Home Explore Help
Sign In
apache
/
zookeeper
mirror of https://gitee.com/apache/zookeeper.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

ZOOKEEPER-4755: owaspSuppressions.xml: Temporarily suppress CVE-2023-4586

CVE-2023-4586 looks like a real vulnerability in Netty, but no report or patch has been published so far.  This has to be monitored and will probably have to be remediated.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586

Relevant discussion and pointers:

https://github.com/jeremylong/DependencyCheck/issues/5912#issuecomment-1699387994

Author: Damien Diederen <ddiederen@apache.org>

Reviewers: Andor Molnar <andor@apache.org>, Damien Diederen <ddiederen@apache.org>

Closes #2075 from ztzg/ZOOKEEPER-4755-netty-CVE-2023-4586
Damien Diederen 1 year ago
parent
a0aced950c
commit
5f3b3d6738
1 changed files with 7 additions and 0 deletions
Unified View Show Diff Stats
  1. 7 0
      owaspSuppressions.xml

+ 7 - 0
owaspSuppressions.xml
View File 

@@ -38,6 +38,13 @@
 
       <!-- https://github.com/jeremylong/DependencyCheck/issues/1653
 
       <!-- https://github.com/jeremylong/DependencyCheck/issues/1653
 
            False positive on Netty 4.x-->
 
            False positive on Netty 4.x-->
 
       <cve>CVE-2018-12056</cve>
 
       <cve>CVE-2018-12056</cve>
 
+      <!-- ZOOKEEPER-4755: looks like a real vulnerability in Netty,
 
+           but no report or patch has been published so far.  This has
 
+           to be monitored and will probably have to be remediated.
 
+
 
+           https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586
 
+      -->
 
+      <cve>CVE-2023-4586</cve>
 
    </suppress>
 
    </suppress>
 
    <suppress>
 
    <suppress>
 
       <!-- Seems like false positive - we are not using Prometheus
 
       <!-- Seems like false positive - we are not using Prometheus