dependencies: allowlist CVE-2018-21270 to prevent false positives. (#…

…14294) This does not relate to http-parser. Signed-off-by: Harvey Tuch <htuch@google.com>
envoyproxy · Dec 7, 2020 · 9e82314 · 9e82314
1 parent cae8eab
commit 9e82314
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py
@@ -39,6 +39,9 @@
     'CVE-2020-8277',
     # gRPC issue that only affects Javascript bindings.
     'CVE-2020-7768',
+    # Node.js issue unrelated to http-parser, see
+    # https://github.com/mhart/StringStream/issues/7.
+    'CVE-2018-21270',
 ])
 
 # Subset of CVE fields that are useful below.