基础信息
项目名称:cookiejar/cookietemple
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1716841827855548416/1716841828501471232
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| python-pip 验证错误漏洞 | 对数据真实性的验证不充分 | MPS-2021-26824 | CVE-2021-3572 | 中危 |
| Python 安全漏洞 | ReDoS | MPS-2022-57239 | CVE-2022-40898 | 高危 |
| Gevent 安全漏洞 | MPS-d183-ymbv | CVE-2023-41419 | 严重 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| pip | 20.2.4 | 21.1 | 间接依赖 | 建议修复 |
| gevent | 20.9.0 | 23.9.0 | 间接依赖 | 可选修复 |
| wheel | 0.35.1 | 0.38.0 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 4 | 低 |
| MIT | 9 | 低 |
| 自定义许可证 | 5 | 低 |
| Apache-2.0 | 7 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| Werkzeug | 1.0.1 | 间接依赖 | pip |
| is_nested_dictionary | 间接依赖 | pip | |
| flask-login | 0.5.0 | 间接依赖 | pip |
| WS2_32.dll | 间接依赖 | ||
| /usr/lib/libresolv.9.dylib | 间接依赖 | ||
| gevent | 20.9.0 | 间接依赖 | pip |
| org.openjfx:javafx-controls | 14 | 直接依赖 | maven |
| cookietemple | 间接依赖 | pip | |
| info.picocli:picocli | 4.5.0 | 直接依赖 | maven |
| pytest-runner | 5.2 | 间接依赖 | pip |
| ADVAPI32.dll | 间接依赖 | ||
| flask_login | 间接依赖 | pip | |
| ld-linux-x86-64.so.2 | 间接依赖 | ||
| sphinx_click | 3.0.0 | 间接依赖 | pip |
| libgcc_s.so.1 | 间接依赖 | ||
| org.fusesource.jansi:jansi | 1.18 | 直接依赖 | maven |
| msvcrt.dll | 间接依赖 | ||
| flake8 | 3.8.4 | 间接依赖 | pip |
| Any | 间接依赖 | pip | |
| pytest | 6.1.1 | 间接依赖 | pip |
| flask-wtf | 0.14.3 | 间接依赖 | pip |
| org.openjfx:javafx-base | 14 | 间接依赖 | maven |
| wheel | 0.35.1 | 间接依赖 | pip |
| /System/Library/Frameworks/Security.framework/Versions/A/Security | 间接依赖 | ||
| info.picocli:picocli-jansi-graalvm | 1.2.0 | 直接依赖 | maven |
| libdl.so.2 | 间接依赖 | ||
| flask-sqlalchemy | 2.4.4 | 间接依赖 | pip |
| USER32.dll | 间接依赖 | ||
| watchdog | 0.10.3 | 间接依赖 | pip |
| flask_babel | 间接依赖 | pip | |
| libc.so.6 | 间接依赖 | ||
| Dict | 间接依赖 | pip | |
| org.openjfx:javafx-graphics | 14 | 间接依赖 | maven |
| List | 间接依赖 | pip | |
| furo | 2022.3.4 | 间接依赖 | pip |
| USERENV.dll | 间接依赖 | ||
| tox | 3.20.1 | 间接依赖 | pip |
| Optional | 间接依赖 | pip | |
| Union | 间接依赖 | pip | |
| Sphinx | 3.2.1 | 间接依赖 | pip |
| Flask-Babel | 2.0.0 | 间接依赖 | pip |
| ConfigLinter | 间接依赖 | pip | |
| librt.so.1 | 间接依赖 | ||
| pip | 20.2.4 | 间接依赖 | pip |
| PIPE | 间接依赖 | pip | |
| Flask-Mail | 0.9.1 | 间接依赖 | pip |
| Popen | 间接依赖 | pip | |
| org.openjfx:javafx-fxml | 14 | 直接依赖 | maven |
| coverage | 5.3 | 间接依赖 | pip |
| SHELL32.dll | 间接依赖 | ||
| /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation | 间接依赖 | ||
| Flask | 1.1.2 | 间接依赖 | pip |
| GetLintingFunctionsMeta | 间接依赖 | pip | |
| configparser | 5.0.1 | 间接依赖 | pip |
| ConfigParser | 间接依赖 | pip | |
| NoSectionError | 间接依赖 | pip | |
| /usr/lib/libSystem.B.dylib | 间接依赖 | ||
| rich | 间接依赖 | pip | |
| wtforms | 2.3.3 | 间接依赖 | pip |
| KERNEL32.dll | 间接依赖 | ||
| flask-migrate | 2.5.3 | 间接依赖 | pip |
| flask | 间接依赖 | pip | |
| twine | 3.2.0 | 间接依赖 | pip |
| libpthread.so.0 | 间接依赖 | ||
| delete_keys_from_dict | 间接依赖 | pip |