From 0eeed1695c3b100ee50b1cd8c096918a30ac4721 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 24 Feb 2023 21:16:17 +1000 Subject: [PATCH] ignore nancy warning --- backend/.nancy-ignore | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/backend/.nancy-ignore b/backend/.nancy-ignore index 3f317c4..3f3140c 100644 --- a/backend/.nancy-ignore +++ b/backend/.nancy-ignore @@ -1,41 +1,31 @@ # If you need to ignore any of nancy's warnings add them - # here with a reference to the package/version that - # triggers them and rational for ignoring it. - # pkg:golang/github.com/coreos/etcd@3.3.10 - # etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation - CVE-2020-15115 # pkg:golang/github.com/coreos/etcd@3.3.10 - # In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records - CVE-2020-15136 # pkg:golang/github.com/coreos/etcd@3.3.10 - # In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access - CVE-2020-15114 # pkg:golang/github.com/gorilla/websocket@1.4.0 - # Integer Overflow or Wraparound - CWE-190 # jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrict... - CVE-2020-26160 # https://ossindex.sonatype.org/vulnerability/sonatype-2021-1485 - sonatype-2021-1485 # CWE-770: Allocation of Resources Without Limits or Throttling - CVE-2022-41717 +CVE-2022-41723 + +# CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') +CVE-2022-41723