Merge pull request wolfi-dev#1179 from pdeslaur/curl

curl: Mark CVE-2023-52071 as a false positive
sergio-chainguard · Feb 10, 2024 · cb1abc6 · cb1abc6
2 parents d3c862d + 83e0954
commit cb1abc6
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/curl.advisories.yaml b/curl.advisories.yaml
@@ -88,3 +88,8 @@ advisories:
             componentType: apk
             componentLocation: /.PKGINFO
             scanner: grype
+      - timestamp: 2024-02-10T15:39:25Z
+        type: false-positive-determination
+        data:
+          type: vulnerability-record-analysis-contested
+          note: 'The upstream project indicates this vulnerability is bogus. Reference: https://curl.se/docs/CVE-2023-52071.html'