[fix][sec] Add OWASP Dependency Check suppressions (#21281)

lhotari · lhotari · commit 62acc2b01279 · 2023-09-30T14:20:03.000+03:00
(cherry picked from commit 1bf7371) # Conflicts: # src/owasp-dependency-check-suppressions.xml
diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
@@ -404,4 +404,16 @@
         <cve>CVE-2020-8908</cve>
     </suppress>
 
+    <suppress>
+        <notes><![CDATA[
+   This is a false positive in avro-protobuf. The vulnerability is in Hamba avro golang library.
+   ]]></notes>
+        <cve>CVE-2023-37475</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+    This CVE can be suppressed since it is covered in Pulsar by hostname verification changes made in https://github.com/apache/pulsar/pull/15824.
+   ]]></notes>
+        <cve>CVE-2023-4586</cve>
+    </suppress>
 </suppressions>
