Browse Source

Update suppression.xml

Armin Schrenk 15 hours ago
parent
commit
7bdcdcba3d
1 changed files with 9 additions and 0 deletions
  1. 9 0
      suppression.xml

+ 9 - 0
suppression.xml

@@ -70,4 +70,13 @@
 		<packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/jackrabbit\-webdav@.*$</packageUrl>
 		<cve>CVE-2023-37895</cve>
 	</suppress>
+	<suppress>
+   		<notes><![CDATA[
+			The project does not use the HttpURI class at all, so no decoded user data is passed to it.
+			See also https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh.
+		]]></notes>
+		<packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty-(http|server|io)@.*$</packageUrl>   	
+   		<vulnerabilityName>CVE-2024-6763</vulnerabilityName>
+		<cve>CVE-2024-6763</cve>
+	</suppress>
 </suppressions>