18 lines
773 B
XML
18 lines
773 B
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
|
|
<suppress>
|
|
<notes><![CDATA[
|
|
We don't use the Spring HTTP invoker which causes this vulnerability due to Java deserialization.
|
|
]]></notes>
|
|
<packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>
|
|
<cve>CVE-2016-1000027</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<notes><![CDATA[
|
|
We don't use the UNWRAP_SINGLE_VALUE_ARRAYS feature and thus are not affected.
|
|
]]></notes>
|
|
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
|
|
<cve>CVE-2022-42003</cve>
|
|
</suppress>
|
|
</suppressions>
|