Commit 5251b24
UID2-7364: Clarify .trivyignore rationale for CVE-2026-54512/54513
The CVEs require polymorphic typing to be explicitly enabled — uid2-shared
uses only standard ObjectMapper with no polymorphic deserialization config,
so these are not exploitable regardless of the upstream fix status.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>1 parent 24ea30d commit 5251b24
1 file changed
Lines changed: 3 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
6 | 6 | | |
7 | 7 | | |
8 | 8 | | |
9 | | - | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
10 | 12 | | |
11 | 13 | | |
12 | 14 | | |
0 commit comments