From a624697809116b7fc36113e3a2ee67dcc4d14cc6 Mon Sep 17 00:00:00 2001
From: Stephan <glaubinix@users.noreply.github.com>
Date: Tue, 3 Dec 2024 12:02:20 +0000
Subject: [PATCH] Symfony: ignore bogus CVEs (#1493)

---
 src/SecurityAdvisory/GitHubSecurityAdvisoriesSource.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/SecurityAdvisory/GitHubSecurityAdvisoriesSource.php b/src/SecurityAdvisory/GitHubSecurityAdvisoriesSource.php
index c81a28863..ccb88c7ed 100644
--- a/src/SecurityAdvisory/GitHubSecurityAdvisoriesSource.php
+++ b/src/SecurityAdvisory/GitHubSecurityAdvisoriesSource.php
@@ -28,6 +28,11 @@ class GitHubSecurityAdvisoriesSource implements SecurityAdvisorySourceInterface
 {
     public const SOURCE_NAME = 'GitHub';
 
+    private const IGNORE_CVES = [
+        'CVE-2024-36611', // @see https://phpc.social/@wouterj/113588554019692959
+        'CVE-2024-36610', // @see https://phpc.social/@wouterj/113588554019692959
+    ];
+
     /**
      * @param list<string> $fallbackGhTokens
      */
@@ -95,6 +100,10 @@ public function getAdvisories(ConsoleIO $io): ?RemoteSecurityAdvisoryCollection
                     continue;
                 }
 
+                if (in_array($cve, self::IGNORE_CVES, true)) {
+                    continue;
+                }
+
                 $packageName = strtolower($node['package']['name']);
 
                 // GitHub adds spaces everywhere e.g. > 1.0, adjust to be able to match other advisories