Fix CVE suppressions

zalando · May 15, 2023 · 4391b07 · 4391b07
1 parent 31b0849
commit 4391b07
Showing 1 changed file with 2 additions and 10 deletions.
diff --git a/cve-suppressions.xml b/cve-suppressions.xml
@@ -11,15 +11,7 @@
             <cve>CVE-2022-38180</cve>
             <!-- so far jackson-core and json-path don't have bugfix releases yet for that cve -->
             <cve>CVE-2022-45688</cve>
-            <!-- To be removed after Spring Boot upgrades to Spring 6.0.8 -->
-            <cve>CVE-2023-20863</cve>
-        </suppress>
-        <suppress>
-            <notes><![CDATA[
-            suppress CVE-2022-45688 only to pkg:maven/org.json/json
-            ]]></notes>
-            <packageUrl regex="true">^(?!pkg:maven/org\.json/json@).+$</packageUrl>
-            <!-- Suppressing until https://github.com/jeremylong/DependencyCheck/issues/5502 has been solved -->
-            <cve>CVE-2022-45688</cve>
+            <!-- To be removed after upgrading Ktor -->
+            <cve>CVE-2022-48476</cve>
         </suppress>
 </suppressions>