Ignore CVE-2025-55163 as it only affects http2

author: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2025-08-14 11:00:14 +0200
committer: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2025-08-14 11:09:20 +0200
commit: 988f48850d8baf2bffe0b2f80de3d522c58bf6e8 (patch)
tree: 85bf062e5deceb863b56a69fdfcbcb254b7e949b /android
parent: d4c9e0428bc474039b733f3dcb5910c34acedb1b (diff)
download: mullvadvpn-988f48850d8baf2bffe0b2f80de3d522c58bf6e8.tar.xz
mullvadvpn-988f48850d8baf2bffe0b2f80de3d522c58bf6e8.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml
index 85d830b085..acb7e63c01 100644
--- a/android/gradle/osv-scanner.toml
+++ b/android/gradle/osv-scanner.toml
@@ -72,3 +72,9 @@ reason = "Only impacting Windows."
 id = "CVE-2025-24970" # GHSA-4g8c-wm8x-jfhw
 ignoreUntil = 2025-09-13
 reason = "Netty is not used in conjunction with SSL."
+
+# netty: MadeYouReset HTTP/2 DDoS vulnerability
+[[IgnoredVulns]]
+id = "CVE-2025-55163" # GHSA-prj3-ccx8-p6x4
+ignoreUntil = 2025-11-14
+reason = "No impact on this app since it uses UDS rather than HTTP2."
author	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2025-08-14 11:00:14 +0200
committer	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2025-08-14 11:09:20 +0200
commit	988f48850d8baf2bffe0b2f80de3d522c58bf6e8 (patch)
tree	85bf062e5deceb863b56a69fdfcbcb254b7e949b /android
parent	d4c9e0428bc474039b733f3dcb5910c34acedb1b (diff)
download	mullvadvpn-988f48850d8baf2bffe0b2f80de3d522c58bf6e8.tar.xz mullvadvpn-988f48850d8baf2bffe0b2f80de3d522c58bf6e8.zip