chore: update suppressions

hypertrace · Oct 16, 2024 · 9faadba · 9faadba
1 parent 3e2f5b1
commit 9faadba
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/dependency-check/global-suppressions.xml b/dependency-check/global-suppressions.xml
@@ -17,9 +17,16 @@
    Ref:
    https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\[email protected].53\..*$</packageUrl>
+    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\[email protected].5[3-9]\..*$</packageUrl>
     <vulnerabilityName>CVE-2023-36479</vulnerabilityName>
   </suppress>
+  <suppress>
+    <notes><![CDATA[
+   This is a low severity (<4) vuln with no fix released supported in jetty 9. Revisit on jetty upgrade.
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\-http@9.*$</packageUrl>
+    <vulnerabilityName>CVE-2024-6763</vulnerabilityName>
+  </suppress>
   <suppress>
     <notes><![CDATA[
    Wire android app not a match for squareup's wire packages