diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py index e1d048ed93dc..af4e70aa7cd0 100755 --- a/tools/dependency/cve_scan.py +++ b/tools/dependency/cve_scan.py @@ -72,14 +72,25 @@ # See https://nvd.nist.gov/vuln/detail/CVE-2021-22940 'CVE-2021-22918', 'CVE-2021-22921', + 'CVE-2021-22930', 'CVE-2021-22931', 'CVE-2021-22939', 'CVE-2021-22940', - # This cve only affects versions of kafka < 2.8.1, but scanner - # does not support version matching atm. - # Tracking issue to fix versioning: - # https://github.com/envoyproxy/envoy/issues/18354 + # + # Currently, cvescan does not respect/understand versions (see #18354). + # + # The following CVEs target versions that are not currently used in the Envoy repo. + # + # libcurl + "CVE-2021-22945", + # + # kafka 'CVE-2021-38153', + # + # wasmtime + "CVE-2021-39216", + "CVE-2021-39218", + "CVE-2021-39219", ]) # Subset of CVE fields that are useful below.