Merge branch 'suppress-CVE-2021-37533'

2 files changed, 30 insertions, 0 deletions

diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index c90c64c949..3aad669277 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -21,4 +21,19 @@
         <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl>
         <cve>CVE-2022-3171</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+        This CVE affects the Apache Commons Net's FTP client that this app doesn't use.
+        https://www.openwall.com/lists/oss-security/2022/12/03/1
+
+        File names:
+        - commons-beanutils-1.9.4.jar
+        - commons-collections-3.2.2.jar
+        - commons-digester-2.1.jar
+        - commons-logging-1.2.jar
+        - commons-validator-1.7.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl>
+        <cve>CVE-2021-37533</cve>
+    </suppress>
 </suppressions>
diff --git a/android/e2e/e2e-suppression.xml b/android/e2e/e2e-suppression.xml
index 86e10bebb2..4729d5da68 100644
--- a/android/e2e/e2e-suppression.xml
+++ b/android/e2e/e2e-suppression.xml
@@ -28,4 +28,19 @@
         <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl>
         <cve>CVE-2022-3171</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+        This CVE affects the Apache Commons Net's FTP client that this app doesn't use.
+        https://www.openwall.com/lists/oss-security/2022/12/03/1
+
+        File names:
+        - commons-beanutils-1.9.4.jar
+        - commons-collections-3.2.2.jar
+        - commons-digester-2.1.jar
+        - commons-logging-1.2.jar
+        - commons-validator-1.7.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl>
+        <cve>CVE-2021-37533</cve>
+    </suppress>
 </suppressions>