From 1fb47cc6539ff47ab55983d306b92a73a80e6a61 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Mon, 26 Feb 2024 15:38:40 +0000
Subject: [PATCH] backport of commit 4b8bc716b4e28027752ffed9cc6b54a6fea9072f

---
 .release/security-scan.hcl | 2 ++
 scan.hcl                   | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 52877c1805..f9bf3e974f 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -34,6 +34,8 @@ binary {
       vulnerabilites = [
         # NET-8174 (2024-02-20): Chart YAML path traversal (not impacted)
         "GHSA-v53g-5gjp-272r", # alias CVE-2024-25620
+        # NET-8174 (2024-02-26): Missing YAML Content Leads To Panic (requires malicious plugin)
+        "GHSA-r53h-jv2g-vpx6", # alias CVE-2024-26147
       ]
     }
   }
diff --git a/scan.hcl b/scan.hcl
index 3d5baf68db..a8bbcda1a4 100644
--- a/scan.hcl
+++ b/scan.hcl
@@ -33,7 +33,9 @@ repository {
       ]
       vulnerabilites = [
         # NET-8174 (2024-02-20): Chart YAML path traversal (not impacted)
-		"GHSA-v53g-5gjp-272r", # alias CVE-2024-25620
+        "GHSA-v53g-5gjp-272r", # alias CVE-2024-25620
+        # NET-8174 (2024-02-26): Missing YAML Content Leads To Panic (requires malicious plugin)
+        "GHSA-r53h-jv2g-vpx6", # alias CVE-2024-26147
       ]
     }
   }