37 lines
1.4 KiB
XML
37 lines
1.4 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
|
|
<!-- -->
|
|
<suppress>
|
|
<notes>Wicket includes jQuery 1, 2, and 3 but only 3 is used</notes>
|
|
<packageUrl regex="true">^pkg:javascript/jquery@(1|2)\..*$</packageUrl>
|
|
<cve>CVE-2015-9251</cve>
|
|
<cve>CVE-2019-11358</cve>
|
|
<cve>CVE-2020-11022</cve>
|
|
<cve>CVE-2020-11023</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<notes><![CDATA[
|
|
The vulnerability appears to be for iText 7 while SciPro uses 2.
|
|
None of the referenced classes appear in version 2.
|
|
file name: itext-2.1.7.js9.jar
|
|
]]></notes>
|
|
<packageUrl regex="true">^pkg:maven/com\.lowagie/itext@.*$</packageUrl>
|
|
<vulnerabilityName>CVE-2021-43113</vulnerabilityName>
|
|
</suppress>
|
|
<suppress>
|
|
<notes><![CDATA[
|
|
This exploit is for an Amazon patched version of log4j that we do not use.
|
|
file name: log4j-core-2.18.0.jar
|
|
]]></notes>
|
|
<packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j\-.*@.*$</packageUrl>
|
|
<cve>CVE-2022-33915</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<notes><![CDATA[
|
|
False positive from some Python library.
|
|
file name: querydsl-core-5.0.0.jar
|
|
]]></notes>
|
|
<cve>CVE-2022-31548</cve>
|
|
</suppress>
|
|
</suppressions>
|