Node 2 x Critical Vulnerabilities

[Macromart]

I noticed that the node software has two critical vulnerabilities and 8 high grade vulnerabilities. Is anyone addressing these issues. I'm a bit concerned if it is easy to hack my computer using one of these unpatched vulnerabilities.

[ihatejam]

When you say that you "noticed that the node software has two critical vulnerabilities and 8 high grade vulnerabilities", what exactly do you mean? What are the vulnerabilities that you've found and how are you testing for them? Is your Windows/Mac software patched up to date? Is your Docker Desktop software patched up to date as per www.docker.com? Are you running the latest Pi Node software as per node.minepi.com?

[Macromart]

File - pinetwork/pi-node-docker:latest

Has 2 x Critical issues

1) Python Package urlib3 version 1.13.1 used in pi-node-docker has vulnerability CVE-218-2006 (Critical flaw) View here https://nvd.nist.gov/vuln/detail/CVE-2018-20060

2) Same Package urlib3 version 1.13.1 has a similar vulnerability GHSA-www2-v7xj-xrc6 (Critical flaw) View here https://nvd.nist.gov/vuln/detail/CVE-2018-20060

github.com/golang/protobuf version 1.3.1 vulnerability CVE-2021-3121 (High Level)

Also this package has a stack of critical vulnerabilities also ese7en/node-port-test:latest

1. What did I scan with? Anchore in Docker.
2. Is your Windows software patched up to date? Yes
3. Is your Docker Desktop software patched up to date as per www.docker.com? Yes Docker Desktop 4.8.2 (79419) is currently the newest version available. Are you running the latest Pi Node software as per [node.minepi.com] Yes (https://github.com/pi-node/instructions/issues/node.minepi.com)?

Yes the node works just fine. No issues. All ports open

I hope this helps

Martin

[Macromart]

Is there actually a pi moderator answering these question on this board? (except randoms?)