基础信息
项目名称:intel/dffml
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721279597302861824/1723953830181163008
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| jQuery 跨站脚本漏洞 | XSS | MPS-2020-15461 | CVE-2020-11023 | 中危 |
| jQuery 跨站脚本漏洞 | XSS | MPS-2020-15462 | CVE-2020-11022 | 中危 |
| aiohttp 输入验证错误漏洞 | 跨站重定向 | MPS-2021-2345 | CVE-2021-21330 | 中危 |
| lxml 注入漏洞 | XSS | MPS-2021-36943 | CVE-2021-43818 | 高危 |
| aiohttp 存在对HTTP头部进行脚本语法转义处理不恰当漏洞 | 对HTTP头部进行脚本语法转义处理不恰当 | MPS-2022-14719 | 高危 | |
| jsbeautifier 存在ReDoS漏洞 | ReDoS | MPS-2022-14956 | 中危 | |
| aiohttp 安全漏洞 | MPS-2022-18255 | CVE-2022-33124 | 中危 | |
| lxml 和 libxml2 代码问题漏洞 | 空指针取消引用 | MPS-2022-46661 | CVE-2022-2309 | 高危 |
| aiohttp 环境问题漏洞 | HTTP请求走私 | MPS-ptqs-e23v | CVE-2023-37276 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| aiohttp | 3.7.3 | 3.8.5 | 间接依赖 | 建议修复 |
| lxml | 4.6.3 | 4.9.1 | 间接依赖 | 建议修复 |
| sphinx | 2.4.4 | 3.0.4 | 间接依赖 | 建议修复 |
| jsbeautifier | 1.14.0 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 8 | 低 |
| BSD-3-Clause | 2 | 低 |
| 自定义许可证 | 6 | 低 |
| Apache-2.0 | 1 | 低 |
| HPND | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| PCA | 间接依赖 | pip | |
| AutoSklearnModelContext | 间接依赖 | pip | |
| Node | 间接依赖 | pip | |
| Operation | 间接依赖 | pip | |
| find_packages | 间接依赖 | pip | |
| DirectorySourceConfig | 间接依赖 | pip | |
| dataclass | 间接依赖 | pip | |
| AsyncIterator | 间接依赖 | pip | |
| code_block_to_dict | 间接依赖 | pip | |
| ModelContext | 间接依赖 | pip | |
| DataFlow | 间接依赖 | pip | |
| MySQLDatabaseConfig | 间接依赖 | pip | |
| aiosqlite | 0.10.0 | 间接依赖 | pip |
| mkvenv | 间接依赖 | pip | |
| AsyncContextManagerList | 间接依赖 | pip | |
| patch | 间接依赖 | pip | |
| Type | 间接依赖 | pip | |
| Input | 间接依赖 | pip | |
| Sources | 间接依赖 | pip | |
| MemorySource | 间接依赖 | pip | |
| MagicMock | 间接依赖 | pip | |
| dffml | 间接依赖 | pip | |
| CMD | 间接依赖 | pip | |
| run_cargo_build | 间接依赖 | pip | |
| MySQLSourceConfig | 间接依赖 | pip | |
| ModelNotTrained | 间接依赖 | pip | |
| Any | 间接依赖 | pip | |
| BaseDataFlowObjectContext | 间接依赖 | pip | |
| pandas | 1.0 | 间接依赖 | pip |
| run_consoletest | 间接依赖 | pip | |
| chdir | 间接依赖 | pip | |
| ClientSession | 间接依赖 | pip | |
| config | 间接依赖 | pip | |
| Features | 间接依赖 | pip | |
| Definition | 间接依赖 | pip | |
| Callable | 间接依赖 | pip | |
| entrypoint | 间接依赖 | pip | |
| List | 间接依赖 | pip | |
| sphinx-tabs | 1.3.0 | 间接依赖 | pip |
| literalinclude_to_dict | 间接依赖 | pip | |
| PyYAML | 5.3.1 | 间接依赖 | pip |
| product | 间接依赖 | pip | |
| setup | 间接依赖 | pip | |
| sphinx | 2.4.4 | 间接依赖 | pip |
| Dependency | 间接依赖 | pip | |
| create_mapping | 间接依赖 | pip | |
| jsbeautifier | 1.14.0 | 间接依赖 | pip |
| save | 间接依赖 | pip | |
| Dict | 间接依赖 | pip | |
| parse_nodes | 间接依赖 | pip | |
| TruncatedSVD | 间接依赖 | pip | |
| DirectorySource | 间接依赖 | pip | |
| cached_download | 间接依赖 | pip | |
| SqliteDatabase | 间接依赖 | pip | |
| FileSourceTest | 间接依赖 | pip | |
| IDX1Source | 间接依赖 | pip | |
| black | 19.10b0 | 间接依赖 | pip |
| cached_download_unpack_archive | 间接依赖 | pip | |
| sklearn | 间接依赖 | pip | |
| op | 间接依赖 | pip | |
| AsyncTestCase | 间接依赖 | pip | |
| CMDOutputOverride | 间接依赖 | pip | |
| asynccontextmanager | 间接依赖 | pip | |
| lxml | 4.6.3 | 间接依赖 | pip |
| Tuple | 间接依赖 | pip | |
| mapping_extract_value | 间接依赖 | pip | |
| Optional | 间接依赖 | pip | |
| Union | 间接依赖 | pip | |
| BaseSource | 间接依赖 | pip | |
| concurrently | 间接依赖 | pip | |
| BaseConfigLoader | 间接依赖 | pip | |
| base_entry_point | 间接依赖 | pip | |
| aiohttp | 3.7.3 | 间接依赖 | pip |
| MemorySourceConfig | 间接依赖 | pip | |
| run_cargo_audit | 间接依赖 | pip | |
| DEFAULT_PROTOCOL_ALLOWLIST | 间接依赖 | pip | |
| SqliteDatabaseConfig | 间接依赖 | pip | |
| ClientTimeout | 间接依赖 | pip | |
| BaseConfigLoaderContext | 间接依赖 | pip | |
| chain | 间接依赖 | pip | |
| MySQLDatabase | 间接依赖 | pip | |
| field | 间接依赖 | pip | |
| load | 间接依赖 | pip | |
| Pillow | 8.3.1 | 间接依赖 | pip |
| Model | 间接依赖 | pip | |
| SubsetSources | 间接依赖 | pip | |
| SLRModel | 间接依赖 | pip | |
| AutoSklearnModel | 间接依赖 | pip | |
| DependencyExtra | 间接依赖 | pip | |
| Stage | 间接依赖 | pip | |
| our | 间接依赖 | pip | |
| mock_open | 间接依赖 | pip | |
| is_dataclass | 间接依赖 | pip | |
| MySQLSource | 间接依赖 | pip | |
| BaseSourceContext | 间接依赖 | pip | |
| BaseDataFlowObject | 间接依赖 | pip | |
| score | 间接依赖 | pip | |
| httptest | 0.0.15 | 间接依赖 | pip |
| predict | 间接依赖 | pip | |
| Feature | 间接依赖 | pip | |
| Record | 间接依赖 | pip | |
| ExitStack | 间接依赖 | pip | |
| train | 间接依赖 | pip | |
| IDX1SourceConfig | 间接依赖 | pip |