ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer

eolivelli · phunt · commit 3bd6b1950eea · 2020-01-18T11:06:01.000-08:00
Suppress error for CVE-2019-17571 as it does not affect us. We are not running the log4j server. Author: Enrico Olivelli <eolivelli@apache.org> Reviewers: phunt@apache.org Closes #1209 from eolivelli/fix/ZOOKEEPER-3677-owasp-log4j Change-Id: I0ef24a7b142cd32ccf4f5c18f9e0c0132a413d6c
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
@@ -41,4 +41,9 @@
            this writing  -->
       <cve>CVE-2019-3826</cve>
    </suppress>
+   <suppress>
+      <!-- false positive for us, it is about log4j server in log4j-1.2.17.jar
+           ZOOKEEPER-3677 -->
+      <cve>CVE-2019-17571</cve>
+   </suppress>
 </suppressions>
