|
43 | 43 | <gav regex="true">^com\.itextpdf:kernel:7\.2\.5.*$</gav> |
44 | 44 | <vulnerabilityName>CVE-2022-24198</vulnerabilityName> |
45 | 45 | </suppress> |
46 | | - <suppress until="2023-02-28+02:00"> |
47 | | - <notes><![CDATA[ |
| 46 | + <suppress until="2023-03-31+02:00"> |
| 47 | + <notes><![CDATA[ |
48 | 48 | file name: commons-jxpath-1.3.jar |
49 | 49 |
|
50 | 50 | Het zal even duren voor er patch versies zijn, zie: |
|
56 | 56 | - alleen vertrouwde gegevens verwerken |
57 | 57 | - we zelf geen JXPath gebruiken |
58 | 58 | ]]></notes> |
59 | | - <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl> |
60 | | - <cve>CVE-2022-40159</cve> |
61 | | - <cve>CVE-2022-40160</cve> |
| 59 | + <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl> |
| 60 | + <cve>CVE-2022-40159</cve> |
| 61 | + <cve>CVE-2022-40160</cve> |
62 | 62 | </suppress> |
63 | 63 | <suppress> |
64 | 64 | <notes><![CDATA[ |
|
73 | 73 | <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl> |
74 | 74 | <cve>CVE-2022-41852</cve> |
75 | 75 | </suppress> |
76 | | - <suppress base="true"> |
77 | | - <notes><![CDATA[ |
78 | | - FP per issue https://github.com/jeremylong/DependencyCheck/issues/5121 |
79 | | - fix for commons |
| 76 | + <suppress> |
| 77 | + <notes><![CDATA[ |
| 78 | + file name: json-20220924.jar |
| 79 | +
|
| 80 | + CVE is voor hutool-json v5.8.10 die doorverwijst naar org.json:json. |
| 81 | + We gebruiken de XML.toJSONObject(...) functie niet en sowieso wordt er alleen vertrouwde data geparsed. |
| 82 | + zie: https://github.com/stleary/JSON-java/issues/708 |
80 | 83 | ]]></notes> |
81 | | - <packageUrl regex="true">^(?!pkg:maven/commons-net/commons-net).*$</packageUrl> |
82 | | - <cpe>cpe:/a:apache:commons_net</cpe> |
| 84 | + <packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl> |
| 85 | + <vulnerabilityName>CVE-2022-45688</vulnerabilityName> |
83 | 86 | </suppress> |
84 | 87 | </suppressions> |
0 commit comments