Open Macromart opened 2 years ago
When you say that you "noticed that the node software has two critical vulnerabilities and 8 high grade vulnerabilities", what exactly do you mean? What are the vulnerabilities that you've found and how are you testing for them? Is your Windows/Mac software patched up to date? Is your Docker Desktop software patched up to date as per www.docker.com? Are you running the latest Pi Node software as per node.minepi.com?
File - pinetwork/pi-node-docker:latest
Has 2 x Critical issues
1) Python Package urlib3 version 1.13.1 used in pi-node-docker has vulnerability CVE-218-2006 (Critical flaw) View here https://nvd.nist.gov/vuln/detail/CVE-2018-20060
2) Same Package urlib3 version 1.13.1 has a similar vulnerability GHSA-www2-v7xj-xrc6 (Critical flaw) View here https://nvd.nist.gov/vuln/detail/CVE-2018-20060
github.com/golang/protobuf version 1.3.1 vulnerability CVE-2021-3121 (High Level)
Also this package has a stack of critical vulnerabilities also ese7en/node-port-test:latest
Yes the node works just fine. No issues. All ports open
I hope this helps
Martin
Is there actually a pi moderator answering these question on this board? (except randoms?)
I noticed that the node software has two critical vulnerabilities and 8 high grade vulnerabilities. Is anyone addressing these issues. I'm a bit concerned if it is easy to hack my computer using one of these unpatched vulnerabilities.