mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-20 03:25:17 +01:00
11 lines
476 B
YAML
11 lines
476 B
YAML
---
|
|
ignore:
|
|
# devise-two-factor advisory about brute-forcing TOTP
|
|
# We have rate-limits on authentication endpoints in place (including second
|
|
# factor verification) since Mastodon v3.2.0
|
|
- CVE-2024-0227
|
|
# devise-two-factor advisory about generated secrets being weaker than expected
|
|
# We call `generate_otp_secret` ourselves with a requested length of 32 characters,
|
|
# which exceeds the recommended remediation of 26 characters, so we're safe
|
|
- CVE-2024-8796
|