John Xie

CVE on curl-7.80.0, openssl-1.1.1l

6

对nebula的二进制文件（主要是bin文件夹下的几个文件）进行了扫描，发现依赖开源组件curl-7.80.0、openssl-1.1.1l，这两个组件都是存在一些CVE漏洞的。这个官方有分析过不，nebula使用场景会触发这些漏洞吗

some data can only be queried by vid, not by index

1

no result: `match (n:BaseNode) where n.BaseNode.uid =='80501bf7-7813-4df9-879c-0f79ce84fd77' return n` normal result: `match (n:BaseNode) where id(n) =='BaseNode_80501bf7-7813-4df9-879c-0f79ce84fd77' return n`

Unsatisfied secure compilation options -fPIE -pie

4

I used a scanning tool to scan the nebula-graphd file and found Unsatisfied secure compilation options -fPIE -pie. I saw a related reply in the community: Nebula relies on static...