - we are using already the latest available version 2.8.0.
This vulnerability is apparently tolerated by the OPSIN providers.
]]></notes>
<packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$
</packageUrl>
<cve>CVE-2021-37533</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: org.rdkit.knime.nodes_*.jar: stax2-api-4.2.1.jar
Brought in by OPSIN library - we are using already the latest available version 2.8.0.
This vulnerability is apparently tolerated by the OPSIN providers.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.woodstox/stax2\-api@.*$
</packageUrl>
<cve>CVE-2022-40152</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: org.rdkit.knime.nodes_*.jar: woodstox-core-6.5.1.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)
Brought in by OPSIN library - we are using already the latest available version 2.8.0.
This vulnerability is apparently tolerated by the OPSIN providers.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.sun\.xml\.bind\.jaxb/isorelax@.*$
</packageUrl>
<cve>CVE-2023-34411</cve>
</suppress>
</suppressions>