[fix][sec] Add OWASP Dependency Check suppressions (apache#21281)

datastax · Sep 30, 2023 · 1bf7371 · 1bf7371
1 parent 8485d68
commit 1bf7371
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
@@ -457,4 +457,16 @@
        ]]></notes>
         <cve>CVE-2023-35116</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+   This is a false positive in avro-protobuf. The vulnerability is in Hamba avro golang library.
+   ]]></notes>
+        <cve>CVE-2023-37475</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+    This CVE can be suppressed since it is covered in Pulsar by hostname verification changes made in https://github.com/apache/pulsar/pull/15824.
+   ]]></notes>
+        <cve>CVE-2023-4586</cve>
+    </suppress>
 </suppressions>