You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Enrico Olivelli (Jira)" <ji...@apache.org> on 2022/02/11 11:16:00 UTC

[jira] [Created] (ZOOKEEPER-4469) Suppress OWASP false positives related to Netty TCNative

Enrico Olivelli created ZOOKEEPER-4469:
------------------------------------------

             Summary: Suppress OWASP false positives related to Netty TCNative 
                 Key: ZOOKEEPER-4469
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4469
             Project: ZooKeeper
          Issue Type: Task
          Components: build
            Reporter: Enrico Olivelli
            Assignee: Enrico Olivelli
             Fix For: 3.8.0, 3.7.1, 3.6.4


OWASP check is reporting this CVEs against netty-tcnative-2.0.48.Final

Those are not problems that affect ZooKeeper, we can exclude them


{code:java}
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0': 
[ERROR] 
[ERROR] netty-tcnative-2.0.48.Final.jar: CVE-2021-43797, CVE-2019-16869, CVE-2015-2156, CVE-2021-37136, CVE-2014-3488, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2021-21409, CVE-2021-21290
{code}
 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)