Skip to content

Commit

Permalink
Merge branch 'suppress-elliptic-vulnerabilities'
Browse files Browse the repository at this point in the history
  • Loading branch information
raksooo committed Aug 15, 2024
2 parents c48ea67 + 70cdb2e commit 605e43f
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions gui/osv-scanner.toml
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,21 @@ reason = "This project does not use PostCSS to parse untrusted CSS"
id = "CVE-2024-4068" # GHSA-grv7-fg5c-xmjg
ignoreUntil = 2024-09-05
reason = "This package is only used to match paths from either us or trusted libraries"

# elliptic: Elliptic allows BER-encoded signatures
[[IgnoredVulns]]
id = "CVE-2024-42461" # GHSA-49q7-c7j4-3p7m
ignoreUntil = 2024-10-15
reason = "We don't utilize the signing features in browserify"

# elliptic: Elliptic's ECDSA missing check for whether leading bit of r and s is zero
[[IgnoredVulns]]
id = "CVE-2024-42460" # GHSA-977x-g7h5-7qgw
ignoreUntil = 2024-10-15
reason = "We don't utilize the signing features in browserify"

# elliptic: Elliptic's EDDSA missing signature length check
[[IgnoredVulns]]
id = "CVE-2024-42459" # GHSA-f7q4-pwc6-w24p
ignoreUntil = 2024-10-15
reason = "We don't utilize the signing features in browserify"

0 comments on commit 605e43f

Please sign in to comment.