owasp-false-positive-warnings.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
   file name: spring-security-crypto-5.8.*.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
        <vulnerabilityName>CVE-2020-5408</vulnerabilityName>
        <cve>CVE-2018-1258</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: spring-web-5.3.*.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-(web|core)@.*$</packageUrl>
        <cve>CVE-2016-1000027</cve>
        <cve>CVE-2018-1258</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: smp.war: spring-core-5.3.30.jar
   ]]></notes>
        <sha1>cd2b09bf9bdb45c3cf2b771317b6dd0d6b2f6a25</sha1>
        <cve>CVE-2016-1000027</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: smp.war: spring-security-*.jar
   ]]></notes>
        <cve>CVE-2018-1258</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: guava-30.1-jre.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
        <vulnerabilityName>CVE-2020-8908</vulnerabilityName>
        <vulnerabilityName>CVE-2023-2976</vulnerabilityName>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: snakeyaml-1.30.jar part of spring boot - just for demo and testing
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
        <cve>CVE-2022-1471</cve>
        <cve>CVE-2022-25857</cve>
        <cve>CVE-2022-38749</cve>
        <cve>CVE-2022-38751</cve>
        <cve>CVE-2022-38752</cve>
        <cve>CVE-2022-41854</cve>
        <cve>CVE-2022-38750</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: jackson-databind-2.15.2.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
        <cve>CVE-2023-35116</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[Only for demo and testing
   file name: tomcat-embed-websocket-9.0.x.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.apache\.tomcat\.embed/tomcat\-embed\-websocket@.*$</packageUrl>
        <cve>CVE-2023-41080</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: dom4j-2.1.3/4.jar
    Used internally by hibernate-envers
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.dom4j/dom4j@.*$</packageUrl>
        <cve>CVE-2023-45960</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: bdmsl-webapp.war: dom4j-2.1.3.jar
      Used internally by hibernate-envers
   ]]></notes>
        <sha1>a75914155a9f5808963170ec20653668a2ffd2fd</sha1>
        <cve>CVE-2023-45960</cve>
    </suppress>
</suppressions>