Denylist a non-OSS VendorProduct causing misattribution (#1812)

google · Nov 13, 2023 · 3c60556 · 3c60556
1 parent a00f6af
commit 3c60556
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/vulnfeeds/cpp/main.go b/vulnfeeds/cpp/main.go
@@ -99,6 +99,7 @@ var VendorProductDenyList = []VendorProduct{
 	{"netapp", ""},
 	// [CVE-2021-28957]: Incorrectly associates with github.com/lxml/lxml
 	{"oracle", "zfs_storage_appliance_kit"},
+	{"gradle", "enterprise"}, // The OSS repo gets mis-attributed via CVE-2020-15767
 }
 
 // Looks at what the repo to determine if it contains code using an in-scope language