基础信息
项目名称:eduard-permyakov/permafrost-engine
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1717404277983019008/1717404278024962048
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| GNU Libiberty 安全漏洞 | 输入验证不恰当 | MPS-2017-1331 | CVE-2016-6131 | 高危 |
| libiberty 数字错误漏洞 | 整数溢出或环绕 | MPS-2017-2066 | CVE-2016-2226 | 高危 |
| libiberty 安全漏洞 | UAF | MPS-2017-2070 | CVE-2016-4487 | 中危 |
| libiberty 安全漏洞 | UAF | MPS-2017-2071 | CVE-2016-4488 | 中危 |
| libiberty 数字错误漏洞 | 整数溢出或环绕 | MPS-2017-2072 | CVE-2016-4489 | 中危 |
| libiberty 数字错误漏洞 | 整数溢出或环绕 | MPS-2017-2073 | CVE-2016-4490 | 中危 |
| libiberty 安全漏洞 | 缓冲区溢出 | MPS-2017-2074 | CVE-2016-4491 | 中危 |
| libiberty 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2017-2075 | CVE-2016-4492 | 中危 |
| libiberty 安全漏洞 | 越界读取 | MPS-2017-2076 | CVE-2016-4493 | 中危 |
| GNU Binutils 安全漏洞 | 不可达退出条件的循环(无限循环) | MPS-2018-14162 | CVE-2018-18700 | 中危 |
| GNU Binutils GNU libiberty 安全漏洞 | 拒绝服务 | MPS-2018-8266 | CVE-2018-12698 | 高危 |
| GNU Binutils 缓冲区错误漏洞 | 越界读取 | MPS-2019-1889 | CVE-2019-9070 | 高危 |
| GNU libiberty 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2021-32366 | CVE-2021-3826 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| libiberty | 9.1.0 | 间接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| LGPL-2.0-or-later | 2 | 低 |
| MIT | 5 | 低 |
| 自定义许可证 | 5 | 低 |
| LGPL-2.1 | 1 | 中 |
| Apache-2.0 | 1 | 低 |
| Python-2.0 | 3 | 低 |
| Zlib | 1 | 低 |
| BSL-1.0 | 1 | 低 |
| MPL-2.0 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| _Qd | 间接依赖 | pip | |
| PseudoInputFile | 间接依赖 | pip | |
| ClassBrowser | 间接依赖 | pip | |
| UserDict | 间接依赖 | pip | |
| KERNEL32.dll | 间接依赖 | ||
| HWND | 间接依赖 | pip | |
| MSVCR71.dll | 间接依赖 | ||
| BOOL | 间接依赖 | pip | |
| ENTER | 间接依赖 | pip | |
| _Drag | 间接依赖 | pip | |
| openal | 1.21.1 | 间接依赖 | |
| assert_python_ok | 间接依赖 | pip | |
| DocXMLRPCServer | 间接依赖 | pip | |
| list_tests | 间接依赖 | pip | |
| _struct | 间接依赖 | pip | |
| _Snd | 间接依赖 | pip | |
| framer | 间接依赖 | pip | |
| AbstractTkTest | 间接依赖 | pip | |
| bgenOutput | 间接依赖 | pip | |
| check_syntax_error | 间接依赖 | pip | |
| import_module | 间接依赖 | pip | |
| z | 间接依赖 | pip | |
| CoverageResults | 间接依赖 | pip | |
| SHELL32.dll | 间接依赖 | ||
| run_unittest | 间接依赖 | pip | |
| USER32.dll | 间接依赖 | ||
| proxy | 间接依赖 | pip | |
| _Cm | 间接依赖 | pip | |
| PseudoOutputFile | 间接依赖 | pip | |
| isnan | 间接依赖 | pip | |
| this | 间接依赖 | pip | |
| __builtin__ | 间接依赖 | pip | |
| MSVCRT.dll | 间接依赖 | ||
| xxsubtype | 间接依赖 | pip | |
| _Scrap | 间接依赖 | pip | |
| idlelib | 间接依赖 | pip | |
| aboutDialog | 间接依赖 | pip | |
| Tkinter | 间接依赖 | pip | |
| OpenerDirector | 间接依赖 | pip | |
| Carbon | 间接依赖 | pip | |
| visitor | 间接依赖 | pip | |
| _App | 间接依赖 | pip | |
| _Win | 间接依赖 | pip | |
| ADVAPI32.dll | 间接依赖 | ||
| _Qdoffs | 间接依赖 | pip | |
| CTest | 间接依赖 | pip | |
| _Dlg | 间接依赖 | pip | |
| lib2to3 | 间接依赖 | pip | |
| _CG | 间接依赖 | pip | |
| randrange | 间接依赖 | pip | |
| AF_INET6 | 间接依赖 | pip | |
| cStringIO | 间接依赖 | pip | |
| findfile | 间接依赖 | pip | |
| libiberty | 9.1.0 | 间接依赖 | |
| pybench | 间接依赖 | pip | |
| exp | 间接依赖 | pip | |
| _IBCarbon | 间接依赖 | pip | |
| test_src | 间接依赖 | pip | |
| _Launch | 间接依赖 | pip | |
| _AH | 间接依赖 | pip | |
| _Alias | 间接依赖 | pip | |
| Text | 间接依赖 | pip | |
| mapping_tests | 间接依赖 | pip | |
| PyTest | 间接依赖 | pip | |
| TclError | 间接依赖 | pip | |
| LoggingResult | 间接依赖 | pip | |
| COMCTL32.dll | 间接依赖 | ||
| MSVCR80.dll | 间接依赖 | ||
| _CarbonEvt | 间接依赖 | pip | |
| have_unicode | 间接依赖 | pip | |
| cpython | 3.10.0 | 间接依赖 | |
| textView | 间接依赖 | pip | |
| ref | 间接依赖 | pip | |
| TestFailed | 间接依赖 | pip | |
| requires_tcl | 间接依赖 | pip | |
| _Help | 间接依赖 | pip | |
| _CF | 间接依赖 | pip | |
| CleanImport | 间接依赖 | pip | |
| TreeNode | 间接依赖 | pip | |
| cpython | 间接依赖 | ||
| HTTPServer | 间接依赖 | pip | |
| _Qt | 间接依赖 | pip | |
| check_warnings | 间接依赖 | pip | |
| Toplevel | 间接依赖 | pip | |
| ModuleBrowserTreeItem | 间接依赖 | pip | |
| check_py3k_warnings | 间接依赖 | pip | |
| compileFile | 间接依赖 | pip | |
| test_support | 间接依赖 | pip | |
| Trace | 间接依赖 | pip | |
| GDI32.dll | 间接依赖 | ||
| setitem | 间接依赖 | pip | |
| precisionbigmemtest | 间接依赖 | pip | |
| transformer | 间接依赖 | pip | |
| y | 间接依赖 | pip | |
| _Menu | 间接依赖 | pip | |
| openal | 间接依赖 | ||
| sdl | 间接依赖 | ||
| Request | 间接依赖 | pip | |
| cpython | 3.8.12 | 间接依赖 | |
| cpython | 2.7.18 | 间接依赖 | |
| _List | 间接依赖 | pip | |
| TestEquality | 间接依赖 | pip | |
| Popen | 间接依赖 | pip | |
| TESTFN | 间接依赖 | pip | |
| _AE | 间接依赖 | pip | |
| choice | 间接依赖 | pip | |
| _TE | 间接依赖 | pip | |
| TreeItem | 间接依赖 | pip | |
| USHRT_MAX | 间接依赖 | pip | |
| ole32.dll | 间接依赖 | ||
| _2G | 间接依赖 | pip | |
| _File | 间接依赖 | pip | |
| basename | 间接依赖 | pip | |
| _Folder | 间接依赖 | pip | |
| Extension | 间接依赖 | pip | |
| inet_pton | 间接依赖 | pip | |
| ImportHooksBaseTestCase | 间接依赖 | pip | |
| shuffle | 间接依赖 | pip | |
| compiler | 间接依赖 | pip | |
| requires | 间接依赖 | pip | |
| _Fm | 间接依赖 | pip | |
| _OSA | 间接依赖 | pip | |
| test_genericpath | 间接依赖 | pip | |
| string_tests | 间接依赖 | pip | |
| setslice | 间接依赖 | pip | |
| UCHAR_MAX | 间接依赖 | pip | |
| test_int | 间接依赖 | pip | |
| parse | 间接依赖 | pip | |
| atan2 | 间接依赖 | pip | |
| _Ctl | 间接依赖 | pip | |
| log | 间接依赖 | pip | |
| Tcl | 间接依赖 | pip | |
| db | 间接依赖 | pip | |
| Tk | 间接依赖 | pip | |
| Distribution | 间接依赖 | pip | |
| dirname | 间接依赖 | pip | |
| poco | 间接依赖 | ||
| assert_python_failure | 间接依赖 | pip | |
| _Icn | 间接依赖 | pip | |
| _Evt | 间接依赖 | pip | |
| webchecker | 间接依赖 | pip | |
| verbose | 间接依赖 | pip | |
| PIPE | 间接依赖 | pip | |
| BaseHTTPRequestHandler | 间接依赖 | pip | |
| _Mlte | 间接依赖 | pip | |
| _Sndihooks | 间接依赖 | pip | |
| EXIT | 间接依赖 | pip |