From fdb3bd3897d65f9566f0d8b7346fcdcf760bbab5 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Tue, 7 Jan 2025 18:08:12 +0100
Subject: [PATCH] exclude CVE-2024-12798

---
 etc/owasp-dependency-check-suppression.xml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/etc/owasp-dependency-check-suppression.xml b/etc/owasp-dependency-check-suppression.xml
index b407e289..52fe065c 100644
--- a/etc/owasp-dependency-check-suppression.xml
+++ b/etc/owasp-dependency-check-suppression.xml
@@ -9,8 +9,12 @@
     </suppress>
     <suppress>
         <notes><![CDATA[
-           Malicious HTTP redirect in JAXB on a REST-endpoint is not that dangerous.
+          file name: logback-core-1.5.12.jar
+          A successful attack requires the user to have write access to a configuration file or environment vars.
         ]]></notes>
-        <cve>CVE-2024-9329</cve>
+        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback-core@.*$</packageUrl>
+        <cpe>cpe:/a:qos:logback</cpe>
+        <cve>CVE-2024-12798</cve>
     </suppress>
+
 </suppressions>