Exclude vulnerability

exasol · Aug 30, 2023 · 2e68719 · 2e68719
1 parent ed4dc84
commit 2e68719
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/parent-pom/pom.xml b/parent-pom/pom.xml
@@ -457,6 +457,10 @@
                         <!-- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (9.8); -->
                         <!-- https://ossindex.sonatype.org/vulnerability/CVE-2022-26612 -->
                         <exclude>CVE-2022-26612</exclude>
+                        <!-- Transitive dependency io.netty:netty-handler used by software.amazon.awssdk:*.
+                                                Vulnerability still present in latest version 4.1.97.Final.
+                                                We assume that the AWS SDK's usage of netty is not affected. -->
+                        <exclude>CVE-2023-4586</exclude>
                     </excludeVulnerabilityIds>
                 </configuration>
             </plugin>