From 110f815613c9e32525daed79167a09b1553d4fc9 Mon Sep 17 00:00:00 2001
From: Lari Hotari <lhotari@apache.org>
Date: Mon, 19 Jun 2023 11:15:19 +0300
Subject: [PATCH] [fix][sec] Suppress false positive CVE-2023-35116 in
 jackson-databind

- see https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1596604021
---
 src/owasp-dependency-check-suppressions.xml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
index 18935d0ef2bbf0..2cb82677db0870 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -433,5 +433,11 @@
        ]]></notes>
         <cve>CVE-2020-8908</cve>
     </suppress>
-
+    <suppress>
+        <notes><![CDATA[
+       This is a false positive in jackson-databind.
+       See https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1596604021
+       ]]></notes>
+        <cve>CVE-2023-35116</cve>
+    </suppress>
 </suppressions>