Suppress spurious/not relevant jfreechart CVEs (#1358)

Unidata · Jun 27, 2024 · c2058b2 · c2058b2
1 parent 98545e9
commit c2058b2
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/project-files/owasp-dependency-check/dependency-check-suppression.xml b/project-files/owasp-dependency-check/dependency-check-suppression.xml
@@ -24,4 +24,14 @@
     ]]></notes>
     <cve>CVE-2023-35116</cve>
   </suppress>
+  <suppress>
+    <notes><![CDATA[
+   file name: uicdm-5.5.4-SNAPSHOT.tar: jfreechart-1.0.19.jar
+   reason: Disputed CVEs and we do not use the vulnerable components (BubbleXYItemLabelGenerator.java, /chart/annotations/CategoryLineAnnotation, setSeriesNeedle)
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.jfree/jfreechart@.*$</packageUrl>
+    <vulnerabilityName>CVE-2024-23076</vulnerabilityName>
+    <vulnerabilityName>CVE-2024-22949</vulnerabilityName>
+    <vulnerabilityName>CVE-2023-52070</vulnerabilityName>
+  </suppress>
 </suppressions>