suppress multiple CVEs for jfreechart (#807)

* suppress CVE-2024-22949 for jfreechart * also suppress CVE-2023-52070 and CVE-2024-23076 for jfreechart
LabKey · Apr 21, 2024 · ff328ad · ff328ad
1 parent 94f7bd7
commit ff328ad
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
@@ -325,5 +325,38 @@
         <vulnerabilityName>CVE-2024-23080</vulnerabilityName>
     </suppress>
 
+    <!--
+    suppress CVE-2024-22949 for jfreechart, may become moot after subsequent upgrades
+    -->
+    <suppress>
+        <notes><![CDATA[
+   file name: jfreechart-1.0.19.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.jfree/jfreechart@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-22949</vulnerabilityName>
+    </suppress>
+
+    <!--
+    suppress CVE-2023-52070 for jfreechart, may become moot after subsequent upgrades
+    -->
+    <suppress>
+        <notes><![CDATA[
+   file name: jfreechart-1.0.19.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.jfree/jfreechart@.*$</packageUrl>
+        <vulnerabilityName>CVE-2023-52070</vulnerabilityName>
+    </suppress>
+
+    <!--
+    suppress CVE-2024-23076 for jfreechart, may become moot after subsequent upgrades
+    -->
+    <suppress>
+        <notes><![CDATA[
+   file name: jfreechart-1.0.19.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.jfree/jfreechart@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-23076</vulnerabilityName>
+    </suppress>
+
 </suppressions>