Merge branch 'suppress-CVE-2021-33813'

author: David Göransson <david.goransson@mullvad.net> 2025-09-18 08:25:48 +0200
committer: David Göransson <david.goransson@mullvad.net> 2025-09-18 08:25:48 +0200
commit: 9356c2fd18d9132caf2d20f87321215c16e67390 (patch)
tree: 0651feb1cc30c4fa3cc3930ed3e53e92369f0bc6 /android
parent: f201b8ac7e07985f0996eecae6897076bf410f9f (diff)
parent: 8bedbb42bab797cb7f318954550474bc5e8b67da (diff)
download: mullvadvpn-9356c2fd18d9132caf2d20f87321215c16e67390.tar.xz
mullvadvpn-9356c2fd18d9132caf2d20f87321215c16e67390.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml
index d9ebfe503c..94c3e09539 100644
--- a/android/gradle/osv-scanner.toml
+++ b/android/gradle/osv-scanner.toml
@@ -90,3 +90,9 @@ reason = "We do not use netty decoders"
 id = "CVE-2025-58056" #  GHSA-fghv-69vj-qj49
 ignoreUntil = 2025-11-01
 reason = "No impact on this app since it uses UDS rather than HTTP2."
+
+# XML External Entity (XXE) Injection in JDOM
+[[IgnoredVulns]]
+id = "CVE-2021-33813" #  GHSA-2363-cqg2-863c
+ignoreUntil = 2025-11-01
+reason = "JDOM is used by AGP and not the app directly"
author	David Göransson <david.goransson@mullvad.net>	2025-09-18 08:25:48 +0200
committer	David Göransson <david.goransson@mullvad.net>	2025-09-18 08:25:48 +0200
commit	9356c2fd18d9132caf2d20f87321215c16e67390 (patch)
tree	0651feb1cc30c4fa3cc3930ed3e53e92369f0bc6 /android
parent	f201b8ac7e07985f0996eecae6897076bf410f9f (diff)
parent	8bedbb42bab797cb7f318954550474bc5e8b67da (diff)
download	mullvadvpn-9356c2fd18d9132caf2d20f87321215c16e67390.tar.xz mullvadvpn-9356c2fd18d9132caf2d20f87321215c16e67390.zip