基础信息
项目名称:AppScale/appscale
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1720684516184752128/1720684516264443904
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Apache Log4j SocketServer反序列化漏洞 | 反序列化 | MPS-2019-17271 | CVE-2019-17571 | 严重 |
| Apache Log4j2 SmtpAppender证书验证不当漏洞 | 证书验证不恰当 | MPS-2020-6684 | CVE-2020-9488 | 低危 |
| Apache Log4j JMSAppender反序列化漏洞 | 反序列化 | MPS-2021-38359 | CVE-2021-4104 | 高危 |
| commons-codec:commons-codec 存在信息泄露漏洞 | 未授权敏感信息泄露 | MPS-2022-11853 | 低危 | |
| Apache Log4j JDBCAppender SQL注入漏洞 | SQL注入 | MPS-2022-1444 | CVE-2022-23305 | 严重 |
| Apache Log4j Chainsaw反序列化漏洞 | 反序列化 | MPS-2022-1445 | CVE-2022-23307 | 高危 |
| Apache Log4j 反序列化漏洞 | 反序列化 | MPS-2022-1446 | CVE-2022-23302 | 高危 |
| Python 安全漏洞 | ReDoS | MPS-2022-57238 | CVE-2022-40897 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| log4j:log4j | 1.2.12 | 直接依赖 | 建议修复 | |
| setuptools | 39.2.0 | 65.5.1 | 间接依赖 | 可选修复 |
| commons-codec:commons-codec | 1.4 | 1.13 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| 自定义许可证 | 22 | 低 |
| BSD-3-Clause | 1 | 低 |
| MIT | 11 | 低 |
| LGPL-3.0 | 1 | 中 |
| Apache-2.0 | 4 | 低 |
| ZPL-2.1 | 1 | 低 |
| BSD-2-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| Request | 间接依赖 | pip | |
| patterns | 间接依赖 | pip | |
| widgets | 间接依赖 | pip | |
| EmptyPage | 间接依赖 | pip | |
| numpy | 间接依赖 | pip | |
| CDLL | 间接依赖 | pip | |
| Donut | 间接依赖 | pip | |
| CustomPKModel | 间接依赖 | pip | |
| urlsplit | 间接依赖 | pip | |
| AppHelperException | 间接依赖 | pip | |
| RequestFactory | 间接依赖 | pip | |
| 间接依赖 | pip | ||
| Storage | 间接依赖 | pip | |
| Markup | 间接依赖 | pip | |
| DateField | 间接依赖 | pip | |
| Literal | 间接依赖 | pip | |
| AsyncTestCase | 间接依赖 | pip | |
| ugettext | 间接依赖 | pip | |
| SimpleCookie | 间接依赖 | pip | |
| Permission | 间接依赖 | pip | |
| EmptyQuerySet | 间接依赖 | pip | |
| Avg | 间接依赖 | pip | |
| url | 间接依赖 | pip | |
| hotshot | 间接依赖 | pip | |
| localflavor | 间接依赖 | pip | |
| NoArgsCommand | 间接依赖 | pip | |
| call_command | 间接依赖 | pip | |
| PasswordResetForm | 间接依赖 | pip | |
| dump | 间接依赖 | pip | |
| BaseDetailView | 间接依赖 | pip | |
| CommandError | 间接依赖 | pip | |
| DateTimeField | 间接依赖 | pip | |
| mod_python | 间接依赖 | pip | |
| SolrSchemaFieldInfo | 间接依赖 | pip | |
| get_token | 间接依赖 | pip | |
| __pypy__ | 间接依赖 | pip | |
| Charset | 间接依赖 | pip | |
| SimpleLazyObject | 间接依赖 | pip | |
| Template | 间接依赖 | pip | |
| mysql | 间接依赖 | pip | |
| BaseStorage | 间接依赖 | pip | |
| _imaging | 间接依赖 | pip | |
| MySQLdb | 间接依赖 | pip | |
| Variable | 间接依赖 | pip | |
| realsocket | 间接依赖 | pip | |
| Event | 间接依赖 | pip | |
| next | 间接依赖 | pip | |
| skipIfDBFeature | 间接依赖 | pip | |
| WKTReader | 间接依赖 | pip | |
| Sum | 间接依赖 | pip | |
| FixedOffset | 间接依赖 | pip | |
| settings | 间接依赖 | pip | |
| NO_DEFAULT | 间接依赖 | pip | |
| models | 间接依赖 | pip | |
| empty | 间接依赖 | pip | |
| cherrypy | 间接依赖 | pip | |
| lookup_field | 间接依赖 | pip | |
| Archive | 间接依赖 | pip | |
| deactivate | 间接依赖 | pip | |
| setup | 间接依赖 | pip | |
| build_suite | 间接依赖 | pip | |
| urlunparse | 间接依赖 | pip | |
| RumBaba | 间接依赖 | pip | |
| getaddresses | 间接依赖 | pip | |
| django | 间接依赖 | pip | |
| commons-logging:commons-logging | 1.1.1 | 直接依赖 | maven |
| smart_unicode | 间接依赖 | pip | |
| OptionParser | 间接依赖 | pip | |
| Person | 间接依赖 | pip | |
| BaseCookie | 间接依赖 | pip | |
| ugettext_lazy | 间接依赖 | pip | |
| OGRGeomType | 间接依赖 | pip | |
| TestStorage | 间接依赖 | pip | |
| timeuntil | 间接依赖 | pip | |
| GenericForeignKey | 间接依赖 | pip | |
| urlencode | 间接依赖 | pip | |
| UTC | 间接依赖 | pip | |
| GenericRelation | 间接依赖 | pip | |
| HttpResponseServerError | 间接依赖 | pip | |
| escape | 间接依赖 | pip | |
| locks | 间接依赖 | pip | |
| transaction | 间接依赖 | pip | |
| PermWrapper | 间接依赖 | pip | |
| Article | 间接依赖 | pip | |
| debug | 间接依赖 | pip | |
| error | 间接依赖 | pip | |
| tornado | 间接依赖 | pip | |
| Fault | 间接依赖 | pip | |
| app2 | 间接依赖 | pip | |
| MultipleObjectsReturned | 间接依赖 | pip | |
| Country | 间接依赖 | pip | |
| DataSource | 间接依赖 | pip | |
| get_apps | 间接依赖 | pip | |
| timesince | 间接依赖 | pip | |
| views | 间接依赖 | pip | |
| LabelCommand | 间接依赖 | pip | |
| Context | 间接依赖 | pip | |
| md5_constructor | 间接依赖 | pip | |
| SafeData | 间接依赖 | pip | |
| check_for_language | 间接依赖 | pip | |
| router | 间接依赖 | pip | |
| restore_warnings_state | 间接依赖 | pip | |
| mock | 间接依赖 | pip | |
| MagicMock | 间接依赖 | pip | |
| Node | 间接依赖 | pip | |
| Extent3D | 间接依赖 | pip | |
| utc | 间接依赖 | pip | |
| normpath | 间接依赖 | pip | |
| REDIRECT_FIELD_NAME | 间接依赖 | pip | |
| ModelDatabrowse | 间接依赖 | pip | |
| activate | 间接依赖 | pip | |
| backend | 间接依赖 | pip | |
| Foo | 间接依赖 | pip | |
| utils | 间接依赖 | pip | |
| ImageField | 间接依赖 | pip | |
| Signal | 间接依赖 | pip | |
| BrokenException | 间接依赖 | pip | |
| load | 间接依赖 | pip | |
| service | 间接依赖 | pip | |
| File | 间接依赖 | pip | |
| fromstr | 间接依赖 | pip | |
| CreateError | 间接依赖 | pip | |
| include_list_name | 间接依赖 | pip | |
| Client | 间接依赖 | pip | |
| Writer | 间接依赖 | pip | |
| logkit:logkit | 1.0.1 | 直接依赖 | maven |
| iri_to_uri | 间接依赖 | pip | |
| FieldDoesNotExist | 间接依赖 | pip | |
| FacetResult | 间接依赖 | pip | |
| temp_storage | 间接依赖 | pip | |
| login_required | 间接依赖 | pip | |
| SpatialFunction | 间接依赖 | pip | |
| GeoIP | 间接依赖 | pip | |
| timedelta | 间接依赖 | pip | |
| admin_scripts | 间接依赖 | pip | |
| HttpResponseRedirect | 间接依赖 | pip | |
| extract | 间接依赖 | pip | |
| QuerySet | 间接依赖 | pip | |
| notice_h | 间接依赖 | pip | |
| get_language | 间接依赖 | pip | |
| LocalTimezone | 间接依赖 | pip | |
| Extension | 间接依赖 | pip | |
| user_logged_out | 间接依赖 | pip | |
| update_wrapper | 间接依赖 | pip | |
| user_logged_in | 间接依赖 | pip | |
| Category | 间接依赖 | pip | |
| HTTPConnection | 间接依赖 | pip | |
| dateformat | 间接依赖 | pip | |
| cStringIO | 间接依赖 | pip | |
| StringIO | 间接依赖 | pip | |
| HttpRequest | 间接依赖 | pip | |
| Response | 间接依赖 | pip | |
| urlparse | 间接依赖 | pip | |
| commons-codec:commons-codec | 1.4 | 直接依赖 | maven |
| async_test | 间接依赖 | pip | |
| CsrfViewMiddleware | 间接依赖 | pip | |
| preview | 间接依赖 | pip | |
| ViewDoesNotExist | 间接依赖 | pip | |
| c_char | 间接依赖 | pip | |
| InvalidPage | 间接依赖 | pip | |
| AppDashboardHelper | 间接依赖 | pip | |
| Book | 间接依赖 | pip | |
| IfParser | 间接依赖 | pip | |
| SpatialReference | 间接依赖 | pip | |
| gen_test | 间接依赖 | pip | |
| is_aware | 间接依赖 | pip | |
| ExceptionReporter | 间接依赖 | pip | |
| Group | 间接依赖 | pip | |
| iteritems | 间接依赖 | pip | |
| web | 间接依赖 | pip | |
| api_helper | 间接依赖 | pip | |
| wraps | 间接依赖 | pip | |
| patch | 间接依赖 | pip | |
| PALETTES | 间接依赖 | pip | |
| ObjectDoesNotExist | 间接依赖 | pip | |
| jinja2 | 间接依赖 | pip | |
| formatdate | 间接依赖 | pip | |
| Envelope | 间接依赖 | pip | |
| sha_constructor | 间接依赖 | pip | |
| get_warnings_state | 间接依赖 | pip | |
| flexmock | 间接依赖 | pip | |
| ntob | 间接依赖 | pip | |
| dbconstants | 间接依赖 | pip | |
| SpatialOperation | 间接依赖 | pip | |
| taskqueue_service_pb2 | 间接依赖 | pip | |
| load_app | 间接依赖 | pip | |
| appscale | 间接依赖 | pip | |
| SESSION_KEY | 间接依赖 | pip | |
| copy_helper | 间接依赖 | pip | |
| httpclient | 间接依赖 | pip | |
| exceptions | 间接依赖 | pip | |
| BaseCommand | 间接依赖 | pip | |
| parseString | 间接依赖 | pip | |
| AutoField | 间接依赖 | pip | |
| setuptools | 39.2.0 | 间接依赖 | pip |
| SECRET_HEADER | 间接依赖 | pip | |
| default_storage | 间接依赖 | pip | |
| join | 间接依赖 | pip | |
| org.slf4j:slf4j-api | 1.5.6 | 直接依赖 | maven |
| set | 间接依赖 | pip | |
| partial | 间接依赖 | pip | |
| skipUnlessDBFeature | 间接依赖 | pip | |
| AnonymousUser | 间接依赖 | pip | |
| _cpwsgi | 间接依赖 | pip | |
| SingleObjectTemplateResponseMixin | 间接依赖 | pip | |
| City | 间接依赖 | pip | |
| LayerMapping | 间接依赖 | pip | |
| stats_manager | 间接依赖 | pip | |
| Image | 间接依赖 | pip | |
| template | 间接依赖 | pip | |
| TransactionTestCase | 间接依赖 | pip | |
| allow_lazy | 间接依赖 | pip | |
| OGRException | 间接依赖 | pip | |
| Author | 间接依赖 | pip | |
| sorted | 间接依赖 | pip | |
| formsets | 间接依赖 | pip | |
| global_settings | 间接依赖 | pip | |
| get_daemon | 间接依赖 | pip | |
| except_args | 间接依赖 | pip | |
| cx_Oracle | 间接依赖 | pip | |
| webob | 间接依赖 | pip | |
| Bar | 间接依赖 | pip | |
| samples | 间接依赖 | pip | |
| get_app | 间接依赖 | pip | |
| PageNotAnInteger | 间接依赖 | pip | |
| tzinfo | 间接依赖 | pip | |
| TaskQueueLocust | 间接依赖 | pip | |
| make_option | 间接依赖 | pip | |
| force_text | 间接依赖 | pip | |
| log4j:log4j | 1.2.12 | 直接依赖 | maven |
| InternalError | 间接依赖 | pip | |
| BadRequest | 间接依赖 | pip | |
| permission_required | 间接依赖 | pip | |
| Paginator | 间接依赖 | pip | |
| org.apache.httpcomponents:httpcore | 4.1.2 | 直接依赖 | maven |
| OGRGeometry | 间接依赖 | pip | |
| User | 间接依赖 | pip | |
| force_str | 间接依赖 | pip | |
| BytesIO | 间接依赖 | pip | |
| compress_sequence | 间接依赖 | pip | |
| urlresolvers | 间接依赖 | pip | |
| constants | 间接依赖 | pip | |
| gdal | 间接依赖 | pip | |
| c_char_p | 间接依赖 | pip | |
| smart_str | 间接依赖 | pip | |
| gflags | 间接依赖 | pip | |
| numberformat | 间接依赖 | pip | |
| display_for_field | 间接依赖 | pip | |
| urlunsplit | 间接依赖 | pip | |
| parse_backend_uri | 间接依赖 | pip | |
| UrlArticle | 间接依赖 | pip | |
| DjangoTestSuiteRunner | 间接依赖 | pip | |
| ntou | 间接依赖 | pip | |
| get_request | 间接依赖 | pip | |
| ValidationError | 间接依赖 | pip | |
| IncompleteRead | 间接依赖 | pip | |
| constant_time_compare | 间接依赖 | pip | |
| regressiontests | 间接依赖 | pip | |
| UniqueTogetherModel | 间接依赖 | pip | |
| avalon-framework:avalon-framework | 4.1.3 | 直接依赖 | maven |
| connections | 间接依赖 | pip | |
| LayerMapError | 间接依赖 | pip | |
| SuspiciousOperation | 间接依赖 | pip | |
| to_locale | 间接依赖 | pip | |
| wizard | 间接依赖 | pip | |
| ContentFile | 间接依赖 | pip | |
| feedgenerator | 间接依赖 | pip | |
| ACCEPTABLE_STATS_AGE | 间接依赖 | pip | |
| modeltests | 间接依赖 | pip | |
| gen | 间接依赖 | pip | |
| RETRY_LIMIT | 间接依赖 | pip | |
| call | 间接依赖 | pip | |
| paste | 间接依赖 | pip | |
| AsyncHTTPTestCase | 间接依赖 | pip | |
| KindIndex | 间接依赖 | pip | |
| parse_color_setting | 间接依赖 | pip | |
| Count | 间接依赖 | pip | |
| forms | 间接依赖 | pip | |
| loader | 间接依赖 | pip | |
| TEST_PROJECT | 间接依赖 | pip | |
| Encoders | 间接依赖 | pip | |
| internet | 间接依赖 | pip | |
| Union | 间接依赖 | pip | |
| get_exception_reporter_filter | 间接依赖 | pip | |
| compress_string | 间接依赖 | pip | |
| feeds | 间接依赖 | pip | |
| ungettext | 间接依赖 | pip | |
| Max | 间接依赖 | pip | |
| remote_api_pb2 | 间接依赖 | pip | |
| DatabrowsePlugin | 间接依赖 | pip | |
| Meta | 间接依赖 | pip | |
| CoordTransform | 间接依赖 | pip | |
| basestring | 间接依赖 | pip | |
| Popen | 间接依赖 | pip | |
| DateTime | 间接依赖 | pip | |
| SIGTERM | 间接依赖 | pip | |
| DatabaseError | 间接依赖 | pip | |
| connection | 间接依赖 | pip | |
| Message | 间接依赖 | pip | |
| javax.activation:activation | 1.1 | 直接依赖 | maven |
| unicodestr | 间接依赖 | pip | |
| ImproperlyConfigured | 间接依赖 | pip | |
| Point | 间接依赖 | pip | |
| no_mysql | 间接依赖 | pip | |
| copykeys | 间接依赖 | pip | |
| salted_hmac | 间接依赖 | pip | |
| api | 间接依赖 | pip | |
| SessionBase | 间接依赖 | pip | |
| PULL_QUEUE | 间接依赖 | pip | |
| error_messages | 间接依赖 | pip | |
| md5 | 间接依赖 | pip | |
| QueryDict | 间接依赖 | pip | |
| HttpResponse | 间接依赖 | pip | |
| _cprequest | 间接依赖 | pip | |
| date | 间接依赖 | pip | |
| query | 间接依赖 | pip | |
| Driver | 间接依赖 | pip | |
| TestCase | 间接依赖 | pip | |
| quote | 间接依赖 | pip | |
| lgeos | 间接依赖 | pip | |
| force_unicode | 间接依赖 | pip | |
| PIPE | 间接依赖 | pip | |
| PermLookupDict | 间接依赖 | pip | |
| validators | 间接依赖 | pip | |
| RequestContext | 间接依赖 | pip | |
| receiver | 间接依赖 | pip | |
| Library | 间接依赖 | pip | |
| CompositeIndex | 间接依赖 | pip | |
| sha | 间接依赖 | pip | |
| normcase | 间接依赖 | pip | |
| cache | 间接依赖 | pip | |
| byref | 间接依赖 | pip | |
| mark_safe | 间接依赖 | pip | |
| GeoIPException | 间接依赖 | pip | |
| helper_functions | 间接依赖 | pip | |
| GEOSGeometry | 间接依赖 | pip | |
| SetPasswordForm | 间接依赖 | pip |