From d5c8f586ac96ba2648a32226ed044bae394cd4cb Mon Sep 17 00:00:00 2001
From: John Mazzitelli <mazz@redhat.com>
Date: Mon, 21 Aug 2023 12:02:47 -0400
Subject: [PATCH] put CVE-2022-27191 on the not-vulnerable list

---
 data/security/cve.yaml                     | 4 ++++
 layouts/shortcodes/security-cve-table.html | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/security/cve.yaml b/data/security/cve.yaml
index 1a2246265..cea937949 100644
--- a/data/security/cve.yaml
+++ b/data/security/cve.yaml
@@ -1,5 +1,9 @@
 # The Reported Kiali CVEs for which Kiali is confirmed to not be vulnerable
 versionRange:
+  - cve: "CVE-2022-27191"
+    severity: high
+    description: "golang.org/x/crypto/ssh allows an attacker to crash a server in certain circumstances involving AddHostKey"
+    notes: "Kiali does not use the AddHostKey API; furthermore, neither Kiali nor its dependencies import this component. Thus Kiali is not susceptible to this vulnerability."
   - cve: "CVE-2022-1996"
     severity: critical
     description: "github.com/emicklei/go-restful"
diff --git a/layouts/shortcodes/security-cve-table.html b/layouts/shortcodes/security-cve-table.html
index 60fdb6802..3ae24f5a7 100644
--- a/layouts/shortcodes/security-cve-table.html
+++ b/layouts/shortcodes/security-cve-table.html
@@ -1,6 +1,6 @@
 {{ $data := index .Site.Data.security.cve }}
 
-<table>
+<table border="1">
   <thead>
     <tr>
       <th style="width:160px">CVE</th>