-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexclusions.json
87 lines (87 loc) · 4.8 KB
/
exclusions.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
{
"exclusions": [
{"vulnid": "GHSA-h8pj-cxx2-jfg2",
"purl": ["pkg:pypi/httpx@0.23.0"]},
{"vulnid": "CVE-2021-26291"},
{"vulnid": "CVE-2021-41945",
"purl": ["pkg:pypi/httpx@0.23.0"]},
{"vulnid": "CVE-2016-1000027",
"comment":"https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525"},
{"vulnid": "GHSA-4wrc-f8pq-fpqp",
"comment":"https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525"},
{"vulnid": "sonatype-2020-0926",
"comment": "https://github.com/google/guava/issues/4011"},
{"vulnid": "CVE-2020-5408",
"purl": ["pkg:maven/org.springframework.security/spring-security-crypto@5.5.3?type=jar",
"pkg:maven/org.springframework.security/spring-security-crypto@5.6.1?type=jar",
"pkg:maven/org.springframework.security/spring-security-crypto@5.6.2?type=jar",
"pkg:maven/org.springframework.security/spring-security-crypto@5.6.5?type=jar",
"pkg:maven/org.springframework.security/spring-security-crypto@5.6.6?type=jar",
"pkg:maven/org.springframework.security/spring-security-crypto@5.7.1?type=jar",
"pkg:maven/org.springframework.security/spring-security-crypto@5.7.2?type=jar",
"pkg:maven/org.springframework.security/spring-security-crypto@5.7.3?type=jar",
"pkg:maven/org.springframework.security/spring-security-crypto@5.7.4?type=jar",
"pkg:maven/org.springframework.security/spring-security-crypto@5.7.5?type=jar"],
"comment": "https://github.com/OSSIndex/vulns/issues/276"},
{"vulnid": "CVE-2021-0341",
"comment": "CVE-2021-0341 is applicable for Android applications only"},
{"vulnid": "GHSA-8v27-2fg9-7h62",
"comment": "Withdrawn https://github.com/browserify/static-eval/issues/34"},
{"vulnid": "CVE-2021-23334",
"comment": "Withdrawn https://github.com/browserify/static-eval/issues/34"},
{"vulnid": "GHSA-673j-qm5f-xpv8",
"comment": "It's not the job of the pgjdbc driver to decide whether a given log file location is acceptable. End user applications that use the pgjdbc driver must ensure that filenames are valid and restrict unauthenticated attackers from being able to supply arbitrary values."},
{"vulnid": "CVE-2022-26520",
"comment": "It's not the job of the pgjdbc driver to decide whether a given log file location is acceptable. End user applications that use the pgjdbc driver must ensure that filenames are valid and restrict unauthenticated attackers from being able to supply arbitrary values."},
{"vulnid": "GHSA-8p5q-j9m2-g8wr",
"comment": "Withdrawn https://github.com/lodash/lodash/issues/5261"},
{"vulnid": "GHSA-269q-hmxg-m83q",
"comment": "Java6 and below only."},
{"vulnid": "CVE-2022-24823",
"comment": "Java6 and below only."},
{"vulnid": "CVE-2021-3887",
"comment": "Rejected."},
{"vulnid": "GHSA-rwqr-c348-m5wr",
"comment": "Withdrawn."},
{"vulnid": "CVE-2022-33124",
"comment": "Withdrawn."},
{"vulnid": "CVE-2022-29361",
"comment": "This cve is invalid, if you're running the dev server in production you have bigger security issues."},
{"vulnid": "sonatype-2019-0673",
"comment": "https://github.com/bcgit/bc-java/issues/634#issuecomment-814955246"},
{"vulnid": "CVE-2018-14335",
"comment": "Not considered by maintainer as software issue https://github.com/h2database/h2database/issues/1294"},
{"vulnid": "sonatype-2018-0863",
"comment": "Not considered by maintainer as software issue https://github.com/h2database/h2database/issues/1294"},
{"vulnid": "CVE-2022-42003",
"comment": "Suppress as no fix available until jackson 2.14 release"},
{"vulnid": "GHSA-jjjh-jjxp-wpff",
"comment": "Suppress as no fix available until jackson 2.14 release"},
{"vulnid": "CVE-2022-38752",
"comment": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081"},
{"vulnid": "CVE-2022-41854",
"comment": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081"},
{"vulnid": "GHSA-w37g-rhq8-7m4j",
"comment": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081"},
{"vulnid": "sonatype-2020-0026",
"comment": "Not a netty issue https://github.com/netty/netty/issues/9930"},
{"vulnid": "sonatype-2022-6127",
"comment": "Invalid issue"},
{"vulnid": "CVE-2022-1471",
"comment": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in"},
{"vulnid": "GHSA-mjmj-j48q-9wg2",
"comment": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in"},
{"vulnid": "GHSA-fgq9-fc3q-vqmw",
"comment": "Withdrawn"},
{"vulnid": "CVE-2023-45960",
"comment": "Withdrawn"},
{"vulnid": "GHSA-57m8-f3v5-hm5m",
"comment": "Withdrawn"},
{"vulnid": "CVE-2020-13091",
"comment": "Disputed"},
{"vulnid": "GHSA-xfg6-62px-cxc2",
"comment": "Duplicate of GHSA-24rp-q3w6-vc56"},
{"vulnid": "sonatype-2021-4916",
"comment": "https://github.com/bcgit/bc-java/issues/925#issuecomment-814642559"}
]
}