Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(sec): add false positive suppression for stax2-api
The origin of CVE-2022-40152 is chaotic at best. It first popped up in x-stream/xstream#304. There was a problem with Woodstox, which was resolved for version 6.4.0 in FasterXML/woodstox#160. Now the CVE is reported on the *API* package, not the implementation. We're safe here and can suppress the CPE as false positive.
- Loading branch information