[NET-8174] security: add triage alias for GO-2024-2554 (1.4.0) (#3704)

security: add triage alias for GO-2024-2554 This vulnerability was already triaged via its GHSA alias, but the scanner is flagging it under this name, so adding an explicit entry.
hashicorp · Feb 29, 2024 · caee250 · caee250
1 parent 1c6e029
commit caee250
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
@@ -33,9 +33,12 @@ binary {
     suppress {
       vulnerabilites = [
         # NET-8174 (2024-02-20): Chart YAML path traversal (not impacted)
-        "GHSA-v53g-5gjp-272r", # alias CVE-2024-25620
+        "GHSA-v53g-5gjp-272r", 
+        "GO-2024-2554", # alias
+        "CVE-2024-25620", # alias
         # NET-8174 (2024-02-26): Missing YAML Content Leads To Panic (requires malicious plugin)
-        "GHSA-r53h-jv2g-vpx6", # alias CVE-2024-26147
+        "GHSA-r53h-jv2g-vpx6", 
+        "CVE-2024-26147", # alias
       ]
     }
   }

diff --git a/scan.hcl b/scan.hcl
@@ -33,9 +33,12 @@ repository {
       ]
       vulnerabilites = [
         # NET-8174 (2024-02-20): Chart YAML path traversal (not impacted)
-        "GHSA-v53g-5gjp-272r", # alias CVE-2024-25620
+        "GHSA-v53g-5gjp-272r", 
+        "GO-2024-2554", # alias
+        "CVE-2024-25620", # alias
         # NET-8174 (2024-02-26): Missing YAML Content Leads To Panic (requires malicious plugin)
-        "GHSA-r53h-jv2g-vpx6", # alias CVE-2024-26147
+        "GHSA-r53h-jv2g-vpx6", 
+        "CVE-2024-26147", # alias
       ]
     }
   }