-
Notifications
You must be signed in to change notification settings - Fork 639
/
owasp-suppressions.xml
136 lines (134 loc) · 4.86 KB
/
owasp-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?xml version="1.0" encoding="UTF-8"?>
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib@.*$
</packageUrl>
<cve>CVE-2019-10101</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib@.*$
</packageUrl>
<cve>CVE-2019-10102</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib@.*$
</packageUrl>
<cve>CVE-2019-10103</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-common-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$
</packageUrl>
<cve>CVE-2019-10101</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-common-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$
</packageUrl>
<cve>CVE-2019-10102</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: kotlin-stdlib-common-1.2.71.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$
</packageUrl>
<cve>CVE-2019-10103</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: netty-tcnative-classes-2.0.46.Final.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$
</packageUrl>
<cve>CVE-2019-20445</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: netty-tcnative-classes-2.0.46.Final.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$
</packageUrl>
<cve>CVE-2019-20444</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: tensorflow-1.15.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.tensorflow/tensorflow@.*$
</packageUrl>
<vulnerabilityName>CVE-2021-35958</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: spring-.*-5.3.20.jar
We don't use http invoker/features of Spring. In addition it's an old vulnerability
and reactivated by NVD for some unknown reason. Take a look at the references and discussions
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework/spring\-.*@.*$</packageUrl>
<cve>CVE-2016-1000027</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: snakeyaml-1.30.jar
snakeyaml is being used through redisson->jackson-databind-yaml.
There is no yaml usage of Redisson in Ant Media Server
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
<vulnerabilityName>CVE-2022-1471</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: ffmpeg-5.1.2-1.5.8.jar,ffmpeg-platform-5.1.2-1.5.8.jar, cuda-11.8-8.6-1.5.8.jar, cuda-platform-11.8-8.6-1.5.8.jar
This vulnerability is about to github actions of the original repo. It's not related to Ant Media Server.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.bytedeco/(ffmpeg|cuda).*@.*$</packageUrl>
<cve>CVE-2023-34112</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: ffmpeg-5.1.2-1.5.8.jar,ffmpeg-platform-5.1.2-1.5.8.jar, ffmpeg-5.1.2-1.5.8-linux-x86.jar
This vulnerability is about using mpegvideoencoder. We don't use mpegvideo encoder in our end
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.bytedeco/(ffmpeg|cuda).*@.*$</packageUrl>
<cve>CVE-2024-32230</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: ffmpeg-5.1.2-1.5.8.jar,ffmpeg-platform-5.1.2-1.5.8.jar, ffmpeg-5.1.2-1.5.8-linux-x86.jar
This vulnerability is about using mpegvideoencoder. We don't use mpegvideo encoder in our end
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.bytedeco/(ffmpeg|cuda).*@.*$</packageUrl>
<cve>CVE-2024-32229</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: tomcat-coyote-10.1.19.jar
This vulnerability is about Tomcat fails to handle some cases of excessive HTTP headers correctly. We don't have problem with our headers in our end
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat-coyote@10\.1\.19$</packageUrl>
<cve>CVE-2024-34750</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: tomcat-catalina-10.1.34.jar
This vulnerability seems to be fixed in 10.1.34 Otherwise, Ant Media Server works on Linux which is a case sensitve OS. So this doesn't affect the software.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat-catalina@10\.1\.34$</packageUrl>
<cve>CVE-2024-56337</cve>
</suppress>
</suppressions>