cve_scan: add some false positives. (envoyproxy#15944)

This hadn't been run in a while, will re-enable in CI when this lands. Signed-off-by: Harvey Tuch <[email protected]> Signed-off-by: Gokul Nair <[email protected]>
gokulnair · May 6, 2021 · c3ad790 · c3ad790
1 parent 6be0686
commit c3ad790
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py
@@ -47,12 +47,20 @@
     'CVE-2020-8169',
     'CVE-2020-8177',
     'CVE-2020-8284',
-    # Node.js issue unrelated to http-parse (Node TLS).
+    # Node.js issue unrelated to http-parser (Node TLS).
     'CVE-2020-8265',
     # Node.js request smuggling.
     # https://github.com/envoyproxy/envoy/pull/14686 validates that this does
     # not apply to Envoy.
     'CVE-2020-8287',
+    # Envoy is operating post Brotli 1.0.9 release, so not affected by this.
+    'CVE-2020-8927',
+    # Node.js issue unrelated to http-parser (*).
+    'CVE-2021-22883',
+    'CVE-2021-22884',
+    # False positive on the match heuristic, fixed in Curl 7.76.0.
+    'CVE-2021-22876',
+    'CVE-2021-22890',
 ])
 
 # Subset of CVE fields that are useful below.