1 files changed, 5 insertions, 0 deletions
diff --git a/recipes-devtools/go/grpc-go_git.bb b/recipes-devtools/go/grpc-go_git.bb
index 839a4f9c..c2990869 100644
--- a/recipes-devtools/go/grpc-go_git.bb
+++ b/recipes-devtools/go/grpc-go_git.bb
@@ -41,3 +41,8 @@ FILES:${PN} += " \
 # some CVEs are reported with "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*"
 # it's better to have false positives than false negatives
 CVE_PRODUCT += "grpc"
+# CVE-2024-7246 is an HTTP/2 HPACK poisoning issue in gRPC C-core
+# (C/C++ implementation, meta-openembedded).
+# grpc-go (Go implementation in meta-virtualization) does not
+# contain the affected HPACK code path.
+CVE_STATUS[CVE-2024-7246] = "not-applicable-config: CVE is for grpc (C-core), not grpc-go."

diff --git a/recipes-devtools/go/grpc-go_git.bb b/recipes-devtools/go/grpc-go_git.bb index 839a4f9c..c2990869 100644 --- a/recipes-devtools/go/grpc-go_git.bb +++ b/recipes-devtools/go/grpc-go_git.bb
@@ -41,3 +41,8 @@ FILES:${PN} += " \
41	# some CVEs are reported with "cpe:2.3:a:grpc:grpc::::::go::*"	41	# some CVEs are reported with "cpe:2.3:a:grpc:grpc::::::go::*"
42	# it's better to have false positives than false negatives	42	# it's better to have false positives than false negatives
43	CVE_PRODUCT += "grpc"	43	CVE_PRODUCT += "grpc"
		44	# CVE-2024-7246 is an HTTP/2 HPACK poisoning issue in gRPC C-core
		45	# (C/C++ implementation, meta-openembedded).
		46	# grpc-go (Go implementation in meta-virtualization) does not
		47	# contain the affected HPACK code path.
		48	CVE_STATUS[CVE-2024-7246] = "not-applicable-config: CVE is for grpc (C-core), not grpc-go."