Ignore CVE-2023-7104 from our security scans

freedomofpress / dangerzone

Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs

https://dangerzone.rocks/

GNU Affero General Public License v3.0

3.39k stars 155 forks source link

Ignore CVE-2023-7104 from our security scans #667

Closed apyrgio closed 6 months ago

apyrgio commented 6 months ago

Our security scans for the released container image have flagged CVE-2023-7104. Our assessment is that this CVE doesn't affect Dangerzone, mainly because our understanding is that attackers cannot embed SQLite dbs within LibreOffice spreadsheets.