Ignore rexml CVE-2024-43398

mullvad · Aug 23, 2024 · 489f616 · 489f616
1 parent a1be93f
commit 489f616
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/ci/ios/upload-vm/osv-scanner.toml b/ci/ios/upload-vm/osv-scanner.toml
@@ -0,0 +1,8 @@
+# See repository root `osv-scanner.toml` for instructions and rules for this file.
+
+# rexml: The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML
+# that has many deep elements that have same local name attributes.
+[[IgnoredVulns]]
+id = "CVE-2024-43398" # GHSA-952p-6rrq-rcjv
+ignoreUntil = 2024-11-23
+reason = "rexml only parses trusted input (responses from Apple's APIs) in this code"
diff --git a/ios/osv-scanner.toml b/ios/osv-scanner.toml
@@ -0,0 +1,8 @@
+# See repository root `osv-scanner.toml` for instructions and rules for this file.
+
+# rexml: The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML
+# that has many deep elements that have same local name attributes.
+[[IgnoredVulns]]
+id = "CVE-2024-43398" # GHSA-952p-6rrq-rcjv
+ignoreUntil = 2024-11-23
+reason = "rexml only parses trusted input (responses from Apple's APIs) in this code"