diff options
Diffstat (limited to 'gui')
| -rw-r--r-- | gui/osv-scanner.toml | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/gui/osv-scanner.toml b/gui/osv-scanner.toml index cef97fe2d8..968158fa7c 100644 --- a/gui/osv-scanner.toml +++ b/gui/osv-scanner.toml @@ -24,3 +24,21 @@ reason = "This project does not use PostCSS to parse untrusted CSS" id = "CVE-2024-4068" # GHSA-grv7-fg5c-xmjg ignoreUntil = 2024-09-05 reason = "This package is only used to match paths from either us or trusted libraries" + +# elliptic: Elliptic allows BER-encoded signatures +[[IgnoredVulns]] +id = "CVE-2024-42461" # GHSA-49q7-c7j4-3p7m +ignoreUntil = 2024-10-15 +reason = "We don't utilize the signing features in browserify" + +# elliptic: Elliptic's ECDSA missing check for whether leading bit of r and s is zero +[[IgnoredVulns]] +id = "CVE-2024-42460" # GHSA-977x-g7h5-7qgw +ignoreUntil = 2024-10-15 +reason = "We don't utilize the signing features in browserify" + +# elliptic: Elliptic's EDDSA missing signature length check +[[IgnoredVulns]] +id = "CVE-2024-42459" # GHSA-f7q4-pwc6-w24p +ignoreUntil = 2024-10-15 +reason = "We don't utilize the signing features in browserify" |
