Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
kunli2 committed Oct 4, 2023
1 parent 76d5040 commit 4fdcf5d
Showing 1 changed file with 48 additions and 0 deletions.
48 changes: 48 additions & 0 deletions suppressions.xml
Original file line number Diff line number Diff line change
Expand Up @@ -46,4 +46,52 @@
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$</packageUrl>
<vulnerabilityName>CVE-2023-4759</vulnerabilityName>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-cipher-2.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-cipher@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-classworlds-2.7.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-classworlds@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-component-annotations-2.1.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-component\-annotations@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-interactivity-api-1.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-interactivity\-api@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-interpolation-1.26.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-interpolation@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-sec-dispatcher-2.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-sec\-dispatcher@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
</suppressions>

1 comment on commit 4fdcf5d

@kunli2
Copy link
Contributor Author

@kunli2 kunli2 commented on 4fdcf5d Oct 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

plexus* libraries are all the latest and not able to bump.
fixes https://github.com/moderneinc/dependency-vulnerability-reports/issues/561

Please sign in to comment.