Suppress false positive for CVE-2024-45244

This is a vulnerability in the core Fabric Go implementation, detected incorrectly by Java dependency-check due to the fabric-protos package. Signed-off-by: Mark S. Lewis <[email protected]>
hyperledger · Sep 15, 2024 · a5a8958 · a5a8958
1 parent a2b08a4
commit a5a8958
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/java/dependency-suppression.xml b/java/dependency-suppression.xml
@@ -16,4 +16,12 @@
         <packageUrl regex="true">^pkg:maven/org\.hyperledger\.fabric/fabric\-protos@.*$</packageUrl>
         <cve>CVE-2022-36023</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+        file name: fabric-protos-*.jar
+        CVE relates to github.com/hyperledger/fabric Go module
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.hyperledger\.fabric/fabric-protos@.*$</packageUrl>
+        <cve>CVE-2024-45244</cve>
+    </suppress>
 </suppressions>