Home Explore Help
Register Sign In
apache
/
zookeeper
mirror of https://gitee.com/apache/zookeeper.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer

Suppress error for CVE-2019-17571 as it does not affect us.
We are not running the log4j server.

Author: Enrico Olivelli <eolivelli@apache.org>

Reviewers: phunt@apache.org

Closes #1209 from eolivelli/fix/ZOOKEEPER-3677-owasp-log4j

Change-Id: I0ef24a7b142cd32ccf4f5c18f9e0c0132a413d6c
Enrico Olivelli 5 years ago
parent
9053f7c431
commit
3bd6b1950e
1 changed files with 5 additions and 0 deletions
Split View Show Diff Stats
  1. 5 0
      owaspSuppressions.xml

+ 5 - 0
owaspSuppressions.xml
View File 

@@ -41,4 +41,9 @@
 
            this writing  -->
 
       <cve>CVE-2019-3826</cve>
 
    </suppress>
 
+   <suppress>
 
+      <!-- false positive for us, it is about log4j server in log4j-1.2.17.jar
 
+           ZOOKEEPER-3677 -->
 
+      <cve>CVE-2019-17571</cve>
 
+   </suppress>
 
 </suppressions>