From d5166a2fe61dd4a50871b96105d073f88a9c173f Mon Sep 17 00:00:00 2001
From: Sunny Wu <sunny.wu@thetradedesk.com>
Date: Mon, 2 Mar 2026 11:38:05 +1100
Subject: [PATCH] [UID2-6670] Suppress GHSA-72hv-8253-57qq: jackson-core async
 parser not used

---
 .trivyignore | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.trivyignore b/.trivyignore
index 1ef9b557f..10b5fdf25 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -10,4 +10,8 @@ CVE-2025-68973 exp:2026-06-15
 
 # gnutls DoS vulnerability via crafted ClientHello - not impactful as gnutls is not used by our Java service
 # See: UID2-6655
-CVE-2026-1584 exp:2026-08-27
\ No newline at end of file
+CVE-2026-1584 exp:2026-08-27
+
+# jackson-core async parser DoS - not exploitable, services only use synchronous ObjectMapper API
+# See: UID2-6670
+GHSA-72hv-8253-57qq exp:2026-09-01
\ No newline at end of file