Suppress false security warning.

2023-06-29 09:52:05 +02:00 · 2023-06-29 09:52:05 +02:00 · fa655a50f9
commit fa655a50f9
parent 779c6922c9
1 changed files with 14 additions and 0 deletions
--- a/owasp.xml
+++ b/owasp.xml
@ -37,4 +37,18 @@
        <notes>No usages of com.google.common.io.Files#createTempDir</notes>
        <cve>CVE-2020-8908</cve>
    </suppress>
+    <suppress>
+        <notes>
+            This is when trying to serialize recursive datastructures,
+            such as a list containing itself or similar.
+
+            Since an attacker can only craft strings that are *de*-serialized it
+            is impossible to use this "exploit" and it is only something we can
+            do to ourselves.
+
+            The same problem exists with Map#hashCode for example and everyone
+            is fine with that.
+        </notes>
+        <cve>CVE-2023-35116</cve>
+    </suppress>
 </suppressions>