[fix][sec] Suppress false positive CVE-2023-35116 in jackson-databind

- see FasterXML/jackson-databind#3972 (comment)
lhotari · Jun 19, 2023 · 110f815 · 110f815
1 parent 8125d1f
commit 110f815
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
@@ -433,5 +433,11 @@
        ]]></notes>
         <cve>CVE-2020-8908</cve>
     </suppress>
-
+    <suppress>
+        <notes><![CDATA[
+       This is a false positive in jackson-databind.
+       See https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1596604021
+       ]]></notes>
+        <cve>CVE-2023-35116</cve>
+    </suppress>
 </suppressions>