diff --git a/.trivyignore b/.trivyignore
index 20742b39..a30282ca 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -10,3 +10,7 @@ CVE-2023-34104
 # Image user should not be 'root'
 # this is only used by the cypress image
 AVD-DS-0002
+
+# this is disputed by multiple parties because it is not plausible that untrusted
+# user input would reach the code location where injection must occur.
+CVE-2023-39017