Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #47181 Temporarily ignore CVE-2026-30964 of web-auth/webauthn-lib
    Infos
    #47181
    Kevin Traini (ktraini)
    2026-03-11 16:37
    2026-03-11 15:47
    48909
    Details
    Temporarily ignore CVE-2026-30964 of web-auth/webauthn-lib

    https://osv.dev/vulnerability/GHSA-f7pm-6hr8-7ggm

    It does not impact Tuleap as we do not use the web-auth host check, instead we use a csrf token

    Empty
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Kevin Traini (ktraini)
    Closed
    2026-03-11
    Attachments
    Empty
    References
    Referenced by request #47181

    Artifact

    rel #47137 17.5

    Other

    gerrit #37109
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2026-03-11 16:37
    • Summary
      -Temporarily ignore CVE-2026-30964 
      +Temporarily ignore CVE-2026-30964 of web-auth/webauthn-lib 
    • Connected artifacts