suppressing cve warning for CVE-2023-5072 on json-20231013

LabKey · Oct 25, 2023 · e9e4717 · e9e4717
1 parent 2163ce4
commit e9e4717
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
@@ -279,4 +279,17 @@
         <packageUrl regex="true">^pkg:maven/io\.netty/netty\-handler@.*$</packageUrl>
         <vulnerabilityName>CVE-2023-4586</vulnerabilityName>
     </suppress>
+
+    <!--
+    json-java versioning does not work with cpe; suppressing specifically for CVE-2023-5072
+    -->
+    <suppress>
+        <notes><![CDATA[
+   file name: json-20231013.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
+        <cve>CVE-2023-5072</cve>
+    </suppress>
+
 </suppressions>
+