Skip to content

Commit

Permalink
Extend ignore for CVEs in scripts folder
Browse files Browse the repository at this point in the history
  • Loading branch information
@olmoh @raksooo
olmoh authored and raksooo committed Dec 5, 2024
1 parent 5b6974b commit ff699de
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions desktop/packages/mullvad-vpn/scripts/osv-scanner.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,41 +3,41 @@
# Pillow arbitrary code execution
[[IgnoredVulns]]
id = "CVE-2023-50447" # GHSA-3f63-hfp8-52jq
ignoreUntil = 2024-12-05
ignoreUntil = 2025-03-05
reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"

# Pillow buffer overflow
[[IgnoredVulns]]
id = "CVE-2024-28219" # GHSA-44wm-f244-xhp3
ignoreUntil = 2024-12-05
ignoreUntil = 2025-03-05
reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"

# Pillow DoS
[[IgnoredVulns]]
id = "CVE-2023-44271" # GHSA-8ghj-p4vj-mr35
ignoreUntil = 2024-12-05
ignoreUntil = 2025-03-05
reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"

# libwebp: OOB write in BuildHuffmanTable
[[IgnoredVulns]]
id = "CVE-2023-5129" # GHSA-j7hp-h8jx-5ppr
ignoreUntil = 2024-12-05
ignoreUntil = 2025-03-05
reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"

# Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863)
[[IgnoredVulns]]
id = "PYSEC-2023-175"
ignoreUntil = 2024-12-05
ignoreUntil = 2025-03-05
reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"

# Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863)
[[IgnoredVulns]]
id = "GHSA-56pw-mpj4-fxww"
ignoreUntil = 2024-12-05
ignoreUntil = 2025-03-05
reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"

# Pillow vulnerable to Data Amplification attack.
[[IgnoredVulns]]
id = "CVE-2022-45198" # GHSA-m2vv-5vj5-2hm7
ignoreUntil = 2024-12-05
ignoreUntil = 2025-03-05
reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"

0 comments on commit ff699de

Please sign in to comment.