基础信息
项目名称:Kunzisoft/KeePassDX
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721351766200057856/1724549070780846080
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Bouncy Castle 信任管理问题漏洞 | 证书验证不恰当 | MPS-i6w7-d48e | CVE-2023-33201 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| org.bouncycastle:bcprov-jdk15on | 1.70 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 8 | 低 |
| CC0-1.0 | 1 | 低 |
| Apache 2.0 | 1 | 低 |
| 自定义许可证 | 7 | 低 |
| MIT | 9 | 低 |
| Apache-2.0 OR MIT | 1 | 低 |
| ISC | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| memoist | 0.16.2 | 间接依赖 | bundler |
| rubyzip | 2.3.2 | 间接依赖 | bundler |
| google-cloud-core | 1.6.0 | 间接依赖 | bundler |
| fastlane | 2.214.0 | 间接依赖 | bundler |
| unicode-display_width | 1.8.0 | 间接依赖 | bundler |
| androidx.media:media | 1.6.0 | 直接依赖 | maven |
| commander | 4.6.0 | 间接依赖 | bundler |
| webrick | 1.8.1 | 间接依赖 | bundler |
| argon2 | 20190702 | 间接依赖 | |
| aws-sdk-kms | 1.71.0 | 间接依赖 | bundler |
| faraday-em_http | 1.0.0 | 间接依赖 | bundler |
| aws-sdk-core | 3.180.0 | 间接依赖 | bundler |
| faraday-rack | 1.0.0 | 间接依赖 | bundler |
| androidx.fragment:fragment-ktx | 1.6.0 | 直接依赖 | maven |
| multi_json | 1.15.0 | 间接依赖 | bundler |
| digest-crc | 0.6.5 | 间接依赖 | bundler |
| json | 2.6.3 | 间接依赖 | bundler |
| com.splitwise:tokenautocomplete | 4.0.0-beta05 | 直接依赖 | maven |
| domain_name | 0.5.20190701 | 间接依赖 | bundler |
| xcpretty | 0.3.0 | 间接依赖 | bundler |
| xcpretty-travis-formatter | 1.0.1 | 间接依赖 | bundler |
| artifactory | 3.0.15 | 间接依赖 | bundler |
| google-apis-core | 0.11.1 | 间接依赖 | bundler |
| unf_ext | 0.0.8.2 | 间接依赖 | bundler |
| trailblazer-option | 0.1.2 | 间接依赖 | bundler |
| google-apis-iamcredentials_v1 | 0.17.0 | 间接依赖 | bundler |
| mini_magick | 4.12.0 | 间接依赖 | bundler |
| excon | 0.100.0 | 间接依赖 | bundler |
| googleauth | 1.7.0 | 间接依赖 | bundler |
| mini_mime | 1.1.2 | 间接依赖 | bundler |
| xcodeproj | 1.22.0 | 间接依赖 | bundler |
| ruby2_keywords | 0.0.5 | 间接依赖 | bundler |
| signet | 0.17.0 | 间接依赖 | bundler |
| faraday_middleware | 1.2.0 | 间接依赖 | bundler |
| commons-codec:commons-codec | 1.15 | 直接依赖 | maven |
| babosa | 1.0.4 | 间接依赖 | bundler |
| tty-screen | 0.8.1 | 间接依赖 | bundler |
| tty-spinner | 0.9.3 | 间接依赖 | bundler |
| multipart-post | 2.3.0 | 间接依赖 | bundler |
| uber | 0.1.0 | 间接依赖 | bundler |
| com.github.Kunzisoft:AndroidClearChroma | 2.6 | 直接依赖 | maven |
| org.bouncycastle:bcprov-jdk15on | 1.70 | 直接依赖 | maven |
| androidx.constraintlayout:constraintlayout | 2.1.4 | 直接依赖 | maven |
| CFPropertyList | 3.0.6 | 间接依赖 | bundler |
| emoji_regex | 3.2.3 | 间接依赖 | bundler |
| androidx.autofill:autofill | 1.1.0 | 直接依赖 | maven |
| tty-cursor | 0.7.1 | 间接依赖 | bundler |
| me.gosimple:nbvcxz | 1.5.0 | 直接依赖 | maven |
| atomos | 0.1.3 | 间接依赖 | bundler |
| rexml | 3.2.6 | 间接依赖 | bundler |
| google-cloud-errors | 1.3.1 | 间接依赖 | bundler |
| aws-partitions | 1.794.0 | 间接依赖 | bundler |
| aws-eventstream | 1.2.0 | 间接依赖 | bundler |
| retriable | 3.1.2 | 间接依赖 | bundler |
| naturally | 2.2.1 | 间接依赖 | bundler |
| declarative | 0.0.20 | 间接依赖 | bundler |
| dotenv | 2.8.1 | 间接依赖 | bundler |
| highline | 2.0.3 | 间接依赖 | bundler |
| colored | 1.2 | 间接依赖 | bundler |
| os | 1.1.4 | 间接依赖 | bundler |
| jmespath | 1.6.2 | 间接依赖 | bundler |
| google-apis-androidpublisher_v3 | 0.46.0 | 间接依赖 | bundler |
| androidx.viewpager2:viewpager2 | 1.1.0-beta02 | 直接依赖 | maven |
| terminal-notifier | 2.0.0 | 间接依赖 | bundler |
| joda-time:joda-time | 2.10.13 | 直接依赖 | maven |
| androidx.biometric:biometric | 1.1.0 | 直接依赖 | maven |
| representable | 3.2.0 | 间接依赖 | bundler |
| httpclient | 2.8.3 | 间接依赖 | bundler |
| google-apis-playcustomapp_v1 | 0.13.0 | 间接依赖 | bundler |
| colored2 | 3.1.2 | 间接依赖 | bundler |
| commons-io:commons-io | 2.8.0 | 直接依赖 | maven |
| faraday | 1.10.3 | 间接依赖 | bundler |
| google-cloud-env | 1.6.0 | 间接依赖 | bundler |
| faraday-patron | 1.0.0 | 间接依赖 | bundler |
| faraday-excon | 1.1.0 | 间接依赖 | bundler |
| androidx.preference:preference-ktx | 1.2.0 | 直接依赖 | maven |
| com.android.support:multidex | 1.0.3 | 直接依赖 | maven |
| faraday-net_http | 1.0.1 | 间接依赖 | bundler |
| word_wrap | 1.0.0 | 间接依赖 | bundler |
| fastimage | 2.2.7 | 间接依赖 | bundler |
| gh_inspector | 1.1.3 | 间接依赖 | bundler |
| optparse | 0.1.1 | 间接依赖 | bundler |
| claide | 1.1.0 | 间接依赖 | bundler |
| google-cloud-storage | 1.44.0 | 间接依赖 | bundler |
| rake | 13.0.6 | 间接依赖 | bundler |
| faraday-em_synchrony | 1.0.0 | 间接依赖 | bundler |
| rouge | 2.0.7 | 间接依赖 | bundler |
| faraday-multipart | 1.0.4 | 间接依赖 | bundler |
| openssl | 间接依赖 | ||
| faraday-net_http_persistent | 1.2.0 | 间接依赖 | bundler |
| com.getkeepsafe.taptargetview:taptargetview | 1.13.3 | 直接依赖 | maven |
| faraday-cookie_jar | 0.0.7 | 间接依赖 | bundler |
| androidx.documentfile:documentfile | 1.0.1 | 直接依赖 | maven |
| jwt | 2.7.1 | 间接依赖 | bundler |
| faraday-httpclient | 1.0.1 | 间接依赖 | bundler |
| terminal-table | 1.8.0 | 间接依赖 | bundler |
| public_suffix | 5.0.3 | 间接依赖 | bundler |
| addressable | 2.8.4 | 间接依赖 | bundler |
| http-cookie | 1.0.5 | 间接依赖 | bundler |
| faraday-retry | 1.0.3 | 间接依赖 | bundler |
| google-apis-storage_v1 | 0.19.0 | 间接依赖 | bundler |
| simctl | 1.6.10 | 间接依赖 | bundler |
| bundler | 间接依赖 | bundler | |
| aws-sigv4 | 1.6.0 | 间接依赖 | bundler |
| security | 0.1.3 | 间接依赖 | bundler |
| plist | 3.7.0 | 间接依赖 | bundler |
| aws-sdk-s3 | 1.132.0 | 间接依赖 | bundler |
| nanaimo | 0.3.0 | 间接依赖 | bundler |
| unf | 0.1.4 | 间接依赖 | bundler |
| androidx.cardview:cardview | 1.0.0 | 直接依赖 | maven |