A node does not check if an image is allowed to run if a parent_id
is set. A malicious party that breaches the server may modify it to set a fake parent_id
and send a task of a non-whitelisted algorithm. The node will then execute it because the parent_id
that is set prevents checks from being run. Relevant node code here
This impacts all servers that are breached by an expert user
Fixed in v4.1.2
None