diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2024-08-23 13:31:04 +0200 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2024-08-23 13:37:15 +0200 |
| commit | 489f6160a62847e576a7170e8dc32f1cf12e8886 (patch) | |
| tree | 4b320f58e9580d6155bb36b2fa14a16da5955ae4 /ci | |
| parent | a1be93fce7d375cc4571ae6bfca63a6fac22defe (diff) | |
| download | mullvadvpn-489f6160a62847e576a7170e8dc32f1cf12e8886.tar.xz mullvadvpn-489f6160a62847e576a7170e8dc32f1cf12e8886.zip | |
Ignore rexml CVE-2024-43398
Diffstat (limited to 'ci')
| -rw-r--r-- | ci/ios/upload-vm/osv-scanner.toml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ci/ios/upload-vm/osv-scanner.toml b/ci/ios/upload-vm/osv-scanner.toml new file mode 100644 index 0000000000..1a26a0cfe2 --- /dev/null +++ b/ci/ios/upload-vm/osv-scanner.toml @@ -0,0 +1,8 @@ +# See repository root `osv-scanner.toml` for instructions and rules for this file. + +# rexml: The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML +# that has many deep elements that have same local name attributes. +[[IgnoredVulns]] +id = "CVE-2024-43398" # GHSA-952p-6rrq-rcjv +ignoreUntil = 2024-11-23 +reason = "rexml only parses trusted input (responses from Apple's APIs) in this code" |