From 6f34db51a7158a89ef4cd246aa8c68776f067f70 Mon Sep 17 00:00:00 2001
From: mekya <ahmetmermerkaya@gmail.com>
Date: Sat, 11 Jan 2025 13:42:59 +0300
Subject: [PATCH] Supress the vulnerability with a message

---
 owasp-suppressions.xml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
index 6d6568a2d..409c152cc 100644
--- a/owasp-suppressions.xml
+++ b/owasp-suppressions.xml
@@ -131,6 +131,16 @@
 	   <packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat-catalina@10\.1\.34$</packageUrl>
 	   <cve>CVE-2024-56337</cve>
 	</suppress>
-	
+	<suppress>
+	   <notes><![CDATA[
+	   file name: ffmpeg-7.1-1.5.11.jar
+	   file name: ffmpeg-7.1-1.5.11-linux-arm64.jar
+	   This vulnerability causes problem when Ant Media Server pulls a HLS stream as a stream source. If you're not pulling HLS stream from a source, it will not effect you. 
+	   If you're pulling a stream from a third party resource, then make sure your third party is trusted until there is a fix available for this issue on FFmpeg side. When the fix is available,
+	   we'll update the FFmpeg version in Ant Media Server. 
+	   ]]></notes>
+	   <packageUrl regex="true">^pkg:maven/org\.bytedeco/ffmpeg@.*$</packageUrl>
+	   <vulnerabilityName>CVE-2023-6603</vulnerabilityName>
+	</suppress>
 	
 </suppressions>