From b5c2596a98a36c6341d3e01ebc50436c6cf10d25 Mon Sep 17 00:00:00 2001 From: kelvinqian00 Date: Wed, 31 Jan 2024 11:16:52 -0500 Subject: [PATCH 1/3] CVE-2017-20189 is false positive for most libs with clojure name --- .nvd/suppression.xml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.nvd/suppression.xml b/.nvd/suppression.xml index 5b5f6e7b..609605b0 100644 --- a/.nvd/suppression.xml +++ b/.nvd/suppression.xml @@ -1,4 +1,12 @@ - + + + ^pkg:maven\/(?!org\.clojure\/clojure).*$ + cpe:/a:clojure:clojure + CVE-2017-20189 + + From fd12a9eb7915ba964ccfe5f10f58401dd7587666 Mon Sep 17 00:00:00 2001 From: kelvinqian00 Date: Wed, 31 Jan 2024 11:18:58 -0500 Subject: [PATCH 2/3] Temporary commit to scan clojure ver with vuln --- deps.edn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps.edn b/deps.edn index a3ea1cfe..0e226698 100644 --- a/deps.edn +++ b/deps.edn @@ -1,5 +1,5 @@ {:paths ["resources" "src/main"] - :deps {org.clojure/clojure {:mvn/version "1.11.1"} + :deps {org.clojure/clojure {:mvn/version "1.8.0" #_"1.11.1"} org.clojure/core.async {:mvn/version "1.6.673"} org.clojure/core.memoize {:mvn/version "1.0.257"} com.yetanalytics/xapi-schema From d12b21fdde4b1a16bd4fae4975fb52a5e7492e25 Mon Sep 17 00:00:00 2001 From: kelvinqian00 Date: Wed, 31 Jan 2024 11:19:52 -0500 Subject: [PATCH 3/3] Revert "Temporary commit to scan clojure ver with vuln" This reverts commit fd12a9eb7915ba964ccfe5f10f58401dd7587666. --- deps.edn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps.edn b/deps.edn index 0e226698..a3ea1cfe 100644 --- a/deps.edn +++ b/deps.edn @@ -1,5 +1,5 @@ {:paths ["resources" "src/main"] - :deps {org.clojure/clojure {:mvn/version "1.8.0" #_"1.11.1"} + :deps {org.clojure/clojure {:mvn/version "1.11.1"} org.clojure/core.async {:mvn/version "1.6.673"} org.clojure/core.memoize {:mvn/version "1.0.257"} com.yetanalytics/xapi-schema