탐색 도움말
가입하기 로그인
apache
/
zookeeper
의 미러 https://gitee.com/apache/zookeeper.git
2
0
포크 0
파일 이슈 0 위키
소스 검색

ZOOKEEPER-4755: owaspSuppressions.xml: Temporarily suppress CVE-2023-4586

CVE-2023-4586 looks like a real vulnerability in Netty, but no report or patch has been published so far.  This has to be monitored and will probably have to be remediated.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586

Relevant discussion and pointers:

https://github.com/jeremylong/DependencyCheck/issues/5912#issuecomment-1699387994

Author: Damien Diederen <ddiederen@apache.org>

Reviewers: Andor Molnar <andor@apache.org>, Damien Diederen <ddiederen@apache.org>

Closes #2075 from ztzg/ZOOKEEPER-4755-netty-CVE-2023-4586
Damien Diederen 1 년 전
부모
a0aced950c
커밋
5f3b3d6738
1개의 변경된 파일7개의 추가작업 그리고 0개의 파일을 삭제
분할 보기 변경상태 보기
  1. 7 0
      owaspSuppressions.xml

+ 7 - 0
owaspSuppressions.xml
파일 보기 

@@ -38,6 +38,13 @@
 
       <!-- https://github.com/jeremylong/DependencyCheck/issues/1653
 
            False positive on Netty 4.x-->
 
       <cve>CVE-2018-12056</cve>
 
+      <!-- ZOOKEEPER-4755: looks like a real vulnerability in Netty,
 
+           but no report or patch has been published so far.  This has
 
+           to be monitored and will probably have to be remediated.
 
+
 
+           https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586
 
+      -->
 
+      <cve>CVE-2023-4586</cve>
 
    </suppress>
 
    <suppress>
 
       <!-- Seems like false positive - we are not using Prometheus