From 8c73fd363bc200e827e702201adc126b04ec48eb Mon Sep 17 00:00:00 2001
From: Philip Roche <phil.roche@chainguard.dev>
Date: Tue, 26 Nov 2024 18:37:42 +0000
Subject: [PATCH] feat(advisory): solr false-positive-determination (#9251)

This is a windows specific CVE.

> This vulnerability is Windows-specific and cannot be exploited on Wolfi OS which is Linux-based. The vulnerable code path requires Windows file system access.

Signed-off-by: philroche <phil.roche@chainguard.dev>
---
 solr.advisories.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/solr.advisories.yaml b/solr.advisories.yaml
index 0a30b6d0e0..09a909a9e4 100644
--- a/solr.advisories.yaml
+++ b/solr.advisories.yaml
@@ -120,6 +120,11 @@ advisories:
             componentType: java-archive
             componentLocation: /usr/share/java/solr/server/solr-webapp/webapp/WEB-INF/lib/netty-common-4.1.111.Final.jar
             scanner: grype
+      - timestamp: 2024-11-26T18:31:08Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-cannot-be-controlled-by-adversary
+          note: This vulnerability is Windows-specific and cannot be exploited on Wolfi OS which is Linux-based. The vulnerable code path requires Windows file system access.
 
   - id: CGA-6rj7-2h6h-rvff
     aliases: