owasp-suppression.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes>The bug is present only in Spring Framework 5.0.5.RELEASE but creates false positive with other versions</notes>
        <cve>CVE-2018-1258</cve>
    </suppress>
    <suppress>
        <notes>CVE about Keycloak Server</notes>
        <cve>CVE-2022-1245</cve>
    </suppress>
    <suppress>
        <notes>CVE about Keycloak Server</notes>
        <cve>CVE-2024-7341</cve>
    </suppress>
    <suppress>
        <notes>no untrusted source</notes>
        <cve>CVE-2022-1471</cve>
    </suppress>
    <suppress>
        <notes>no UriComponentsBuilder</notes>
        <cve>CVE-2024-22243</cve>
    </suppress>
    <suppress>
        <notes>no UriComponentsBuilder</notes>
        <cve>CVE-2024-22262</cve>
    </suppress>
    <suppress>
        <notes>no AuthenticatedVoter</notes>
        <cve>CVE-2024-22257</cve>
    </suppress>
    <suppress>
        <notes>Not applicable</notes>
        <cve>CVE-2024-38816</cve>
    </suppress>
    <suppress>
        <notes>No WebFlux</notes>
        <cve>CVE-2024-38821</cve>
    </suppress>
    <suppress>
        <notes>not valid for search-api</notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring.*$</packageUrl>
        <cve>CVE-2016-1000027</cve>
    </suppress>
</suppressions>