基础信息
项目名称:freenas/freenas
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721211215602061312/1726271159055900672
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Python 安全漏洞 | ReDoS | MPS-2022-57238 | CVE-2022-40897 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| setuptools | 39.2.0 | 65.5.1 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| 自定义许可证 | 14 | 低 |
| Apache-2.0 OR BSD-3-Clause | 1 | 低 |
| MIT | 8 | 低 |
| GPL-3.0-or-later | 1 | 低 |
| BSD-2-Clause | 1 | 低 |
| GPL-3.0 | 2 | 中 |
| Apache-2.0 | 2 | 低 |
| GPL-1.0-or-later | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| Int | 间接依赖 | pip | |
| ADUSERNAME | 间接依赖 | pip | |
| load_private_key | 间接依赖 | pip | |
| load_modules | 间接依赖 | pip | |
| ResolverError | 间接依赖 | pip | |
| CLONED_PREFIXES | 间接依赖 | pip | |
| pool | 间接依赖 | pip | |
| unprivileged_user | 间接依赖 | pip | |
| retrieve_train_names | 间接依赖 | pip | |
| CDROM | 间接依赖 | pip | |
| ip_address | 间接依赖 | pip | |
| serialization | 间接依赖 | pip | |
| UnexpectedFailure | 间接依赖 | pip | |
| ClientSession | 间接依赖 | pip | |
| defaultdict | 间接依赖 | pip | |
| __parse_to_dev | 间接依赖 | pip | |
| ApiKeySessionManagerCredentials | 间接依赖 | pip | |
| CallError | 间接依赖 | pip | |
| session | 间接依赖 | pip | |
| accepts | 间接依赖 | pip | |
| ELEMENT_DESC | 间接依赖 | pip | |
| ssh | 间接依赖 | pip | |
| cryptography | 间接依赖 | pip | |
| b64encode | 间接依赖 | pip | |
| their | 间接依赖 | pip | |
| snapshot | 间接依赖 | pip | |
| wait_on_job | 间接依赖 | pip | |
| interface | 间接依赖 | pip | |
| ClassVar | 间接依赖 | pip | |
| active_directory | 间接依赖 | pip | |
| create_engine | 间接依赖 | pip | |
| BatchOperations | 间接依赖 | pip | |
| ip_interface | 间接依赖 | pip | |
| Interface | 间接依赖 | pip | |
| AUDIT_EVENT_SMB_JSON_SCHEMAS | 间接依赖 | pip | |
| FTP | 间接依赖 | pip | |
| OROperator | 间接依赖 | pip | |
| smartctl | 间接依赖 | pip | |
| Event | 间接依赖 | pip | |
| dateutil | 间接依赖 | pip | |
| Str | 间接依赖 | pip | |
| Service | 间接依赖 | pip | |
| REDACTED_VALUE | 间接依赖 | pip | |
| Exact | 间接依赖 | pip | |
| NOT_PROVIDED | 间接依赖 | pip | |
| config | 间接依赖 | pip | |
| create_element | 间接依赖 | pip | |
| CTDBConfig | 间接依赖 | pip | |
| CLIENT_AUTH | 间接依赖 | pip | |
| List | 间接依赖 | pip | |
| crypto | 间接依赖 | pip | |
| iscsi_extent | 间接依赖 | pip | |
| ascii_letters | 间接依赖 | pip | |
| ServiceInterface | 间接依赖 | pip | |
| IPAddr | 间接依赖 | pip | |
| glfs | 间接依赖 | pip | |
| if_key_listed | 间接依赖 | pip | |
| SSL | 间接依赖 | pip | |
| password | 间接依赖 | pip | |
| iscsi_target | 间接依赖 | pip | |
| SMBPath | 间接依赖 | pip | |
| mock | 间接依赖 | pip | |
| another_pool | 间接依赖 | pip | |
| calculate_disk_space_for_netdata | 间接依赖 | pip | |
| item_method | 间接依赖 | pip | |
| normalize_san | 间接依赖 | pip | |
| Datetime | 间接依赖 | pip | |
| encrypt | 间接依赖 | pip | |
| ntstatus | 间接依赖 | pip | |
| start_daemon_thread | 间接依赖 | pip | |
| zvol_name_to_path | 间接依赖 | pip | |
| UPDATE_HEADERS | 间接依赖 | pip | |
| setuptools | 39.2.0 | 间接依赖 | pip |
| user | 间接依赖 | pip | |
| timedelta | 间接依赖 | pip | |
| getcwd | 间接依赖 | pip | |
| RE_VERSION_PATTERN | 间接依赖 | pip | |
| sqlalchemy | 间接依赖 | pip | |
| Optional | 间接依赖 | pip | |
| middlewared | 间接依赖 | pip | |
| Password | 间接依赖 | pip | |
| TrueNasNodeSessionManagerCredentials | 间接依赖 | pip | |
| PUT | 间接依赖 | pip | |
| ClientConnectError | 间接依赖 | pip | |
| FuseConfig | 间接依赖 | pip | |
| pyroute2 | 间接依赖 | pip | |
| setup | 间接依赖 | pip | |
| Cron | 间接依赖 | pip | |
| ip | 间接依赖 | pip | |
| job | 间接依赖 | pip | |
| quote_plus | 间接依赖 | pip | |
| SSH_TEST | 间接依赖 | pip | |
| override_nameservers | 间接依赖 | pip | |
| parse_current_smart_selftest | 间接依赖 | pip | |
| compare_trains | 间接依赖 | pip | |
| ClientResponseError | 间接依赖 | pip | |
| Client | 间接依赖 | pip | |
| returns | 间接依赖 | pip | |
| ValidationError | 间接依赖 | pip | |
| clock_xml | 间接依赖 | pip | |
| LoginPasswordSessionManagerCredentials | 间接依赖 | pip | |
| clone_repository | 间接依赖 | pip | |
| parse_smart_selftest_results | 间接依赖 | pip | |
| ellipsis | 间接依赖 | pip | |
| messages | 间接依赖 | pip | |
| lock | 间接依赖 | pip | |
| IdentifiableServiceInterface | 间接依赖 | pip | |
| path_location | 间接依赖 | pip | |
| normalize_value | 间接依赖 | pip | |
| ApiException | 间接依赖 | pip | |
| ACTIVE_STATES | 间接依赖 | pip | |
| hashes | 间接依赖 | pip | |
| client | 间接依赖 | pip | |
| set_thread_name | 间接依赖 | pip | |
| zvol_path_to_name | 间接依赖 | pip | |
| is_ha_connection | 间接依赖 | pip | |
| host | 间接依赖 | pip | |
| lifecycle_conf | 间接依赖 | pip | |
| ValidationErrors | 间接依赖 | pip | |
| URL | 间接依赖 | pip | |
| call | 间接依赖 | pip | |
| AddressFamily | 间接依赖 | pip | |
| aiohttp | 间接依赖 | pip | |
| b64decode | 间接依赖 | pip | |
| get_smartctl_args | 间接依赖 | pip | |
| dataset | 间接依赖 | pip | |
| get_metrics_approximation | 间接依赖 | pip | |
| another_pool_topologies | 间接依赖 | pip | |
| FTP_TLS | 间接依赖 | pip | |
| filterable | 间接依赖 | pip | |
| GET | 间接依赖 | pip | |
| GlusterVolname | 间接依赖 | pip | |
| DEFAULT_GLFS_OPTIONS | 间接依赖 | pip | |
| errors | 间接依赖 | pip | |
| mirror_topology | 间接依赖 | pip | |
| ADPASSWORD | 间接依赖 | pip | |
| normalize_docker_limits_header | 间接依赖 | pip | |
| periodic | 间接依赖 | pip | |
| AsyncMock | 间接依赖 | pip | |
| Match | 间接依赖 | pip | |
| websocket-client | 1.4.2 | 间接依赖 | pip |
| Operations | 间接依赖 | pip | |
| pool_name | 间接依赖 | pip | |
| safely_retrieve_dimension | 间接依赖 | pip | |
| ConfigService | 间接依赖 | pip | |
| private | 间接依赖 | pip | |
| Devices | 间接依赖 | pip | |
| glustercli | 间接依赖 | pip | |
| rsa | 间接依赖 | pip | |
| Any | 间接依赖 | pip | |
| namedtuple | 间接依赖 | pip | |
| normalize_reference | 间接依赖 | pip | |
| influxdb | 间接依赖 | pip | |
| ClientConnectionNotOpen | 间接依赖 | pip | |
| MASTER | 间接依赖 | pip | |
| NODE_NAME | 间接依赖 | pip | |
| patch | 间接依赖 | pip | |
| DISK | 间接依赖 | pip | |
| credential | 间接依赖 | pip | |
| CompareTrainsResult | 间接依赖 | pip | |
| AlertClass | 间接依赖 | pip | |
| ha | 间接依赖 | pip | |
| SMBCmd | 间接依赖 | pip | |
| CLUSTER_INFO | 间接依赖 | pip | |
| Alert | 间接依赖 | pip | |
| POST | 间接依赖 | pip | |
| Dict | 间接依赖 | pip | |
| Mock | 间接依赖 | pip | |
| urlencode | 间接依赖 | pip | |
| load_certificate_request | 间接依赖 | pip | |
| NTSTATUSError | 间接依赖 | pip | |
| DELETE | 间接依赖 | pip | |
| root_certificate_authority | 间接依赖 | pip | |
| digits | 间接依赖 | pip | |
| decode | 间接依赖 | pip | |
| load_certificate | 间接依赖 | pip | |
| pyvmomi | 7.0.3 | 间接依赖 | pip |
| State | 间接依赖 | pip | |
| auto_config | 间接依赖 | pip | |
| MAX_VOLNAME_LENGTH | 间接依赖 | pip | |
| pyudev | 间接依赖 | pip | |
| ContractType | 间接依赖 | pip | |
| get_remote_path | 间接依赖 | pip | |
| catalog_validation | 间接依赖 | pip | |
| load_classes | 间接依赖 | pip | |
| ProThreadedAlertService | 间接依赖 | pip | |
| AlertCategory | 间接依赖 | pip | |
| as_completed | 间接依赖 | pip | |
| CompoundService | 间接依赖 | pip | |
| decrypt | 间接依赖 | pip | |
| PIPE | 间接依赖 | pip | |
| Mode | 间接依赖 | pip | |
| AUDIT_EVENT_SMB_PARAM_SET | 间接依赖 | pip | |
| get_cert_params | 间接依赖 | pip | |
| date | 间接依赖 | pip | |
| run | 间接依赖 | pip | |
| Float | 间接依赖 | pip | |
| dsa | 间接依赖 | pip | |
| TNUserProp | 间接依赖 | pip | |
| CACHED_VERSION_FILE_NAME | 间接依赖 | pip | |
| bases | 间接依赖 | pip | |
| connect | 间接依赖 | pip | |
| group | 间接依赖 | pip | |
| ClientException | 间接依赖 | pip | |
| checkout_repository | 间接依赖 | pip | |
| encode | 间接依赖 | pip | |
| InstanceNotFound | 间接依赖 | pip | |
| generate_builder | 间接依赖 | pip | |
| CLUSTER_IPS | 间接依赖 | pip | |
| commandline_xml | 间接依赖 | pip | |
| Error | 间接依赖 | pip | |
| task | 间接依赖 | pip | |
| Pod | 间接依赖 | pip | |
| InterfaceAddress | 间接依赖 | pip | |
| find_packages | 间接依赖 | pip | |
| ThreadPoolExecutor | 间接依赖 | pip | |
| FSLocation | 间接依赖 | pip | |
| PortService | 间接依赖 | pip | |
| RequestMode | 间接依赖 | pip | |
| FIRST_INSTALL_SENTINEL | 间接依赖 | pip | |
| Features | 间接依赖 | pip | |
| clean_and_validate_arg | 间接依赖 | pip | |
| environ | 间接依赖 | pip | |
| run_on_runner | 间接依赖 | pip | |
| KUBECONFIG_FILE | 间接依赖 | pip | |
| ClientConnectionFailure | 间接依赖 | pip | |
| check_local_path | 间接依赖 | pip | |
| ec | 间接依赖 | pip | |
| retrieve_recommended_apps | 间接依赖 | pip | |
| Ref | 间接依赖 | pip | |
| Bool | 间接依赖 | pip | |
| CRUDService | 间接依赖 | pip | |
| __parse_to_mnt_id | 间接依赖 | pip | |
| Context | 间接依赖 | pip | |
| ELEMENT_TYPES | 间接依赖 | pip |