Skip to content

Commit

Permalink
Ignore CVE false-positive for spring-web 6.1.14
Browse files Browse the repository at this point in the history 
Only 5.3.0 - 5.3.41 are affected:
https://spring.io/security/cve-2024-38828
  • Loading branch information
@labkey-tchad
labkey-tchad committed Nov 18, 2024
1 parent 15ebb30 commit 4d8d38d
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions dependencyCheckSuppression.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,5 +369,14 @@
</suppress>
<!-- end of glassfish false positive suppressions -->

<!-- False positive. Only 5.3.0 - 5.3.41 are affected:
https://spring.io/security/cve-2024-38828 -->
<suppress>
<notes><![CDATA[
file name: spring-web-6.1.14.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>
<vulnerabilityName>CVE-2024-38828</vulnerabilityName>
</suppress>
</suppressions>

0 comments on commit 4d8d38d

Please sign in to comment.