Skip to content

Commit

Permalink
Adapt exclusions
Browse files Browse the repository at this point in the history
  • Loading branch information
@kaklakariada
kaklakariada committed Jan 13, 2025
1 parent b6ee404 commit 6927222
Showing 1 changed file with 17 additions and 1 deletion.
18 changes: 17 additions & 1 deletion parent-pom/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,8 +517,24 @@
<artifactId>ossindex-maven-plugin</artifactId>
<configuration>
<excludeVulnerabilityIds>
<!-- org.apache.hadoop:hadoop-common:jar:3.3.6:provided -->
<!-- Excluded because of provided scope: org.apache.hadoop:hadoop-common:jar:3.3.6 -->
<exclude>CVE-2024-23454</exclude>

<!-- Vulnerabilities from older Spark/Hadoop versions -->
<!-- Vulnerabilities from org.codehaus.janino:janino:jar:3.1.9 -->
<!-- CWE-787: Out-of-bounds Write (5.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-33546 -->
<exclude>CVE-2023-33546</exclude>
<!-- Vulnerabilities from org.apache.spark:spark-core_2.12:jar:3.3.2 -->
<!-- CWE-269: Improper Privilege Management (6.4); https://ossindex.sonatype.org/vulnerability/CVE-2023-22946 -->
<exclude>CVE-2023-22946</exclude>
<!-- Vulnerabilities from org.apache.hadoop:hadoop-common:jar:3.3.2 -->
<!-- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (9.8); -->
<!-- https://ossindex.sonatype.org/vulnerability/CVE-2022-25168 -->
<exclude>CVE-2022-25168</exclude>
<!-- Vulnerabilities from org.apache.hadoop:hadoop-common:jar:3.3.2 -->
<!-- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (9.8); -->
<!-- https://ossindex.sonatype.org/vulnerability/CVE-2022-26612 -->
<exclude>CVE-2022-26612</exclude>
</excludeVulnerabilityIds>
</configuration>
</plugin>
Expand Down

0 comments on commit 6927222

Please sign in to comment.