Supress grpc-*-1.57.1 jar CVE-2023-44487 (main -> ce/main @105126)

[git-p4: depot-paths = "//dev/coherence-ce/main/": change = 105127]
DerjanLukas30 · Dec 6, 2023 · 0bedda4 · 0bedda4
1 parent 226721a
commit 0bedda4
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/prj/etc/dependency-check-suppression.xml b/prj/etc/dependency-check-suppression.xml
@@ -513,4 +513,17 @@
     <cve>CVE-2023-5763</cve>
   </suppress>
 
+  <!-- COH-29067 	Update grpc-*-1.57.1 jar if and when fix available for CVE-2023-44487
+  -->
+  <suppress>
+    <notes><![CDATA[
+    file name: grpc-core-1.57.1.jar
+    file name: grpc-protobuf-1.57.1.jar
+    ]]></notes>
+    <packageUrl regex="true">^pkg:maven/io\.grpc/grpc.*@.*$</packageUrl>
+    <cpe>cpe:2.3:a:grpc:grpc</cpe>
+    <cpe>cpe:2.3:a:protobuf:protobuf</cpe>
+    <cve>CVE-2023-44487</cve>
+  </suppress>
+
 </suppressions>