From 4ece160a15061ef34d9275ddbc2867acf5997436 Mon Sep 17 00:00:00 2001
From: buddh0 <galaxystroller@gmail.com>
Date: Mon, 9 Sep 2024 18:27:08 +0800
Subject: [PATCH] CI: nancy ignore CVE-2024-8421

---
 .nancy-ignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.nancy-ignore b/.nancy-ignore
index 0b64e763db..6d058384b6 100644
--- a/.nancy-ignore
+++ b/.nancy-ignore
@@ -1,2 +1,3 @@
 CVE-2024-34478 # "CWE-754: Improper Check for Unusual or Exceptional Conditions." This vulnerability is BTC only, BSC does not have the issue.
 CVE-2024-6104 # "CWE-532: Information Exposure Through Log Files" This is caused by the vulnerabilities go-retryablehttp@v0.7.4, it is only used in cmd devp2p, impact is limited. will upgrade to v0.7.7 later
+CVE-2024-8421 # "CWE-400: Uncontrolled Resource Consumption (Resource Exhaustion)" This vulnerability is caused by issues in the golang.org/x/net package. Even the latest version(v0.29.0) has not yet addressed it, but we will continue to monitor updates closely.
\ No newline at end of file