diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2024-07-04 08:54:39 +0200 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2024-07-09 07:27:44 +0200 |
| commit | c6b0dc3a7821834fd9af8edf3ab67261a2845db3 (patch) | |
| tree | de2c8d225f6d29b57aaf648554a885054867f665 | |
| parent | bcd6bb9279d6bf313eb2215f42f7981752f2bb16 (diff) | |
| download | mullvadvpn-c6b0dc3a7821834fd9af8edf3ab67261a2845db3.tar.xz mullvadvpn-c6b0dc3a7821834fd9af8edf3ab67261a2845db3.zip | |
Add osv-scanner ignores for electron frontend npm stack
| -rw-r--r-- | gui/osv-scanner.toml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/gui/osv-scanner.toml b/gui/osv-scanner.toml new file mode 100644 index 0000000000..cef97fe2d8 --- /dev/null +++ b/gui/osv-scanner.toml @@ -0,0 +1,26 @@ +# See repository root `osv-scanner.toml` for instructions and rules for this file. + +# @grpc/grpc-js: There are two separate code paths in which memory can be allocated per message in +# excess of the grpc.max_receive_message_length channel option +[[IgnoredVulns]] +id = "CVE-2024-37168" # GHSA-7v5v-9h63-cj86 +ignoreUntil = 2024-09-05 +reason = "This component only receives gRPC messages from the trusted mullvad-daemon" + +# yargs-parser Vulnerable to Prototype Pollution +[[IgnoredVulns]] +id = "CVE-2020-7608" # GHSA-p9pc-299p-vxgp +ignoreUntil = 2024-09-05 +reason = "This package is only used to parse commands run by either us or trusted libraries" + +# PostCSS line return parsing error +[[IgnoredVulns]] +id = "CVE-2023-44270" # GHSA-7fh5-64p2-3v2j +ignoreUntil = 2024-09-05 +reason = "This project does not use PostCSS to parse untrusted CSS" + +# braces: Uncontrolled resource consumption +[[IgnoredVulns]] +id = "CVE-2024-4068" # GHSA-grv7-fg5c-xmjg +ignoreUntil = 2024-09-05 +reason = "This package is only used to match paths from either us or trusted libraries" |