Skip to content

Commit 56e25a8

Browse files
author
haileyajohnson
committed
suppress false positive CVE for commons-io
1 parent 93a2c90 commit 56e25a8

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

project-files/owasp-dependency-check/dependency-check-suppression.xml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,4 +101,12 @@
101101
<cve>CVE-2022-23221</cve>
102102
<cwe>94</cwe>
103103
</suppress>
104+
<suppress>
105+
<notes><![CDATA[
106+
file name: commons-io-1.3.2.jar
107+
reason: We do not use the vulnerable function (FileNameUtils.normalize)
108+
]]></notes>
109+
<packageUrl regex="true">^pkg:maven/commons-io/commons-io@.*$</packageUrl>
110+
<cve>CVE-2021-29425</cve>
111+
</suppress>
104112
</suppressions>

0 commit comments

Comments
 (0)