Ignore CVE-2025-58056 on android

author: David Göransson <david.goransson@mullvad.net> 2025-09-05 10:11:57 +0200
committer: David Göransson <david.goransson@mullvad.net> 2025-09-05 11:31:38 +0200
commit: d090433bd2588e43fb328b260b0c4de478458965 (patch)
tree: 1065eec9b2caf510400f538921c7122ce1ff062e /android
parent: 7c094f3b64c35fc1d3bdb26ebc66cbc4b2ab1f07 (diff)
download: mullvadvpn-d090433bd2588e43fb328b260b0c4de478458965.tar.xz
mullvadvpn-d090433bd2588e43fb328b260b0c4de478458965.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml
index 66ccb3eb47..613d5ccc06 100644
--- a/android/gradle/osv-scanner.toml
+++ b/android/gradle/osv-scanner.toml
@@ -84,3 +84,9 @@ reason = "No impact on this app since it uses UDS rather than HTTP2."
 id = "CVE-2025-58057" # GHSA-3p8m-j85q-pgmj
 ignoreUntil = 2025-12-04
 reason = "We do not use netty decoders"
+
+# netty: Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions
+[[IgnoredVulns]]
+id = "CVE-2025-58056" #  GHSA-fghv-69vj-qj49
+ignoreUntil = 2025-12-04
+reason = "No impact on this app since it uses UDS rather than HTTP2."
author	David Göransson <david.goransson@mullvad.net>	2025-09-05 10:11:57 +0200
committer	David Göransson <david.goransson@mullvad.net>	2025-09-05 11:31:38 +0200
commit	d090433bd2588e43fb328b260b0c4de478458965 (patch)
tree	1065eec9b2caf510400f538921c7122ce1ff062e /android
parent	7c094f3b64c35fc1d3bdb26ebc66cbc4b2ab1f07 (diff)
download	mullvadvpn-d090433bd2588e43fb328b260b0c4de478458965.tar.xz mullvadvpn-d090433bd2588e43fb328b260b0c4de478458965.zip