MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    Do we need to worry about vulnerabilities?

    Scheduled Pinned Locked Moved General Discussion
    4 Posts 3 Posters 474 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      funkoid
      last edited by

      Having refreshed my build recently, I’ve noticed a number of modules flagging node modules as vulnerable, many high.

      Is this something realistically we need to be concerned about?

      S 1 Reply Last reply Reply Quote 0
      • S Away
        sdetweil @funkoid
        last edited by

        @funkoid generally no. if this was a public website with lots of users concurrently maybe.

        Sam

        How to add modules

        learning how to use browser developers window for css changes

        mumblebajM 1 Reply Last reply Reply Quote 0
        • mumblebajM Offline
          mumblebaj Module Developer @sdetweil
          last edited by

          @sdetweil There is a new SSH security vulnerability identified in December. CVE-2023-48795. Any chances this would be a problem to this project in anyway? I do know that it requires an active MITM (Man in the middle). Short description below.

          SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message.

          Check out my modules at: https://github.com/mumblebaj?tab=repositories

          S 1 Reply Last reply Reply Quote 0
          • S Away
            sdetweil @mumblebaj
            last edited by

            @mumblebaj again this is possible IF the one of these systems is ON the internet… but typically this is pc on same house network as pi…

            and 192.168 , 172 and 10. networks are not routable over the internet, so your device would have to have a ip address on the other side of the ISP router… or and open port (port forwarding)

            if you need remote ssh use the stuff I started posting about here
            https://forum.magicmirror.builders/post/114693
            I will never have another port forwarded port

            Sam

            How to add modules

            learning how to use browser developers window for css changes

            1 Reply Last reply Reply Quote 1
            • 1 / 1
            • First post
              Last post
            Enjoying MagicMirror? Please consider a donation!
            MagicMirror created by Michael Teeuw.
            Forum managed by Sam, technical setup by Karsten.
            This forum is using NodeBB as its core | Contributors
            Contact | Privacy Policy