diff options
| author | Albin <albin@mullvad.net> | 2025-03-12 21:42:28 +0100 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2025-03-12 21:42:28 +0100 |
| commit | 39125664d7e5947f6e627c99ce216b0fa39b733c (patch) | |
| tree | 2a285a10ac65e3ae5d8f9b489a9c63a70f12ff3b | |
| parent | 6ed3e51d6c9ffa12bb273819c48551d0bfa33db9 (diff) | |
| parent | eb70475295cfb65cc594467031e8c21afc6eb8c9 (diff) | |
| download | mullvadvpn-39125664d7e5947f6e627c99ce216b0fa39b733c.tar.xz mullvadvpn-39125664d7e5947f6e627c99ce216b0fa39b733c.zip | |
Merge branch 'suppress-netty-cves'
| -rw-r--r-- | android/gradle/osv-scanner.toml | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml index b4725bdaf7..d39f1297bd 100644 --- a/android/gradle/osv-scanner.toml +++ b/android/gradle/osv-scanner.toml @@ -64,7 +64,7 @@ reason = "No impact since the app doesn't process externally crafted XML." # netty: Denial of Service attack on windows app [[IgnoredVulns]] id = "CVE-2024-47535" # GHSA-xq3w-v528-46rv -ignoreUntil = 2025-02-13 +ignoreUntil = 2025-06-13 reason = "Only impacting Windows." # Several vulns related to bouncy castle that is only being used by lint. @@ -75,3 +75,15 @@ ecosystem = "Maven" ignore = true effectiveUntil = 2025-05-02 reason = "Used by lint and not the app directly." + +# netty: Denial of Service attack on windows app +[[IgnoredVulns]] +id = "CVE-2025-25193" # GHSA-389x-839f-4rhx +ignoreUntil = 2025-06-13 +reason = "Only impacting Windows." + +# netty: Crash when using native SSLEngine +[[IgnoredVulns]] +id = "CVE-2025-24970" # GHSA-4g8c-wm8x-jfhw +ignoreUntil = 2025-06-13 +reason = "Netty is not used in conjunction with SSL." |