chore(vex): suppress CVE-2024-45338 (#8137)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
2025-12-05 20:40:16 -08:00 · 2024-12-20 15:44:12 +09:00
parent c4a4a5fa97
commit 95f7a564e5
1 changed files with 29 additions and 0 deletions
--- a/.vex/trivy.openvex.json
+++ b/.vex/trivy.openvex.json
@@ -570,6 +570,35 @@
      "status": "not_affected",
      "justification": "vulnerable_code_not_in_execute_path",
      "impact_statement": "Govulncheck determined that the vulnerable code isn't called"
+    },
+    {
+      "vulnerability": {
+        "@id": "https://pkg.go.dev/vuln/GO-2024-3333",
+        "name": "GO-2024-3333",
+        "description": "Non-linear parsing of case-insensitive content in golang.org/x/net/html",
+        "aliases": [
+          "CVE-2024-45338"
+        ]
+      },
+      "products": [
+        {
+          "@id": "pkg:golang/github.com/aquasecurity/trivy",
+          "identifiers": {
+            "purl": "pkg:golang/github.com/aquasecurity/trivy"
+          },
+          "subcomponents": [
+            {
+              "@id": "pkg:golang/golang.org/x/net",
+              "identifiers": {
+                "purl": "pkg:golang/golang.org/x/net"
+              }
+            }
+          ]
+        }
+      ],
+      "status": "not_affected",
+      "justification": "vulnerable_code_not_in_execute_path",
+      "impact_statement": "Govulncheck determined that the vulnerable code isn't called"
    }
  ]
 }