Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[owasp] suppress false positive Avro CVE-2021-43045 #13764

Merged
merged 1 commit into from Jan 14, 2022
Merged

[owasp] suppress false positive Avro CVE-2021-43045 #13764

merged 1 commit into from Jan 14, 2022

Conversation

nicoloboschi
Copy link
Contributor

@nicoloboschi nicoloboschi commented Jan 14, 2022
edited

Motivation

OWASP check now fails because of

avro-1.10.2.jar (pkg:maven/org.apache.avro/avro@1.10.2, cpe:2.3:a:apache:avro:1.10.2:*:*:*:*:*:*:*) : CVE-2021-43045

As mentioned here the vulnerability only affects the .NET distribution

Also see the PR apache/avro#1357

Modifications

  • Added suppression for this CVE on Avro packages

Documentation

  • no-need-doc

nicoloboschi added a commit to datastax/pulsar that referenced this pull request Jan 14, 2022
@nicoloboschi
[owasp] suppress false positive Avro CVE-2021-43045 apache#13764
e562496 
(cherry picked from commit 7769eb6)
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jan 14, 2022
@nicoloboschi
Copy link
Contributor Author

/pulsarbot run-failure-checks

1 similar comment
@nicoloboschi
Copy link
Contributor Author

/pulsarbot run-failure-checks

@merlimat merlimat merged commit 2391336 into apache:master Jan 14, 2022
nicoloboschi added a commit to datastax/pulsar that referenced this pull request Feb 28, 2022
@nicoloboschi
[owasp] suppress false positive Avro CVE-2021-43045 (apache#13764)
8957293 
(cherry picked from commit 2391336)
lhotari pushed a commit that referenced this pull request Mar 2, 2022
@nicoloboschi @lhotari
[owasp] suppress false positive Avro CVE-2021-43045 (#13764)
065ccd4 
(cherry picked from commit 2391336)
lhotari pushed a commit that referenced this pull request Mar 2, 2022
@nicoloboschi @lhotari
[owasp] suppress false positive Avro CVE-2021-43045 (#13764)
ee87c7d 
(cherry picked from commit 2391336)
@lhotari lhotari added cherry-picked/branch-2.8 Archived: 2.8 is end of life cherry-picked/branch-2.9 Archived: 2.9 is end of life labels Mar 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@merlimat merlimat merlimat approved these changes

Assignees

@nicoloboschi nicoloboschi

Labels
area/security cherry-picked/branch-2.8 Archived: 2.8 is end of life cherry-picked/branch-2.9 Archived: 2.9 is end of life doc-not-needed Your PR changes do not impact docs release/2.8.3 release/2.9.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@nicoloboschi @merlimat @lhotari @gaoran10 @michaeljmarshall