ai-workspace-services/litellm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0112e53046
litellm/.trivyignore
shin-bot-litellm df042f7545
litellm_fix(security): allowlist Next.js CVEs for 7 days (#20169) 
Temporarily allowlist Next.js vulnerabilities in UI dashboard:
- GHSA-h25m-26qc-wcjf (HIGH: DoS via request deserialization)
- CVE-2025-59471 (MEDIUM: Image Optimizer DoS)

Fix: Upgrade to Next.js 15.5.10+ or 16.1.5+ (7-day timeline)

Changes:
- Added .trivyignore with Next.js CVEs
- Updated security_scans.sh to use --ignorefile flag
2026-01-31 10:25:57 -08:00

13 lines
346 B
Plaintext
Raw Blame History

# LiteLLM Trivy Ignore File
# CVEs listed here are temporarily allowlisted pending fixes
# Next.js vulnerabilities in UI dashboard (next@14.2.35)
# Allowlisted: 2026-01-31, 7-day fix timeline
# Fix: Upgrade to Next.js 15.5.10+ or 16.1.5+
# HIGH: DoS via request deserialization
GHSA-h25m-26qc-wcjf
# MEDIUM: Image Optimizer DoS
CVE-2025-59471
Reference in New Issue View Git Blame Copy Permalink