Ignore GHSA-2363-cqg2-863c as it is not relevant

author: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2025-09-17 15:36:53 +0200
committer: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2025-09-17 17:31:04 +0200
commit: 8bedbb42bab797cb7f318954550474bc5e8b67da (patch)
tree: 0651feb1cc30c4fa3cc3930ed3e53e92369f0bc6 /android
parent: f201b8ac7e07985f0996eecae6897076bf410f9f (diff)
download: mullvadvpn-8bedbb42bab797cb7f318954550474bc5e8b67da.tar.xz
mullvadvpn-8bedbb42bab797cb7f318954550474bc5e8b67da.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml
index d9ebfe503c..94c3e09539 100644
--- a/android/gradle/osv-scanner.toml
+++ b/android/gradle/osv-scanner.toml
@@ -90,3 +90,9 @@ reason = "We do not use netty decoders"
 id = "CVE-2025-58056" #  GHSA-fghv-69vj-qj49
 ignoreUntil = 2025-11-01
 reason = "No impact on this app since it uses UDS rather than HTTP2."
+
+# XML External Entity (XXE) Injection in JDOM
+[[IgnoredVulns]]
+id = "CVE-2021-33813" #  GHSA-2363-cqg2-863c
+ignoreUntil = 2025-11-01
+reason = "JDOM is used by AGP and not the app directly"
author	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2025-09-17 15:36:53 +0200
committer	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2025-09-17 17:31:04 +0200
commit	8bedbb42bab797cb7f318954550474bc5e8b67da (patch)
tree	0651feb1cc30c4fa3cc3930ed3e53e92369f0bc6 /android
parent	f201b8ac7e07985f0996eecae6897076bf410f9f (diff)
download	mullvadvpn-8bedbb42bab797cb7f318954550474bc5e8b67da.tar.xz mullvadvpn-8bedbb42bab797cb7f318954550474bc5e8b67da.zip