|
|
@@ -79,4 +79,16 @@
|
|
|
<vulnerabilityName>CVE-2024-6763</vulnerabilityName>
|
|
|
<cve>CVE-2024-6763</cve>
|
|
|
</suppress>
|
|
|
+
|
|
|
+ <!-- Vulnerable, but unused class in jetty -->
|
|
|
+ <suppress>
|
|
|
+ <notes><![CDATA[
|
|
|
+ The project does not use the HttpURI class at all, so no decoded user data is passed to it.
|
|
|
+ See also https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh.
|
|
|
+ ]]></notes>
|
|
|
+ <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty-.*$</packageUrl>
|
|
|
+ <vulnerabilityName>CVE-2024-6763</vulnerabilityName>
|
|
|
+ <cve>CVE-2024-6763</cve>
|
|
|
+ </suppress>
|
|
|
+
|
|
|
</suppressions>
|
Armin Schrenk