From 4d09728880b5226ea7f5d03719f176b269389ddb Mon Sep 17 00:00:00 2001
From: Sebastian Schuberth <sschuberth@gmail.com>
Date: Mon, 19 Jun 2023 22:31:50 +0200
Subject: [PATCH] Suppress a CVE false-positive for jackson-databind 2.14.2

Also see https://github.com/cryptomator/cryptomator/pull/2961#issuecomment-1597652134.
---
 suppression.xml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/suppression.xml b/suppression.xml
index e7cc4ea65..36b795480 100644
--- a/suppression.xml
+++ b/suppression.xml
@@ -55,4 +55,12 @@
 		<cve>CVE-2022-45688</cve>
 	</suppress>
 
-</suppressions>
\ No newline at end of file
+	<suppress>
+		<notes><![CDATA[
+		False positive for jackson-databind-2.14.2.jar, see https://github.com/FasterXML/jackson-databind/issues/3972
+   ]]></notes>
+		<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+		<cve>CVE-2023-35116</cve>
+	</suppress>
+
+</suppressions>