You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: owasp-dependency-check-suppressions.xml
+2Lines changed: 2 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -142,6 +142,7 @@
142
142
<cve>CVE-2024-47561</cve> <!-- This seems to be a legitimate vulnerability. We would need to go to hadoop-client 3.4 which required aws sdk v2 dependency work to finish -->
143
143
<cve>CVE-2024-29131</cve> <!-- This seems to be a legitimate vulnerability. We would need to go to hadoop-client 3.4 which required aws sdk v2 dependency work to finish -->
144
144
<cve>CVE-2024-22201</cve> <!-- This seems to be a legitimate vulnerability. We would need to go to a hadoop-client which was not yet released -->
145
+
<cve>CVE-2025-52999</cve> <!-- This is vulneraability in all versions of hadoop-client-runtime and has not been fixed by hadoop yet -->
145
146
</suppress>
146
147
147
148
<!-- those are false positives, no other tools report any of those CVEs in the hadoop package -->
@@ -192,6 +193,7 @@
192
193
<cve>CVE-2022-34917</cve>
193
194
<cve>CVE-2023-25194</cve>
194
195
<cve>CVE-2024-31141</cve>
196
+
<cve>CVE-2025-27818</cve> <!-- not fixed in any version of ranger dependency. I don't think it is exploitable in Druid within this extension -->
0 commit comments