From 3c60556f13c89a6c6fe15c139c8ccb30985a41ae Mon Sep 17 00:00:00 2001
From: Andrew Pollock <andrewpollock@users.noreply.github.com>
Date: Tue, 14 Nov 2023 08:44:59 +1000
Subject: [PATCH] Denylist a non-OSS VendorProduct causing misattribution
 (#1812)

---
 vulnfeeds/cpp/main.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vulnfeeds/cpp/main.go b/vulnfeeds/cpp/main.go
index 66fab8320f8..f865d15d457 100644
--- a/vulnfeeds/cpp/main.go
+++ b/vulnfeeds/cpp/main.go
@@ -99,6 +99,7 @@ var VendorProductDenyList = []VendorProduct{
 	{"netapp", ""},
 	// [CVE-2021-28957]: Incorrectly associates with github.com/lxml/lxml
 	{"oracle", "zfs_storage_appliance_kit"},
+	{"gradle", "enterprise"}, // The OSS repo gets mis-attributed via CVE-2020-15767
 }
 
 // Looks at what the repo to determine if it contains code using an in-scope language