Skip to content

Commit

Permalink
Merge branch 'ignore-cve-2024-7254-droid-1357'
Browse files Browse the repository at this point in the history
  • Loading branch information
albin-mullvad committed Sep 23, 2024
2 parents 5cadd01 + 4d571ed commit 88315ff
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 0 deletions.
9 changes: 9 additions & 0 deletions android/config/dependency-check-suppression.xml
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,13 @@
<packageUrl regex="true">^pkg:maven/commons\-validator/commons\-validator@.*$</packageUrl>
<cve>CVE-2021-3765</cve>
</suppress>
<suppress until="2024-12-01Z">
<notes><![CDATA[
Denial of service using protobuf.
Should not be applicable since client and server are always in sync and we are only
communicating locally over UDS.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-.*@.*$</packageUrl>
<cve>CVE-2024-7254</cve>
</suppress>
</suppressions>
5 changes: 5 additions & 0 deletions android/gradle/osv-scanner.toml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,11 @@ id = "CVE-2022-24329" # GHSA-2qp4-g3q3-f92w
ignoreUntil = 2024-11-02
reason = "This CVE only affect Multiplatform Gradle Projects, which this project is not."

[[IgnoredVulns]]
id = "CVE-2024-7254" # GHSA-735f-pc8j-v9w8
ignoreUntil = 2024-11-02
reason = "Should not be applicable since client and server are always in sync and we are only communicating locally over UDS."

[[PackageOverrides]]
name = "org.bouncycastle:bcprov-jdk15on"
ecosystem = "Maven"
Expand Down
9 changes: 9 additions & 0 deletions android/test/test-suppression.xml
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,13 @@
<cve>CVE-2023-33953</cve>
<cve>CVE-2023-44487</cve>
</suppress>
<suppress until="2024-12-01Z">
<notes><![CDATA[
Denial of service using protobuf.
Should not be applicable since client and server are always in sync and we are only
communicating locally over UDS.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-.*@.*$</packageUrl>
<cve>CVE-2024-7254</cve>
</suppress>
</suppressions>

0 comments on commit 88315ff

Please sign in to comment.