Elgato_dark/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd synced 2026-04-21 08:57:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 14

chore: ignore CVE-2022-0624 - not exploitable in Argo CD (#10128)

Browse source 
Signed-off-by: CI <michael@crenshaw.dev>
This commit is contained in:
Michael Crenshaw 2022-07-28 13:28:19 -04:00 committed by GitHub
parent 57a407ecdb
commit e786ff801e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.snyk
View file

@ -28,5 +28,13 @@ ignore:
- '*':
reason: >-
Code is only run client-side. No risk of arbitrary file upload.
SNYK-JS-PARSEPATH-2936439:
- '*':
reason: >-
The issue is that, for specific URLs, parse-path may incorrectly identify the "resource" (domain name)
portion. For example, in "http://127.0.0.1#@example.com", it identifies "example.com" as the "resource".
We use parse-path on the client side, but permissions for git URLs are checked server-side. This is a
potential usability issue, but it is not a security issue.
patch: {}