Skip to content

Commit

Permalink
nancy: ignore github.com/golang-jwt/jwt/v4 4.5.0 in .nancy-ignore (#2756
Browse files Browse the repository at this point in the history
)
  • Loading branch information
zzzckck authored Nov 20, 2024
1 parent 8143069 commit edf9005
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion .nancy-ignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
CVE-2024-34478 # "CWE-754: Improper Check for Unusual or Exceptional Conditions." This vulnerability is BTC only, BSC does not have the issue.
CVE-2024-6104 # "CWE-532: Information Exposure Through Log Files" This is caused by the vulnerabilities go-retryablehttp@v0.7.4, it is only used in cmd devp2p, impact is limited. will upgrade to v0.7.7 later
CVE-2024-8421 # "CWE-400: Uncontrolled Resource Consumption (Resource Exhaustion)" This vulnerability is caused by issues in the golang.org/x/net package. Even the latest version(v0.29.0) has not yet addressed it, but we will continue to monitor updates closely.
CVE-2024-8421 # "CWE-400: Uncontrolled Resource Consumption (Resource Exhaustion)" This vulnerability is caused by issues in the golang.org/x/net package. Even the latest version(v0.29.0) has not yet addressed it, but we will continue to monitor updates closely.
CVE-2024-51744 # "CWE-347: Improper Verification of Cryptographic Signature" & "CWE-755: Improper Handling of Exceptional Conditions" This vulnerability is caused mishandling of JWT error code, BSC does not have the issue as it does not check the detail error code.

0 comments on commit edf9005

Please sign in to comment.