github.com/vnforks/kid/v5@v5.22.1-0.20200408055009-b89d99c65676/dependency-suppression.xml (about) 1 <?xml version="1.0" encoding="UTF-8"?> 2 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> 3 <suppress> 4 <notes><![CDATA[ 5 Vulnerable cipher (Salsa20) not used 6 ]]></notes> 7 <packageUrl regex="true">^pkg:golang/golang\.org/x/crypto@.*$</packageUrl> 8 <vulnerabilityName>CVE-2019-11840</vulnerabilityName> 9 </suppress> 10 <suppress> 11 <notes><![CDATA[ 12 MySQL driver misidentified as MySQL server 13 ]]></notes> 14 <packageUrl regex="true">^pkg:golang/github\.com/go\-sql\-driver/mysql@.*$</packageUrl> 15 <cpe>cpe:/a:mysql:mysql</cpe> 16 </suppress> 17 <suppress> 18 <notes><![CDATA[ 19 Various dependencies from GitHub misidentified as GitHub Enterprise 20 ]]></notes> 21 <packageUrl regex="true">^pkg:golang/github\.com/.*$</packageUrl> 22 <cpe>cpe:/a:github:github</cpe> 23 </suppress> 24 <suppress> 25 <notes><![CDATA[ 26 Prometheus client misidentified as server 27 ]]></notes> 28 <packageUrl regex="true">^pkg:golang/github\.com/prometheus/client_model@.*$</packageUrl> 29 <cpe>cpe:/a:prometheus:prometheus</cpe> 30 </suppress> 31 <suppress> 32 <notes><![CDATA[ 33 Vulnerability affects only RBAC and client-cert-auth 34 ]]></notes> 35 <packageUrl regex="true">^pkg:golang/github\.com/coreos/etcd@.*$</packageUrl> 36 <cve>CVE-2018-16886</cve> 37 </suppress> 38 <suppress> 39 <notes><![CDATA[ 40 Golang module misidentified as unrelated CLI toolset 41 ]]></notes> 42 <packageUrl regex="true">^pkg:golang/golang\.org/x/tools@.*$</packageUrl> 43 <cpe>cpe:/a:data-tools_project:data_tools</cpe> 44 </suppress> 45 <suppress> 46 <notes><![CDATA[ 47 Misidentified version (commit hash vs. date) 48 ]]></notes> 49 <packageUrl regex="true">^pkg:golang/golang\.org/x/crypto@.*$</packageUrl> 50 <vulnerabilityName>CVE-2017-3204</vulnerabilityName> 51 </suppress> 52 <suppress> 53 <notes><![CDATA[ 54 Golang crypto package misidentified as SSH 55 ]]></notes> 56 <packageUrl regex="true">^pkg:golang/golang\.org/x/crypto@.*$</packageUrl> 57 <cpe>cpe:/a:ssh:ssh</cpe> 58 </suppress> 59 <suppress> 60 <notes><![CDATA[ 61 DoS affecting `Delete`; no references to the operation in codebase or dependencies 62 ]]></notes> 63 <packageUrl regex="true">^pkg:golang/github\.com/buger/jsonparser@.*$</packageUrl> 64 <cve>CVE-2020-10675</cve> 65 </suppress> 66 </suppressions>