owasp-false-positive-warnings.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
   file name: spring-security-crypto-5.8.2.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
        <vulnerabilityName>CVE-2020-5408</vulnerabilityName>
        <cve>CVE-2018-1258</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: spring-web-5.3.26.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-(web|core)@.*$</packageUrl>
        <cve>CVE-2016-1000027</cve>
        <cve>CVE-2018-1258</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: smp.war: spring-core-5.3.26.jar
   ]]></notes>
        <sha1>81f0f0bbba14ca6e17d52f0b1c7d52da8c4da098</sha1>
        <cve>CVE-2016-1000027</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: smp.war: spring-security-*.jar
   ]]></notes>
        <cve>CVE-2018-1258</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: spring-aop-5.3.25.jar spring-expression-5.3.25.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-(aop|expression)@.*$</packageUrl>
        <cve>CVE-2023-20861</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: cxf-xjc-runtime-3.3.2.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.apache\.cxf\.xjc\-utils/cxf\-xjc\-runtime@.*$</packageUrl>
        <cve>CVE-2021-4277</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: cxf-rt-bindings-soap-3.5.5.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$</packageUrl>
        <cve>CVE-2022-40705</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: guava-30.1-jre.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
        <vulnerabilityName>CVE-2020-8908</vulnerabilityName>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: snakeyaml-1.30.jar part of spring boot - just for demo and testing
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
        <cve>CVE-2022-1471</cve>
        <cve>CVE-2022-25857</cve>
        <cve>CVE-2022-38749</cve>
        <cve>CVE-2022-38751</cve>
        <cve>CVE-2022-38752</cve>
        <cve>CVE-2022-41854</cve>
        <cve>CVE-2022-38750</cve>
    </suppress>
</suppressions>