Skip to content

Commit cb8fd1a

Browse files
aaron-steinfeldaaron-steinfeld
authored
fix: suppress grpc-go vuln (#91)
1 parent 9c3702c commit cb8fd1a

1 file changed

Lines changed: 9 additions & 1 deletion

File tree

dependency-check/global-suppressions.xml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -156,5 +156,13 @@
156156
]]></notes>
157157
<packageUrl regex="true">^pkg:maven/io\.micrometer/micrometer-registry-prometheus-simpleclient@.*$</packageUrl>
158158
<cpe>cpe:/a:prometheus:prometheus</cpe>
159-
</suppress>
159+
</suppress>
160+
<suppress>
161+
<notes><![CDATA[
162+
CVE-2026-33186 is a false positive. The CVE affects grpc-go (the Go implementation of gRPC),
163+
not grpc-java (io.grpc). These are distinct projects sharing the same CPE identifier.
164+
]]></notes>
165+
<packageUrl regex="true">^pkg:maven/io\.grpc/grpc-.*@.*$</packageUrl>
166+
<cve>CVE-2026-33186</cve>
167+
</suppress>
160168
</suppressions>

0 commit comments

Comments
 (0)