diff options
| author | Oskar <oskar@mullvad.net> | 2025-09-04 14:16:58 +0200 |
|---|---|---|
| committer | Oskar <oskar@mullvad.net> | 2025-09-05 09:04:23 +0200 |
| commit | ce170f8913b6567d184ee778e4e87df1f488aa1d (patch) | |
| tree | e767009c5b08bf23dd660b29636ba455a1228f8e /desktop | |
| parent | ca181fa48e65151b913f97e94c89e8d84a9c5190 (diff) | |
| download | mullvadvpn-ce170f8913b6567d184ee778e4e87df1f488aa1d.tar.xz mullvadvpn-ce170f8913b6567d184ee778e4e87df1f488aa1d.zip | |
Ignore CVE-2025-55305
Diffstat (limited to 'desktop')
| -rw-r--r-- | desktop/osv-scanner.toml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/desktop/osv-scanner.toml b/desktop/osv-scanner.toml index e46d80f173..b78346cac8 100644 --- a/desktop/osv-scanner.toml +++ b/desktop/osv-scanner.toml @@ -23,3 +23,9 @@ reason = "This is just a dev dependency, and we don't have untrusted input to mi id = "CVE-2024-21528" # GHSA-g974-hxvm-x689 ignoreUntil = 2025-10-17 reason = "There is no fix yet and we don't send untrusted input to the first argument of addTranslations" + +# electron: Electron has ASAR Integrity Bypass via resource modification +[[IgnoredVulns]] +id = "CVE-2025-55305" # GHSA-vmqv-hx8q-j7mg +ignoreUntil = 2025-12-04 +reason = "The embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses aren't enabled" |