https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
Found this today, is our busybox affected by these bugs?
From the article your linked:
All vulnerabilities were privately disclosed and fixed by BusyBox in version 1.34.0
We are using 1.34.1 on master.
But in the 21.02 we still have 1.33.1
2 Likes
Also that bugs can be exploited when users have shell access to OpenWrt.
But since almost all of devices comes with one user mostly root, then you're saved.
3 Likes
And how many users do actually use master or will ever consider using the master?
That only mean something in a couple of years when todays master is a release.
What I meant with this post was that I guess the question from the general public users will sooner or later be if 21.02 will be upgraded or left as it is?