Suppress security vulnerability CVE-2021-43113 for itext since it affects version 7, and we use version 2.

2021-12-22 15:57:32 +01:00 · 2021-12-22 15:57:32 +01:00 · dd55a9d9e4
commit dd55a9d9e4
parent 577faac7c0
1 changed files with 9 additions and 0 deletions
--- a/owasp.xml
+++ b/owasp.xml
@ -9,4 +9,13 @@
        <cve>CVE-2020-11022</cve>
        <cve>CVE-2020-11023</cve>
    </suppress>
+    <suppress>
+        <notes><![CDATA[
+        The vulnerability appears to be for iText 7 while SciPro uses 2.
+        None of the referenced classes appear in version 2.
+   file name: itext-2.1.7.js9.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.lowagie/itext@.*$</packageUrl>
+        <vulnerabilityName>CVE-2021-43113</vulnerabilityName>
+    </suppress>
 </suppressions>