diff options
| author | Tobias Järvelöv <tobias.jarvelov@mullvad.net> | 2025-09-10 16:47:50 +0200 |
|---|---|---|
| committer | Tobias Järvelöv <tobias.jarvelov@mullvad.net> | 2025-09-11 09:51:26 +0200 |
| commit | bc04272cbe1c2956ff31efcdccb313c1d69c5447 (patch) | |
| tree | c603be16bf714d0f9667f92991fdc3a3ea6a4f75 /desktop | |
| parent | e7de4693adc78878d2686f228b5c91c6bb9bc319 (diff) | |
| download | mullvadvpn-bc04272cbe1c2956ff31efcdccb313c1d69c5447.tar.xz mullvadvpn-bc04272cbe1c2956ff31efcdccb313c1d69c5447.zip | |
Ignore vite vulnerability for a week
The vulnerable code is only used in development and not in production
and requires local system access to exploit.
Fixing requires upgrading vite to a new major version, which will take
a few days.
Diffstat (limited to 'desktop')
| -rw-r--r-- | desktop/osv-scanner.toml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/desktop/osv-scanner.toml b/desktop/osv-scanner.toml index b78346cac8..72f6cc3e06 100644 --- a/desktop/osv-scanner.toml +++ b/desktop/osv-scanner.toml @@ -29,3 +29,15 @@ reason = "There is no fix yet and we don't send untrusted input to the first arg id = "CVE-2025-55305" # GHSA-vmqv-hx8q-j7mg ignoreUntil = 2025-12-04 reason = "The embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses aren't enabled" + +# vite: The vulnerable code is only used in development and not in production and requires local system access to exploit. +[[IgnoredVulns]] +id = "CVE-2025-58751" # GHSA-g4jq-h2w9-997c +ignoreUntil = 2025-09-17 +reason = "Fixing requires upgrading vite to a new major version, which will take a few days." + +# vite: The vulnerable code is only used in development and not in production and requires local system access to exploit. +[[IgnoredVulns]] +id = "CVE-2025-58752" # GHSA-jqfw-vq24-v9c3 +ignoreUntil = 2025-09-17 +reason = "Fixing requires upgrading vite to a new major version, which will take a few days." |