基础信息
项目名称:duo-labs/cloudmapper
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1717342026654859264/1717342027032346624
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| NumPy 安全漏洞 | 不充分的比较 | MPS-2021-25631 | CVE-2021-34141 | 中危 |
| NumPy 代码问题漏洞 | 空指针取消引用 | MPS-2021-32278 | CVE-2021-41495 | 中危 |
| NumPy 安全漏洞 | 经典缓冲区溢出 | MPS-2021-32279 | CVE-2021-41496 | 中危 |
| Certifi 存在数据真实性验证不充分漏洞 | 对数据真实性的验证不充分 | MPS-2022-1918 | CVE-2022-23491 | 中危 |
| SciPy 资源管理错误漏洞 | UAF | MPS-2023-10196 | CVE-2023-29824 | 严重 |
| SciPy 安全漏洞 | MPS-2023-4046 | CVE-2023-25399 | 中危 | |
| urllib3 安全漏洞 | MPS-46py-nxai | CVE-2023-45803 | 中危 | |
| PyPI仓库charset-normalizer组件包内嵌恶意代码 | 内嵌恶意代码 | MPS-67h0-j1fr | 高危 | |
| Certifi 数据伪造问题漏洞 | 对数据真实性的验证不充分 | MPS-ck78-r6zg | CVE-2023-37920 | 严重 |
| Requests Proxy-Authorization 标头泄露漏洞 | 未授权敏感信息泄露 | MPS-hr61-tzey | CVE-2023-32681 | 中危 |
| urllib3 HTTP重定向信息泄露漏洞 | 未授权敏感信息泄露 | MPS-s0oy-afbw | CVE-2023-43804 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| charset-normalizer | 2.0.7 | 间接依赖 | 强烈建议修复 | |
| requests | 2.26.0 | 2.31.0 | 间接依赖 | 建议修复 |
| certifi | 2021.10.8 | 2023.7.22 | 间接依赖 | 建议修复 |
| urllib3 | 1.26.7 | 1.26.18 | 间接依赖 | 建议修复 |
| scipy | 1.7.1 | 1.10.0rc1 | 间接依赖 | 建议修复 |
| numpy | 1.21.3 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 63 | 低 |
| 自定义许可证 | 15 | 低 |
| BSD-3-Clause | 7 | 低 |
| MIT | 20 | 低 |
| BSD-2-Clause | 2 | 低 |
| GPL-2.0-or-later | 1 | 低 |
| HPND | 1 | 低 |
| MPL-2.0 | 1 | 低 |
| LGPL-2.1-or-later | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| @aws-cdk/aws-ecr | 1.134.0 | 间接依赖 | npm |
| parliament | 1.5.2 | 间接依赖 | pip |
| requests | 2.26.0 | 间接依赖 | pip |
| @aws-cdk/aws-kinesisfirehose | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/assets | 1.134.0 | 间接依赖 | npm |
| sprintf-js | 1.0.3 | 间接依赖 | npm |
| jmespath | 0.10.0 | 间接依赖 | pip |
| @aws-cdk/aws-elasticloadbalancing | 1.134.0 | 间接依赖 | npm |
| chardet | 4.0.0 | 间接依赖 | pip |
| @aws-cdk/aws-s3 | 1.134.0 | 间接依赖 | npm |
| aws-cdk | 1.134.0 | 直接依赖 | npm |
| ClientError | 间接依赖 | pip | |
| @aws-cdk/aws-servicediscovery | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-stepfunctions | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-kms | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-ecr-assets | 1.134.0 | 间接依赖 | npm |
| get_parameter_file | 间接依赖 | pip | |
| PyYAML | 6.0 | 间接依赖 | pip |
| @aws-cdk/aws-sns-subscriptions | 1.134.0 | 间接依赖 | npm |
| EndpointConnectionError | 间接依赖 | pip | |
| assert_equal | 间接依赖 | pip | |
| @aws-cdk/aws-globalaccelerator | 1.134.0 | 间接依赖 | npm |
| typing-extensions | 3.10.0.2 | 间接依赖 | pip |
| botocore | 1.22.10 | 间接依赖 | pip |
| wrapt | 1.13.3 | 间接依赖 | pip |
| @aws-cdk/aws-events | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-cloudfront | 1.134.0 | 间接依赖 | npm |
| esprima | 4.0.1 | 间接依赖 | npm |
| @aws-cdk/aws-cloudwatch-actions | 1.134.0 | 直接依赖 | npm |
| coverage | 6.1.1 | 间接依赖 | pip |
| policyuniverse | 1.4.0.20210819 | 间接依赖 | pip |
| buffer-from | 1.1.1 | 间接依赖 | npm |
| @aws-cdk/aws-apigateway | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-codecommit | 1.134.0 | 间接依赖 | npm |
| audit | 间接依赖 | pip | |
| six | 1.16.0 | 间接依赖 | pip |
| @aws-cdk/aws-route53 | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-ecs-patterns | 1.134.0 | 直接依赖 | npm |
| requirements.txt | 间接依赖 | pip | |
| argparse | 1.0.10 | 间接依赖 | npm |
| @aws-cdk/aws-iam | 1.134.0 | 间接依赖 | npm |
| Finding | 间接依赖 | pip | |
| @aws-cdk/aws-ec2 | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-autoscaling-common | 1.134.0 | 间接依赖 | npm |
| nose | 1.3.7 | 间接依赖 | pip |
| @aws-cdk/aws-codestarnotifications | 1.134.0 | 间接依赖 | npm |
| pylint | 2.11.1 | 间接依赖 | pip |
| constructs | 3.3.161 | 间接依赖 | npm |
| seaborn | 0.11.2 | 间接依赖 | pip |
| Jinja2 | 3.0.2 | 间接依赖 | pip |
| isort | 5.10.0 | 间接依赖 | pip |
| s3transfer | 0.5.0 | 间接依赖 | pip |
| scipy | 1.7.1 | 间接依赖 | pip |
| json-cfg | 0.4.2 | 间接依赖 | pip |
| Pillow | 9.0.1 | 间接依赖 | pip |
| @aws-cdk/aws-s3-assets | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-codepipeline | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-sns | 1.134.0 | 间接依赖 | npm |
| load_audit_config | 间接依赖 | pip | |
| js-yaml | 3.14.0 | 直接依赖 | npm |
| python-dateutil | 2.8.2 | 间接依赖 | pip |
| @aws-cdk/aws-codeguruprofiler | 1.134.0 | 间接依赖 | npm |
| typed-ast | 1.4.3 | 间接依赖 | pip |
| @aws-cdk/aws-certificatemanager | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/core | 1.134.0 | 间接依赖 | npm |
| @types/node | 8.10.45 | 直接依赖 | npm |
| @aws-cdk/aws-efs | 1.134.0 | 间接依赖 | npm |
| pyjq | 2.4.0 | 间接依赖 | pip |
| pandas | 1.3.4 | 间接依赖 | pip |
| @aws-cdk/aws-sqs | 1.134.0 | 间接依赖 | npm |
| certifi | 2021.10.8 | 间接依赖 | pip |
| kiwisolver | 1.3.2 | 间接依赖 | pip |
| MarkupSafe | 2.0.1 | 间接依赖 | pip |
| @aws-cdk/aws-codebuild | 1.134.0 | 间接依赖 | npm |
| autoflake | 1.4 | 间接依赖 | pip |
| @aws-cdk/aws-logs | 1.134.0 | 间接依赖 | npm |
| pyflakes | 2.4.0 | 间接依赖 | pip |
| @aws-cdk/cloud-assembly-schema | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-secretsmanager | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-kinesis | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-autoscaling | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/custom-resources | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-ecs | 1.134.0 | 间接依赖 | npm |
| astroid | 2.8.4 | 间接依赖 | pip |
| mock | 4.0.3 | 间接依赖 | pip |
| assert_true | 间接依赖 | pip | |
| @aws-cdk/aws-signer | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-cloudwatch | 1.134.0 | 间接依赖 | npm |
| mccabe | 0.6.1 | 间接依赖 | pip |
| @aws-cdk/aws-applicationautoscaling | 1.134.0 | 间接依赖 | npm |
| autopep8 | 1.6.0 | 间接依赖 | pip |
| platformdirs | 2.4.0 | 间接依赖 | pip |
| kwonly-args | 1.0.10 | 间接依赖 | pip |
| query_aws | 间接依赖 | pip | |
| @aws-cdk/aws-cognito | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-acmpca | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-autoscaling-hooktargets | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-lambda | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/region-info | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-events-targets | 1.134.0 | 间接依赖 | npm |
| source-map-support | 0.5.19 | 间接依赖 | npm |
| @aws-cdk/cx-api | 1.134.0 | 间接依赖 | npm |
| path | 间接依赖 | pip | |
| pyparsing | 3.0.4 | 间接依赖 | pip |
| pycodestyle | 2.8.0 | 间接依赖 | pip |
| docutils | 0.18 | 间接依赖 | pip |
| netaddr | 0.8.0 | 间接依赖 | pip |
| matplotlib | 3.4.3 | 间接依赖 | pip |
| get_regions | 间接依赖 | pip | |
| charset-normalizer | 2.0.7 | 间接依赖 | pip |
| idna | 3.3 | 间接依赖 | pip |
| numpy | 1.21.3 | 间接依赖 | pip |
| @aws-cdk/aws-elasticloadbalancingv2 | 1.134.0 | 间接依赖 | npm |
| @aws-cdk/aws-cloudformation | 1.134.0 | 间接依赖 | npm |
| toml | 0.10.2 | 间接依赖 | pip |
| boto3 | 1.19.10 | 间接依赖 | pip |
| source-map | 0.6.1 | 间接依赖 | npm |
| make_list | 间接依赖 | pip | |
| TestCase | 间接依赖 | pip | |
| lazy-object-proxy | 1.6.0 | 间接依赖 | pip |
| urllib3 | 1.26.7 | 间接依赖 | pip |
| @aws-cdk/aws-ssm | 1.134.0 | 间接依赖 | npm |
| cycler | 0.11.0 | 间接依赖 | pip |
| @aws-cdk/aws-sam | 1.134.0 | 间接依赖 | npm |
| typescript | 3.9.7 | 直接依赖 | npm |
| @aws-cdk/aws-route53-targets | 1.134.0 | 间接依赖 | npm |
| pytz | 2021.3 | 间接依赖 | pip |
| listdir | 间接依赖 | pip |