github.com/vnforks/kid/v5@v5.22.1-0.20200408055009-b89d99c65676/dependency-suppression.xml

github.com/vnforks/kid/v5@v5.22.1-0.20200408055009-b89d99c65676/dependency-suppression.xml (about)

     1  <?xml version="1.0" encoding="UTF-8"?>
     2  <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
     3    <suppress>
     4      <notes><![CDATA[
     5        Vulnerable cipher (Salsa20) not used
     6      ]]></notes>
     7      <packageUrl regex="true">^pkg:golang/golang\.org/x/crypto@.*$</packageUrl>
     8      <vulnerabilityName>CVE-2019-11840</vulnerabilityName>
     9    </suppress>
    10    <suppress>
    11      <notes><![CDATA[
    12        MySQL driver misidentified as MySQL server
    13      ]]></notes>
    14      <packageUrl regex="true">^pkg:golang/github\.com/go\-sql\-driver/mysql@.*$</packageUrl>
    15      <cpe>cpe:/a:mysql:mysql</cpe>
    16    </suppress>
    17    <suppress>
    18      <notes><![CDATA[
    19        Various dependencies from GitHub misidentified as GitHub Enterprise
    20      ]]></notes>
    21      <packageUrl regex="true">^pkg:golang/github\.com/.*$</packageUrl>
    22      <cpe>cpe:/a:github:github</cpe>
    23    </suppress>
    24    <suppress>
    25      <notes><![CDATA[
    26        Prometheus client misidentified as server
    27      ]]></notes>
    28      <packageUrl regex="true">^pkg:golang/github\.com/prometheus/client_model@.*$</packageUrl>
    29      <cpe>cpe:/a:prometheus:prometheus</cpe>
    30    </suppress>
    31    <suppress>
    32      <notes><![CDATA[
    33        Vulnerability affects only RBAC and client-cert-auth
    34      ]]></notes>
    35      <packageUrl regex="true">^pkg:golang/github\.com/coreos/etcd@.*$</packageUrl>
    36      <cve>CVE-2018-16886</cve>
    37    </suppress>
    38    <suppress>
    39      <notes><![CDATA[
    40        Golang module misidentified as unrelated CLI toolset
    41      ]]></notes>
    42      <packageUrl regex="true">^pkg:golang/golang\.org/x/tools@.*$</packageUrl>
    43      <cpe>cpe:/a:data-tools_project:data_tools</cpe>
    44    </suppress>
    45    <suppress>
    46      <notes><![CDATA[
    47        Misidentified version (commit hash vs. date)
    48      ]]></notes>
    49      <packageUrl regex="true">^pkg:golang/golang\.org/x/crypto@.*$</packageUrl>
    50      <vulnerabilityName>CVE-2017-3204</vulnerabilityName>
    51    </suppress>
    52    <suppress>
    53      <notes><![CDATA[
    54        Golang crypto package misidentified as SSH
    55      ]]></notes>
    56      <packageUrl regex="true">^pkg:golang/golang\.org/x/crypto@.*$</packageUrl>
    57      <cpe>cpe:/a:ssh:ssh</cpe>
    58    </suppress>
    59    <suppress>
    60      <notes><![CDATA[
    61        DoS affecting `Delete`; no references to the operation in codebase or dependencies
    62      ]]></notes>
    63      <packageUrl regex="true">^pkg:golang/github\.com/buger/jsonparser@.*$</packageUrl>
    64      <cve>CVE-2020-10675</cve>
    65    </suppress>
    66  </suppressions>