代码拉取完成,页面将自动刷新
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: xz-1.8.jar (vulnerable script xzgrep is not used nor included by Nuxeo)
]]></notes>
<gav regex="true">^org\.tukaani:xz:.*$</gav>
<cve>CVE-2015-4035</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: geronimo-connector-2.2.1-NX1.jar (vulnerable Geronimo SUSE init script is not used nor included by Nuxeo)
]]></notes>
<gav regex="true">^org\.apache\.geronimo\.components:geronimo-connector:.*$</gav>
<cve>CVE-2008-0732</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: geronimo-transaction-2.2.1.jar
(CVE-2008-0732: vulnerable Geronimo SUSE init script is not used nor included by Nuxeo)
(CVE-2011-5034: vulnerable code not in geronimo-transaction)
]]></notes>
<gav regex="true">^org\.apache\.geronimo\.components:geronimo-transaction:.*$</gav>
<cve>CVE-2008-0732</cve>
<cve>CVE-2011-5034</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: xbean-naming-3.18.jar (vulnerable Geronimo SUSE init script is not used nor included by Nuxeo)
]]></notes>
<gav regex="true">^org\.apache\.xbean:xbean-naming:.*$</gav>
<cve>CVE-2008-0732</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: vaadin-sass-compiler-0.9.12-NX01.jar (vulnerability is in vaadin itself, not sass-compiler)
]]></notes>
<gav regex="true">^com\.vaadin:vaadin-sass-compiler:.*$</gav>
<cve>CVE-2011-0509</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: annotations-12.0.jar (vulnerability is not in annotations)
]]></notes>
<gav regex="true">^com\.intellij:annotations:.*$</gav>
<cve>CVE-2017-8316</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: scala-library-2.12.3.jar (vulnerable compilation daemon is not used nor included by Nuxeo)
]]></notes>
<gav regex="true">^org\.scala-lang:scala-library:.*$</gav>
<cve>CVE-2017-15288</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: scala-reflect-2.12.3.jar (vulnerable compilation daemon is not used nor included by Nuxeo)
]]></notes>
<gav regex="true">^org\.scala-lang:scala-reflect:.*$</gav>
<cve>CVE-2017-15288</cve>
</suppress>
<suppress>
<notes><![CDATA[
Jetty is only used in tests
]]></notes>
<cve>CVE-2017-7656</cve>
<cve>CVE-2017-7657</cve>
<cve>CVE-2017-7658</cve>
<cve>CVE-2017-9735</cve>
</suppress>
<suppress>
<notes><![CDATA[
Spurious match of old Tomcat CVEs.
]]></notes>
<cve>CVE-2000-0672</cve>
<cve>CVE-2000-0760</cve>
<cve>CVE-2000-1210</cve>
<cve>CVE-2001-0590</cve>
<cve>CVE-2002-0493</cve>
<cve>CVE-2002-1148</cve>
<cve>CVE-2002-1394</cve>
<cve>CVE-2002-2006</cve>
<cve>CVE-2002-2272</cve>
<cve>CVE-2003-0042</cve>
<cve>CVE-2003-0043</cve>
<cve>CVE-2003-0044</cve>
<cve>CVE-2003-0045</cve>
<cve>CVE-2003-0866</cve>
<cve>CVE-2005-0808</cve>
<cve>CVE-2005-4838</cve>
<cve>CVE-2006-7196</cve>
<cve>CVE-2007-0450</cve>
<cve>CVE-2007-1355</cve>
<cve>CVE-2007-1358</cve>
<cve>CVE-2007-2449</cve>
<cve>CVE-2007-2450</cve>
<cve>CVE-2007-3382</cve>
<cve>CVE-2007-3383</cve>
<cve>CVE-2007-3385</cve>
<cve>CVE-2007-3386</cve>
<cve>CVE-2007-5333</cve>
<cve>CVE-2007-5342</cve>
<cve>CVE-2007-5461</cve>
<cve>CVE-2007-6286</cve>
<cve>CVE-2008-0128</cve>
<cve>CVE-2008-1232</cve>
<cve>CVE-2008-1947</cve>
<cve>CVE-2008-2370</cve>
<cve>CVE-2008-2938</cve>
<cve>CVE-2008-5515</cve>
<cve>CVE-2008-5519</cve>
<cve>CVE-2009-0033</cve>
<cve>CVE-2009-0580</cve>
<cve>CVE-2009-0781</cve>
<cve>CVE-2009-0783</cve>
<cve>CVE-2009-2693</cve>
<cve>CVE-2009-2696</cve>
<cve>CVE-2009-2901</cve>
<cve>CVE-2009-2902</cve>
<cve>CVE-2009-3548</cve>
<cve>CVE-2010-1157</cve>
<cve>CVE-2010-2227</cve>
<cve>CVE-2010-3718</cve>
<cve>CVE-2010-4312</cve>
<cve>CVE-2011-0013</cve>
<cve>CVE-2011-0534</cve>
<cve>CVE-2011-1184</cve>
<cve>CVE-2011-2204</cve>
<cve>CVE-2011-2526</cve>
<cve>CVE-2011-3190</cve>
<cve>CVE-2011-4858</cve>
<cve>CVE-2011-5062</cve>
<cve>CVE-2011-5063</cve>
<cve>CVE-2011-5064</cve>
<cve>CVE-2012-0022</cve>
<cve>CVE-2012-2733</cve>
<cve>CVE-2012-3544</cve>
<cve>CVE-2012-3546</cve>
<cve>CVE-2012-4431</cve>
<cve>CVE-2012-4534</cve>
<cve>CVE-2012-5568</cve>
<cve>CVE-2012-5885</cve>
<cve>CVE-2012-5886</cve>
<cve>CVE-2012-5887</cve>
<cve>CVE-2013-2185</cve>
<cve>CVE-2013-4286</cve>
<cve>CVE-2013-4322</cve>
<cve>CVE-2013-4444</cve>
<cve>CVE-2013-4590</cve>
<cve>CVE-2013-6357</cve>
<cve>CVE-2014-0075</cve>
<cve>CVE-2014-0096</cve>
<cve>CVE-2014-0099</cve>
<cve>CVE-2014-0119</cve>
<cve>CVE-2014-0227</cve>
<cve>CVE-2014-0230</cve>
<cve>CVE-2014-7810</cve>
<cve>CVE-2015-5174</cve>
<cve>CVE-2015-5345</cve>
<cve>CVE-2016-0706</cve>
<cve>CVE-2016-0714</cve>
<cve>CVE-2016-0762</cve>
<cve>CVE-2016-1240</cve>
<cve>CVE-2016-5018</cve>
<cve>CVE-2016-5388</cve>
<cve>CVE-2016-5425</cve>
<cve>CVE-2016-6325</cve>
<cve>CVE-2016-6794</cve>
<cve>CVE-2016-6796</cve>
<cve>CVE-2016-6797</cve>
<cve>CVE-2016-6816</cve>
<cve>CVE-2016-8735</cve>
<cve>CVE-2016-9774</cve>
<cve>CVE-2016-9775</cve>
<cve>CVE-2017-5647</cve>
<cve>CVE-2017-6056</cve>
</suppress>
<suppress>
<notes><![CDATA[
Elasticsearch Alerting and Monitoring is not used nor included by Nuxeo
]]></notes>
<cve>CVE-2018-3831</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: slf4j-api-1.7.25.jar (vulnerable slf4j-ext is not included in Nuxeo)
]]></notes>
<gav regex="true">^org\.slf4j:slf4j-api:.*$</gav>
<cve>CVE-2018-8088</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: avro-1.8.2.jar (shaded: com.google.guava:guava:11.0.2)
Shaded Guava in AVRO does not included the vulnerable AtomicDoubleArray class
]]></notes>
<gav regex="true">^com\.google\.guava:guava:11.0.2$</gav>
<cve>CVE-2018-10237</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: openstack-keystone-2.1.1.jar (OpenStack Keystone not included in Nuxeo)
]]></notes>
<gav regex="true">^org\.apache\.jclouds\.api:openstack-keystone:.*$</gav>
<cpe>cpe:/a:openstack:openstack</cpe>
<cpe>cpe:/a:openstack:keystone</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: openstack-swift-2.1.1.jar (OpenStack Swift not included in Nuxeo)
]]></notes>
<gav regex="true">^org\.apache\.jclouds\.api:openstack-swift:.*$</gav>
<cpe>cpe:/a:openstack:openstack</cpe>
<cpe>cpe:/a:openstack:swift</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: postgresql-42.2.5.jar (PostgreSQL not included in Nuxeo)
]]></notes>
<gav regex="true">^org\.postgresql:postgresql:.*$</gav>
<cpe>cpe:/a:postgresql:postgresql</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: mysql-connector-java-5.1.47.jar (MySQL not included in Nuxeo)
]]></notes>
<gav regex="true">^mysql:mysql-connector-java:.*$</gav>
<cpe>cpe:/a:mysql:mysql</cpe>
<cpe>cpe:/a:oracle:mysql</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: mssql-jdbc-7.0.0.jre8.jar (SQL Server not included in Nuxeo)
]]></notes>
<gav regex="true">^com\.microsoft\.sqlserver:mssql-jdbc:.*$</gav>
<cpe>cpe:/a:microsoft:sql_server</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: quartz-mongodb-2.0.0-NX2.jar (MongoDB not included in Nuxeo)
]]></notes>
<gav regex="true">^com\.novemberain:quartz-mongodb:.*$</gav>
<cpe>cpe:/a:mongodb:mongodb</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: affinity-3.1.9.jar (wrong identification, net.openhft:affinity != thread_project:thread)
]]></notes>
<gav regex="true">^net\.openhft:affinity:.*$</gav>
<cpe>cpe:/a:thread_project:thread</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: ognl-2.7.2.jar (only used in tests; OGNL not used)
]]></notes>
<gav regex="true">^ognl:ognl:.*$</gav>
<cpe>cpe:/a:ognl_project:ognl</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: jsoup-1.4.1.jar (only used in tests)
]]></notes>
<gav regex="true">^org\.jsoup:jsoup:.*$</gav>
<cpe>cpe:/a:jsoup:jsoup</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: jgiven-html-app-0.16.0.jar (only used in tests)
]]></notes>
<gav regex="true">^com\.tngtech\.jgiven:jgiven-html-app:.*$</gav>
<cpe>cpe:/a:app_project:app</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: gatling-app-2.3.1.jar (only used in tests)
]]></notes>
<gav regex="true">^io\.gatling:gatling-app:.*$</gav>
<cpe>cpe:/a:app_project:app</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: gwt-servlet-2.7.0-NX1.jar (protobuf not directly accessible)
]]></notes>
<gav regex="true">^com\.google\.gwt:gwt-servlet:.*$</gav>
<cpe>cpe:/a:google:protobuf</cpe>
</suppress>
</suppressions>
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。