-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathowasp-suppressions.xml
More file actions
73 lines (62 loc) · 3.09 KB
/
owasp-suppressions.xml
File metadata and controls
73 lines (62 loc) · 3.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?xml version="1.0" encoding="UTF-8"?>
<!-- This file is duplicated in igloo-parent, please modify both of the files when you need to modify something-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<!-- We are not using delegate from npm -->
<suppress>
<notes><![CDATA[file name: delegate-3.2.0.jar]]></notes>
<packageUrl regex="true">^pkg:maven/org\.webjars\.npm/delegate@.*$</packageUrl>
<cpe>cpe:/a:delegate:delegate</cpe>
</suppress>
<!-- We are using a Spring Framework version bigger than 5.0.5 so we are not concerned -->
<suppress>
<notes><![CDATA[file name: spring-security-web-5.3.2.RELEASE.jar]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-web@.*$</packageUrl>
<cve>CVE-2018-1258</cve>
</suppress>
<suppress>
<notes><![CDATA[file name: spring-security-acl-5.1.4.RELEASE.jar]]></notes>
<gav regex="true">^org\.springframework\.security:spring-security-acl:.*$</gav>
<cve>CVE-2018-1258</cve>
</suppress>
<!-- We explicitly declare jquery's version in wicket to 3, we never use jquery 1.X or 2.X -->
<suppress>
<notes><![CDATA[file name: wicket-core-8.8.0.jar: jquery-1.12.4.js]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<cve>CVE-2019-11358</cve>
</suppress>
<suppress>
<notes><![CDATA[file name: wicket-core-8.8.0.jar: jquery-1.12.4.js]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<vulnerabilityName>Regex in its jQuery.htmlPrefilter sometimes may introduce XSS</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[file name: wicket-core-8.8.0.jar: jquery-2.2.4.js]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<cve>CVE-2019-11358</cve>
</suppress>
<suppress>
<notes><![CDATA[file name: wicket-core-8.8.0.jar: jquery-2.2.4.js]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<vulnerabilityName>Regex in its jQuery.htmlPrefilter sometimes may introduce XSS</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[file name: wicket-core-8.8.0.jar: jquery-2.2.4.min.js]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<cve>CVE-2019-11358</cve>
</suppress>
<suppress>
<notes><![CDATA[file name: wicket-core-8.8.0.jar: jquery-2.2.4.min.js]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<vulnerabilityName>Regex in its jQuery.htmlPrefilter sometimes may introduce XSS</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[file name: wicket-core-8.8.0.jar: jquery-3.4.1.js]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<vulnerabilityName>Regex in its jQuery.htmlPrefilter sometimes may introduce XSS</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[file name: wicket-core-8.8.0.jar: jquery-3.4.1.min.js]]></notes>
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
<vulnerabilityName>Regex in its jQuery.htmlPrefilter sometimes may introduce XSS</vulnerabilityName>
</suppress>
</suppressions>