diff options
| author | Albin <albin@mullvad.net> | 2024-10-04 15:41:02 +0200 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2024-10-04 17:23:31 +0200 |
| commit | 94c1b2c0ac9edbec8dbe3f092d43b382aa74e0e1 (patch) | |
| tree | f3f731ef53486c5faec123e0e3ce69080f300675 /android | |
| parent | a93f452b6f19de409b09f83c6a58c94fe803cbff (diff) | |
| download | mullvadvpn-94c1b2c0ac9edbec8dbe3f092d43b382aa74e0e1.tar.xz mullvadvpn-94c1b2c0ac9edbec8dbe3f092d43b382aa74e0e1.zip | |
Suppress CVE-2024-47554
Diffstat (limited to 'android')
| -rw-r--r-- | android/config/dependency-check-suppression.xml | 7 | ||||
| -rw-r--r-- | android/gradle/osv-scanner.toml | 5 |
2 files changed, 12 insertions, 0 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml index 2462a467ba..3b03ea05c0 100644 --- a/android/config/dependency-check-suppression.xml +++ b/android/config/dependency-check-suppression.xml @@ -49,4 +49,11 @@ <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-.*@.*$</packageUrl> <cve>CVE-2024-7254</cve> </suppress> + <suppress until="2025-01-04Z"> + <notes><![CDATA[ + No impact since the app doesn't process externally crafted XML. + ]]></notes> + <packageUrl regex="true">^pkg:maven/commons-io/commons-io@.*$</packageUrl> + <cve>CVE-2024-47554</cve> + </suppress> </suppressions> diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml index ce19dcfe26..6d28c7564d 100644 --- a/android/gradle/osv-scanner.toml +++ b/android/gradle/osv-scanner.toml @@ -73,6 +73,11 @@ id = "CVE-2024-7254" # GHSA-735f-pc8j-v9w8 ignoreUntil = 2024-11-02 reason = "Should not be applicable since client and server are always in sync and we are only communicating locally over UDS." +[[IgnoredVulns]] +id = "CVE-2024-47554" # GHSA-78wr-2p64-hpwj +ignoreUntil = 2025-01-04 +reason = "No impact since the app doesn't process externally crafted XML." + [[PackageOverrides]] name = "org.bouncycastle:bcprov-jdk15on" ecosystem = "Maven" |