suppress CVE-2023-5072 as it's been fixed by the latest release of

liga-oz · liga-oz · commit da2b5f7b5696 · 2023-10-20T10:24:29.000+02:00
org.json 20231013
diff --git a/etc/suppression.xml b/etc/suppression.xml
@@ -2,6 +2,15 @@
 <!-- SPDX-FileCopyrightText: 2018-2022 SAP SE or an SAP affiliate company and Cloud Security Client Java contributors -->
 <!-- SPDX-License-Identifier: Apache-2.0 -->
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes><![CDATA[
+        suppresses CVE-2023-5072 as it has been fixed by the latest release 20231013 https://nvd.nist.gov/vuln/detail/CVE-2023-5072
+        file name: json-20231013.jar
+        ]]>
+        </notes>
+        <packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
+        <vulnerabilityName>CVE-2023-5072</vulnerabilityName>
+    </suppress>
     <suppress>
         <notes><![CDATA[
         suppresses CVE-2022-45688 as the affected method is not called by code of this project.
