Skip to content

Commit 1f06765

Browse files
fhrbatafhrbata
committed
change: exclude CVEs that do not impact ESP-IDF components
cJSON: CVE-2024-31755 - Resolved in cJSON v1.7.18 FreeRTOS: CVE-2024-28115 - Affects only ARMv7-M MPU ports, and ARMv8-M ports Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
1 parent 6568f8c commit 1f06765

File tree

2 files changed

+4
-0
lines changed

2 files changed

+4
-0
lines changed

.gitmodules

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@
5555
sbom-url = https://github.com/DaveGamble/cJSON
5656
sbom-description = Ultralightweight JSON parser in ANSI C
5757
sbom-hash = acc76239bee01d8e9c858ae2cab296704e52d916
58+
sbom-cve-exclude-list = CVE-2024-31755 Resolved in v1.7.18
5859

5960
[submodule "components/mbedtls/mbedtls"]
6061
path = components/mbedtls/mbedtls

components/freertos/FreeRTOS-Kernel/sbom.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,3 +4,6 @@ cpe: cpe:2.3:o:amazon:freertos:{}:*:*:*:*:*:*:*
44
supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
55
originator: 'Organization: Amazon Web Services'
66
description: An open-source, real-time operating system (RTOS) with additional features and patches from Espressif.
7+
cve-exclude-list:
8+
- cve: CVE-2024-28115
9+
reason: Affects only ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled

0 commit comments

Comments
 (0)