owasp-suppress-corelib.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <!-- This is not a Spring application and we are not using spring security, so not vulnerable -->
    <suppress>
        <notes><![CDATA[file name: spring-core-5.3.16.jar]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-.*@.*$</packageUrl>
        <cve>CVE-2022-22965</cve>
    </suppress>
    <!-- General Spring web concern to not trust incoming data -->
    <suppress>
        <notes><![CDATA[file name: spring-web-5.3.16.jar]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-web@.*$</packageUrl>
        <cve>CVE-2016-1000027</cve>
    </suppress>
    <!-- Not a Spring application and we don't support PATCH -->
    <suppress>
        <notes><![CDATA[file name: spring-boot-1.3.8.RELEASE.jar]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring\-boot@.*$</packageUrl>
        <cve>CVE-2017-8046</cve>
    </suppress>
    <!-- Not using Cloud foundry -->
    <suppress>
        <notes><![CDATA[file name: spring-boot-1.3.8.RELEASE.jar]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring\-boot@.*$</packageUrl>
        <cve>CVE-2023-20873</cve>
    </suppress>
    <!-- We are not using xml external entity reference -->
    <suppress>
       <notes><![CDATA[file name: dom4j-1.6.1.jar]]></notes>
       <packageUrl regex="true">^pkg:maven/dom4j/dom4j@.*$</packageUrl>
       <cve>CVE-2020-10683</cve>
    </suppress>
    <!-- We don't use SASL in Apache Zookeepr -->
    <suppress>
        <notes><![CDATA[file name: zookeeper-3.6.2.jar]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.apache\.zookeeper/zookeeper@.*$</packageUrl>
        <cve>CVE-2023-44981</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[file name: zookeeper-jute-3.6.2.jar]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.apache\.zookeeper/zookeeper\-jute@.*$</packageUrl>
        <cve>CVE-2023-44981</cve>
    </suppress>
</suppressions>