cve-suppress.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
   <suppress>
      <notes><![CDATA[
   file name: rd-cli-base.jar (project :rd-cli-base)
   Incorrect match to NPM cli library
   ]]></notes>
      <packageUrl regex="true">^pkg:maven/(rundeck\-cli|org\.rundeck\.cli)/rd\-cli\-.*@.*$</packageUrl>
      <cpe>cpe:/a:cli_project:cli</cpe>
   </suppress>
   <suppress>
      <notes><![CDATA[
   kotlin is not used in build system
   ]]></notes>
      <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib(-(common|jdk7|jdk8))?@.*$</packageUrl>
      <cve>CVE-2022-24329</cve>
   </suppress>
   <suppress>
      <notes><![CDATA[
   file name: toolbelt-snakeyaml-0.2.29.jar
   incorrect match to snakeyaml
   ]]></notes>
      <packageUrl regex="true">^pkg:maven/org\.rundeck\.cli\-toolbelt/toolbelt\-snakeyaml@.*$</packageUrl>
      <cpe>cpe:/a:snakeyaml_project:snakeyaml</cpe>
   </suppress>
   <suppress>
      <notes><![CDATA[
   incorrect match to old rundeck server issue
   ]]></notes>
      <packageUrl regex="true">^pkg:maven/com\.github\.rundeck/rd\-ext\-acl@.*$</packageUrl>
      <cve>CVE-2019-6804</cve>
   </suppress>
   <suppress>
      <notes><![CDATA[
   incorrect match to old rundeck server issue
   ]]></notes>
      <packageUrl regex="true">^pkg:maven/com\.github\.rundeck/rd\-ext\-acl@.*$</packageUrl>
      <cve>CVE-2020-11009</cve>
   </suppress>
   <suppress>
      <notes><![CDATA[
   False positive on transitive kotlin dependency see: https://github.com/jeremylong/DependencyCheck/issues/3133
   ]]></notes>
      <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib@.*$</packageUrl>
      <cve>CVE-2020-15824</cve>
      <cve>CVE-2020-29582</cve>
   </suppress>
   <suppress>
      <notes><![CDATA[
   False positive on transitive kotlin dependency see: https://github.com/jeremylong/DependencyCheck/issues/3133
   ]]></notes>
      <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$</packageUrl>
      <cve>CVE-2020-15824</cve>
      <cve>CVE-2020-29582</cve>
   </suppress>
   <suppress>
      <notes><![CDATA[
   False positive on transitive kotlin dependency see: https://github.com/jeremylong/DependencyCheck/issues/3133
   ]]></notes>
      <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-jdk7@.*$</packageUrl>
      <cve>CVE-2020-15824</cve>
      <cve>CVE-2020-29582</cve>
   </suppress>
   <suppress>
      <notes><![CDATA[
   False positive on transitive kotlin dependency see: https://github.com/jeremylong/DependencyCheck/issues/3133
   ]]></notes>
      <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-jdk8@.*$</packageUrl>
      <cve>CVE-2020-15824</cve>
      <cve>CVE-2020-29582</cve>
   </suppress>
</suppressions>