forked from IHTSDO/snap2snomed
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.trivyignore
28 lines (21 loc) · 1.01 KB
/
.trivyignore
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# Accept the risk for DEX
CVE-2022-27191
CVE-2022-30065
# resource exhaustion attack on jackson-databind, a transitive dependency of problem-spring-web-starter (api) remove when problem-spring-web-starter updates dependency to 2.14.0-rc1 or greater
CVE-2022-42003
CVE-2022-42004
# remove when spring boot > 3 .. risk seems to be of crashing rather than security
CVE-2023-1370
# Even the latest version of springboot-starter-web 3.0.2 have transitive dependencies: tomcat-embed-core-9.0.68.jar and spring-web-5.3.23.jar with these issues
CVE-2022-45143
# remove when spring-web (dependency of spring-boot-starter-web) is 6.0.0 or above
CVE-2016-1000027
# dependency of spring-boot-starter-actuator with no available fix
# still an issue 2024/01/24
CVE-2023-6378
# no fix, SQL injection issue which is minimal. Remove when querydsl-jpa addresses this issue
CVE-2024-49203
# can't move to the version with the fix as it breaks the app
CVE-2024-38816
# can't move to the version with the fix as it breaks the app
CVE-2024-38819