[BUILD-1085] Suppress CVE mismatches about swagger-parser-safe-url-resolver Created: 05/Jun/23 Updated: 09/Jun/23 Resolved: 05/Jun/23 |
|
| Status: | Closed |
| Project: | Build |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Federico Grilli | Assignee: | Federico Grilli |
| Resolution: | Done | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoR: |
Empty
|
| Team: | |
| Work Started: | |
| Approved: |
Yes
|
| Description |
swagger-parser-safe-url-resolver-2.1.15.jar (pkg:maven/io.swagger.parser.v3/swagger-parser-safe-url-resolver@2.1.15, cpe:2.3:a:parse-url_project:parse-url:2.1.15:*:*:*:*:*:*:*, cpe:2.3:a:swagger:swagger-parser:2.1.15:*:*:*:*:*:*:*) : CVE-2022-2216, CVE-2022-2900, CVE-2022-0722, CVE-2022-2217, CVE-2022-2218, CVE-2022-3224 Old CVEs concerning a js library for parsing URLs not used by Magnolia, https://github.com/IonicaBizau/parse-url https://nvd.nist.gov/vuln/detail/CVE-2022-2216 |