Suppress CVE-2023-3635

2 files changed, 20 insertions, 0 deletions

diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index 9e7d9e87a2..adb49410dc 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -41,4 +41,14 @@
         <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib.*@.*$</packageUrl>
         <cve>CVE-2022-24329</cve>
     </suppress>
+    <suppress until="2023-12-01Z">
+        <notes><![CDATA[
+        This CVE only affect the leakCanary build type which is limited to memory leak testing etc.
+        This will most likely be solved by bumping to a future version of the leakcanary dependency
+        where a fixed version of okio is used.
+        https://nvd.nist.gov/vuln/detail/CVE-2023-3635
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio@.*$</packageUrl>
+        <cve>CVE-2023-3635</cve>
+    </suppress>
 </suppressions>
diff --git a/android/test/test-suppression.xml b/android/test/test-suppression.xml
index 1a3614b6a9..526f89a2c5 100644
--- a/android/test/test-suppression.xml
+++ b/android/test/test-suppression.xml
@@ -92,4 +92,14 @@
         <packageUrl regex="true">^pkg:maven/com\.android\.tools/common@.*$</packageUrl>
         <cve>CVE-2021-4277</cve>
     </suppress>
+    <suppress until="2023-12-01Z">
+        <notes><![CDATA[
+        This CVE only affect the leakCanary build type which is limited to memory leak testing etc.
+        This will most likely be solved by bumping to a future version of the leakcanary dependency
+        where a fixed version of okio is used.
+        https://nvd.nist.gov/vuln/detail/CVE-2023-3635
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio.*@.*$</packageUrl>
+        <cve>CVE-2023-3635</cve>
+    </suppress>
 </suppressions>