diff options
| author | Jonatan Rhodin <jonatan.rhodin@mullvad.net> | 2025-09-04 09:57:16 +0200 |
|---|---|---|
| committer | Jonatan Rhodin <jonatan.rhodin@mullvad.net> | 2025-09-04 14:20:10 +0200 |
| commit | 049a7647035f1a91b9d991c331b2b5f90d009355 (patch) | |
| tree | c6c6f194e8d45d34c83e81ba2946a58d2ecd50f1 | |
| parent | 476b3e70b3fa57c91529cc7e5ae984f1d5bf2776 (diff) | |
| download | mullvadvpn-049a7647035f1a91b9d991c331b2b5f90d009355.tar.xz mullvadvpn-049a7647035f1a91b9d991c331b2b5f90d009355.zip | |
Ignore CVE-2025-58057 on android
| -rw-r--r-- | android/gradle/osv-scanner.toml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml index acb7e63c01..66ccb3eb47 100644 --- a/android/gradle/osv-scanner.toml +++ b/android/gradle/osv-scanner.toml @@ -78,3 +78,9 @@ reason = "Netty is not used in conjunction with SSL." id = "CVE-2025-55163" # GHSA-prj3-ccx8-p6x4 ignoreUntil = 2025-11-14 reason = "No impact on this app since it uses UDS rather than HTTP2." + +# netty: Netty's decoders vulnerable to DoS via zip bomb style attack +[[IgnoredVulns]] +id = "CVE-2025-58057" # GHSA-3p8m-j85q-pgmj +ignoreUntil = 2025-12-04 +reason = "We do not use netty decoders" |