struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject [struts] branch master updated: Supresses false positives which will be removed once Velocity will be upgraded
Date Tue, 19 Nov 2019 08:27:55 GMT
This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git


The following commit(s) were added to refs/heads/master by this push:
     new 2211fab  Supresses false positives which will be removed once Velocity will be upgraded
2211fab is described below

commit 2211faba64a8dfd66e296cd7f2ea1be1c767dac1
Author: Lukasz Lenart <lukaszlenart@apache.org>
AuthorDate: Tue Nov 19 09:27:21 2019 +0100

    Supresses false positives which will be removed once Velocity will be upgraded
---
 src/etc/project-suppression.xml | 120 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 114 insertions(+), 6 deletions(-)

diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
index 30480cd..c3016de 100644
--- a/src/etc/project-suppression.xml
+++ b/src/etc/project-suppression.xml
@@ -19,15 +19,93 @@
 -->
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
     <suppress>
-        <notes><![CDATA[
-        This suppresses false positives identified on Struts Annotations.
-        ]]></notes>
-        <gav regex="true">org\.apache\.struts:struts\-annotations\:1\.0\.6.*$</gav>
-        <cpe>cpe:/a:apache:struts:1.0.6</cpe>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <cpe>cpe:/a:apache:struts</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2011-5057</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2012-0391</vulnerabilityName>
     </suppress>
     <suppress>
         <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
-        <gav regex="true">^org\.apache\.struts:struts\-core\:1\.3\.8.*$</gav>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2012-0392</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2012-0393</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2012-0394</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2012-0838</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2013-1965</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2013-1966</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2013-2115</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2013-2134</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2013-2135</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2014-0094</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2014-0113</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2015-5169</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2016-0785</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2016-4003</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: struts-annotations-1.0.6.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-annotations@.*$</packageUrl>
         <cpe>cpe:/a:apache:struts</cpe>
     </suppress>
     <suppress>
@@ -40,4 +118,34 @@
         <gav regex="true">^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$</gav>
         <cpe>cpe:/a:apache:struts</cpe>
     </suppress>
+    <suppress>
+        <notes><![CDATA[file name: dom4j-1.1.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/dom4j/dom4j@.*$</packageUrl>
+        <vulnerabilityName>CVE-2018-1000632</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: bsh-2.0b4.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.beanshell/bsh@.*$</packageUrl>
+        <vulnerabilityName>CVE-2016-2510</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[ file name: plexus-utils-1.2.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
+        <cpe>cpe:/a:plexus-utils_project:plexus-utils</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: plexus-utils-1.2.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
+        <vulnerabilityName>CVE-2017-1000487</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: plexus-utils-1.2.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
+        <vulnerabilityName>Directory traversal in org.codehaus.plexus.util.Expand</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: plexus-utils-1.2.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
+        <vulnerabilityName>Possible XML Injection</vulnerabilityName>
+    </suppress>
 </suppressions>
\ No newline at end of file


Mime
View raw message