dokku/dokku 软件分析报告

基础信息

项目名称:dokku/dokku

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1721140347651751936/1722738915231617024

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
org.webjars.npm:semver-regex ReDoS 漏洞 拒绝服务 MPS-2015-6495 高危
semver-regex 拒绝服务漏洞 ReDoS MPS-2021-31625 CVE-2021-3795 高危
semver-regex 安全漏洞 ReDoS MPS-2021-35111 CVE-2021-43307 高危
trim-newlines 存在拒绝服务漏洞 拒绝服务 MPS-2021-7398 CVE-2021-33623 高危
semver-regex 存在拒绝服务漏洞 不正确的正则表达式 MPS-2022-14030 中危
semver-regex 存在拒绝服务漏洞 拒绝服务 MPS-2022-14031 高危
semver-regex 存在ReDoS漏洞 ReDoS MPS-2022-14032 中危
Sensio Labs Symfony 授权问题漏洞 授权机制不恰当 MPS-2022-3861 CVE-2022-24894 高危
node-semver 安全漏洞 ReDoS MPS-2022-5166 CVE-2022-25883 高危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
semver-regex 1.0.0 3.1.4 间接依赖 建议修复
trim-newlines 1.0.0 3.0.1 间接依赖 建议修复
symfony/http-kernel v3.4.35 4.4.50 间接依赖 可选修复
semver 4.3.6 7.5.2 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
MIT 150
BSD-3-Clause 17
EPL-2.0 6
Apache-2.0 8
ISC 14
自定义许可证 7
BSD-2-Clause 4

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
has 1.0.3 间接依赖 npm
click 8.1.7 间接依赖 pip
array-uniq 1.0.3 间接依赖 npm
picomatch 2.3.1 间接依赖 npm
liftup 3.0.1 间接依赖 npm
is-absolute 1.0.0 间接依赖 npm
org.eclipse.jetty:jetty-server 11.0.18 间接依赖 maven
is-extglob 2.1.1 间接依赖 npm
redent 1.0.0 间接依赖 npm
array-union 2.1.0 间接依赖 npm
requests 2.31.0 间接依赖 pip
ruby2_keywords 0.0.5 间接依赖 bundler
monolog/monolog 1.27.1 间接依赖 composer
color-convert 2.0.1 间接依赖 npm
inflight 1.0.6 间接依赖 npm
symfony/event-dispatcher v3.4.35 间接依赖 composer
path-parse 1.0.7 间接依赖 npm
github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 间接依赖 go
django 间接依赖 pip
interpret 1.1.0 间接依赖 npm
mergedeep 1.3.4 间接依赖 pip
sass 3.4.25 间接依赖 bundler
Flask 3.0.0 间接依赖 pip
zipp 3.17.0 间接依赖 pip
importlib-metadata 6.8.0 间接依赖 pip
github.com/gofrs/flock v0.8.1 直接依赖 go
sass-globbing 1.1.5 间接依赖 bundler
argparse 1.0.10 间接依赖 npm
concat-map 0.0.1 间接依赖 npm
bin-version-check 2.1.0 间接依赖 npm
balanced-match 1.0.2 间接依赖 npm
array-slice 1.1.0 间接依赖 npm
braces 3.0.2 间接依赖 npm
Werkzeug 3.0.1 间接依赖 pip
esprima 4.0.1 间接依赖 npm
parse-passwd 1.0.0 间接依赖 npm
ansi-styles 4.3.0 间接依赖 npm
pinkie 2.0.4 间接依赖 npm
once 1.4.0 间接依赖 npm
github.com/dokku/dokku/plugins/config v0.0.0-00010101000000-000000000000 直接依赖 go
github.com/robfig/cron/v3 v3.0.1 直接依赖 go
object-assign 4.1.1 间接依赖 npm
p-locate 3.0.0 间接依赖 npm
symfony/routing v3.4.32 间接依赖 composer
minimist 1.2.6 间接依赖 npm
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c 间接依赖 go
decamelize 1.2.0 间接依赖 npm
golang.org/x/text v0.13.0 间接依赖 go
fs.realpath 1.0.0 间接依赖 npm
v8flags 3.2.0 间接依赖 npm
p-try 2.2.0 间接依赖 npm
loud-rejection 1.6.0 间接依赖 npm
is-number 7.0.0 间接依赖 npm
array-each 1.0.1 间接依赖 npm
supports-color 7.2.0 间接依赖 npm
is-core-module 2.8.1 间接依赖 npm
micromatch 4.0.5 直接依赖 npm
locate-path 3.0.0 直接依赖 npm
isexe 2.0.0 间接依赖 npm
github.com/google/go-cmp v0.5.9 间接依赖 go
lodash 4.17.21 间接依赖 npm
soupsieve 2.5 间接依赖 pip
symfony/http-kernel v3.4.35 间接依赖 composer
get-stdin 4.0.1 间接依赖 npm
semver-truncate 1.1.2 间接依赖 npm
is-glob 4.0.3 直接依赖 npm
compass-core 1.0.3 间接依赖 bundler
Pygments 2.16.1 间接依赖 pip
@types/minimatch 3.0.5 间接依赖 npm
nopt 3.0.6 间接依赖 npm
github.com/onsi/gomega v1.28.0 直接依赖 go
read-pkg-up 1.0.1 间接依赖 npm
fined 1.2.0 间接依赖 npm
pyparsing 3.1.1 间接依赖 pip
pinkie-promise 2.0.1 间接依赖 npm
has-flag 4.0.0 间接依赖 npm
grunt-legacy-util 2.0.1 间接依赖 npm
eventmachine 1.2.7 间接依赖 bundler
org.eclipse.jetty.toolchain:jetty-jakarta-servlet-api 5.0.2 间接依赖 maven
brace-expansion 1.1.11 间接依赖 npm
path-exists 2.1.0 间接依赖 npm
github.com/dokku/dokku/plugins/docker-options v0.0.0-00010101000000-000000000000 直接依赖 go
google.golang.org/protobuf v1.26.0 间接依赖 go
psr/log 1.1.4 间接依赖 composer
mkdocs-material 9.4.7 间接依赖 pip
trim-newlines 1.0.0 间接依赖 npm
rb-inotify 0.10.1 间接依赖 bundler
github.com/google/go-cmp v0.6.0 间接依赖 go
grunt 1.5.3 直接依赖 npm
rack 2.2.8 间接依赖 bundler
symfony/polyfill-mbstring v1.12.0 间接依赖 composer
for-in 1.0.2 间接依赖 npm
golang.org/x/sync v0.4.0 直接依赖 go
MarkupSafe 2.1.3 间接依赖 pip
mkdocs 1.5.3 间接依赖 pip
six 1.16.0 间接依赖 pip
github.com/onsi/gomega v1.29.0 直接依赖 go
hooker 0.2.3 间接依赖 npm
find-versions 1.2.1 间接依赖 npm
symfony/polyfill-php56 v1.12.0 间接依赖 composer
isobject 3.0.1 间接依赖 npm
map-obj 1.0.1 间接依赖 npm
meow 3.7.0 间接依赖 npm
github.com/joncalhoun/qson v0.0.0-20200422171543-84433dcd3da0 直接依赖 go
os-homedir 1.0.2 间接依赖 npm
compass 1.0.3 间接依赖 bundler
eventemitter2 0.4.14 间接依赖 npm
pkg-up 3.1.0 间接依赖 npm
os-tmpdir 1.0.2 间接依赖 npm
load-grunt-tasks 5.1.0 直接依赖 npm
grunt-legacy-log 3.0.0 间接依赖 npm
watchdog 3.0.0 间接依赖 pip
path-is-absolute 1.0.1 间接依赖 npm
org.eclipse.jetty:jetty-servlet 11.0.18 直接依赖 maven
js-yaml 3.14.1 间接依赖 npm
map-cache 0.2.2 间接依赖 npm
inherits 2.0.4 间接依赖 npm
chalk 4.1.2 间接依赖 npm
requirements.txt 间接依赖 pip
silex/silex v2.2.4 间接依赖 composer
gopkg.in/yaml.v3 v3.0.1 间接依赖 go
parse-filepath 1.0.2 间接依赖 npm
github.com/dokku/dokku/plugins/common v0.0.0-00010101000000-000000000000 直接依赖 go
github.com/codeskyblue/go-sh v0.0.0-20190412065543-76bd3d59ff27 直接依赖 go
semver-regex 1.0.0 间接依赖 npm
pyyaml_env_tag 0.1 间接依赖 pip
ffi 1.15.5 间接依赖 bundler
mkdocs-exclude 1.0.2 间接依赖 pip
render_template 间接依赖 pip
pymdown-extensions 10.3.1 间接依赖 pip
flagged-respawn 1.0.1 间接依赖 npm
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 间接依赖 go
osenv 0.1.5 直接依赖 npm
grunt-known-options 2.0.0 间接依赖 npm
symfony/debug v3.4.35 间接依赖 composer
resolve-from 5.0.0 间接依赖 npm
is-plain-object 2.0.4 间接依赖 npm
compass-import-once 1.0.5 间接依赖 bundler
psr/container 1.0.0 间接依赖 composer
which 1.3.1 间接依赖 npm
fill-range 7.0.1 间接依赖 npm
github.com/spf13/pflag v1.0.5 直接依赖 go
resolve-pkg 2.0.0 间接依赖 npm
supports-preserve-symlinks-flag 1.0.0 间接依赖 npm
rack-protection 3.1.0 间接依赖 bundler
rb-fsevent 0.11.2 间接依赖 bundler
github.com/golang/protobuf v1.5.3 直接依赖 go
grunt-legacy-log-utils 2.1.0 间接依赖 npm
abort 间接依赖 pip
colors 1.1.2 间接依赖 npm
bin-version 1.0.4 间接依赖 npm
normalize-package-data 2.5.0 间接依赖 npm
tilt 2.2.0 间接依赖 bundler
getobject 1.0.2 间接依赖 npm
javax.servlet:servlet-api 2.5 直接依赖 maven
daemons 1.4.1 间接依赖 bundler
util-deprecate 1.0.2 间接依赖 npm
homedir-polyfill 1.0.3 间接依赖 npm
packaging 23.2 间接依赖 pip
golang.org/x/sys v0.13.0 间接依赖 go
multi_json 1.15.0 间接依赖 bundler
multimatch 4.0.0 间接依赖 npm
sinatra 3.1.0 间接依赖 bundler
object.defaults 1.1.0 间接依赖 npm
underscore.string 3.3.6 间接依赖 npm
dargs 2.1.0 间接依赖 npm
grunt-cli 1.4.3 间接依赖 npm
wrappy 1.0.2 间接依赖 npm
p-limit 2.3.0 间接依赖 npm
onetime 1.1.0 间接依赖 npm
google.golang.org/grpc v1.29.1 直接依赖 go
PyYAML 6.0.1 间接依赖 pip
ghp-import 2.1.0 间接依赖 pip
dateformat 3.0.3 间接依赖 npm
thin 1.8.2 间接依赖 bundler
mvdan.cc/sh/v3 v3.7.0 直接依赖 go
for-own 1.0.0 间接依赖 npm
pimple/pimple v3.2.3 间接依赖 composer
github.com/joho/godotenv v1.2.0 直接依赖 go
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 直接依赖 go
org.eclipse.jetty:jetty-http 11.0.18 间接依赖 maven
to-regex-range 5.0.1 间接依赖 npm
extend 3.0.2 间接依赖 npm
symfony/polyfill-ctype v1.12.0 间接依赖 composer
expand-tilde 2.0.2 间接依赖 npm
mustermann 3.0.0 间接依赖 bundler
golang.org/x/net v0.17.0 直接依赖 go
rimraf 3.0.2 间接依赖 npm
semver 4.3.6 间接依赖 npm
async 1.5.2 间接依赖 npm
path-root 0.1.1 间接依赖 npm
org.slf4j:slf4j-api 2.0.5 间接依赖 maven
kind-of 6.0.3 间接依赖 npm
github.com/multiformats/go-base36 v0.2.0 直接依赖 go
org.eclipse.jetty:jetty-security 11.0.18 间接依赖 maven
bower 1.8.12 直接依赖 npm
exit 0.1.2 间接依赖 npm
symfony/http-foundation v3.4.35 间接依赖 composer
org.eclipse.jetty:jetty-io 11.0.18 间接依赖 maven
iconv-lite 0.4.24 间接依赖 npm
Jinja2 3.1.2 间接依赖 pip
chunky_png 1.4.0 间接依赖 bundler
camelcase-keys 2.1.0 间接依赖 npm
sprintf-js 1.0.3 间接依赖 npm
github.com/ryanuber/columnize v2.1.2+incompatible 直接依赖 go
find-up 1.1.2 间接依赖 npm
resolve 1.22.0 间接依赖 npm
org.eclipse.jetty:jetty-util 11.0.18 间接依赖 maven
symfony/polyfill-php70 v1.12.0 间接依赖 composer
findup-sync 0.3.0 间接依赖 npm
mkdocs-material-extensions 1.3 间接依赖 pip
github.com/dokku/dokku/plugins/app-json v0.0.0-00010101000000-000000000000 直接依赖 go
safer-buffer 2.1.2 间接依赖 npm
mkdirp 1.0.4 间接依赖 npm
object.map 1.0.1 间接依赖 npm
abbrev 1.1.1 间接依赖 npm
gunicorn 21.2.0 间接依赖 pip
tmp 0.2.1 间接依赖 npm
arrify 2.0.1 间接依赖 npm
detect-file 1.0.0 直接依赖 npm
minimatch 3.0.8 间接依赖 npm
rechoir 0.7.1 间接依赖 npm
github.com/dokku/dokku/plugins/cron v0.0.0-00010101000000-000000000000 直接依赖 go
paragonie/random_compat v2.0.18 间接依赖 composer
github.com/otiai10/copy v1.14.0 直接依赖 go
array-differ 3.0.0 间接依赖 npm
python-dateutil 2.8.2 间接依赖 pip
beautifulsoup4 4.12.2 间接依赖 pip
object.pick 1.3.0 间接依赖 npm
glob 7.1.7 间接依赖 npm
symfony/polyfill-util v1.12.0 间接依赖 composer
make-iterator 1.0.1 间接依赖 npm
grunt-contrib-compass 1.1.1 直接依赖 npm
(0)
上一篇 2023年11月10日
下一篇 2023年11月10日

相关推荐

  • HariSekhon/DevOps-Python-tools 软件分析报告

    基础信息 项目名称:HariSekhon/DevOps-Python-tools 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718487358835916800/1718487358940774400 此报告…

    软件分析 2023年10月29日
    0
  • bitwarden/help 软件分析报告

    基础信息 项目名称:bitwarden/help 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716360634111229952/1716360634148978688 此报告由Murphysec提供 漏洞列…

    软件分析 2023年10月23日
    0
  • ColinEberhardt/VCTransitionsLibrary 软件分析报告

    基础信息 项目名称:ColinEberhardt/VCTransitionsLibrary 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716798594212298752/171679859481627852…

    软件分析 2023年10月24日
    0
  • howardyclo/pytorch-seq2seq-example 软件分析报告

    基础信息 项目名称:howardyclo/pytorch-seq2seq-example 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718666112408535040/1718666112446283776…

    软件分析 2023年10月30日
    0
  • esrrhs/fakescript 软件分析报告

    基础信息 项目名称:esrrhs/fakescript 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721169742055673856/1730249156189966336 此报告由Murphysec提供 …

    软件分析 2023年11月30日
    0