Add vulnerabilities to ignored list

apache · Nov 11, 2023 · b4986fe · b4986fe
1 parent 9553094
commit b4986fe
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/log4j-parent/osv-scanner.toml b/log4j-parent/osv-scanner.toml
@@ -32,3 +32,9 @@ reason = "log4j:log4j is a test dependency used in performance comparisons"
 [[IgnoredVulns]]
 id = "GHSA-59j4-wjwp-mw9m"
 reason = "Velocity templates are only used at build time and modifiable by committers."
+[[IgnoredVulns]]
+id = "GHSA-m9p2-j4hg-g373"
+reason = "The CVE doesn't even mention Cassandra 3.x."
+[[IgnoredVulns]]
+id = "GHSA-w77p-8cfg-2x43"
+reason = "Risk is tolerable for the project. Users need to use functionality explicitly."