huaweicloud/spring-cloud-huawei 软件分析报告

基础信息

项目名称:huaweicloud/spring-cloud-huawei

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1721264735469993984/1728306746752978944

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
org.apache.dubbo:dubbo-common 存在空指针解引用漏洞 空指针取消引用 MPS-2022-11811 中危
snakeYAML 反序列化 MPS-2022-9425 CVE-2022-1471 高危
Hot Rod 安全漏洞 证书验证不恰当 MPS-b7oj-adm3 CVE-2023-4586 高危
Bouncy Castle 信任管理问题漏洞 证书验证不恰当 MPS-i6w7-d48e CVE-2023-33201 中危
Guava 创建拥有不安全权限的临时文件 MPS-mfku-xzh3 CVE-2023-2976 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
org.yaml:snakeyaml 1.32 2.0 直接依赖 建议修复
org.apache.dubbo:dubbo-common 2.7.22 3.0.14 间接依赖 可选修复
com.google.guava:guava 31.1-jre 32.0.0-jre 直接依赖 可选修复
org.bouncycastle:bcprov-jdk18on 1.73 1.74 间接依赖 可选修复
io.netty:netty-handler 4.1.100.Final 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
Apache-2.0 183
自定义许可证 8
MIT 6
EPL-2.0 6
EPL-1.0 2
LGPL-2.1 1
MPL-1.1 1
MIT-0 1
GPL-2.0-with-classpath-exception 1
BSD-2-Clause 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
io.prometheus:simpleclient_tracer_otel 0.16.0 间接依赖 maven
org.apache.servicecomb:config-clients-common 2.8.13 间接依赖 maven
com.google.j2objc:j2objc-annotations 1.3 间接依赖 maven
com.sun.activation:jakarta.activation 1.2.2 间接依赖 maven
com.fasterxml.jackson.core:jackson-core 2.15.3 间接依赖 maven
io.projectreactor:reactor-core 3.5.11 直接依赖 maven
org.slf4j:jul-to-slf4j 2.0.9 间接依赖 maven
com.google.guava:failureaccess 1.0.1 间接依赖 maven
org.springframework.boot:spring-boot-starter-web 3.1.5 直接依赖 maven
io.vertx:vertx-core 4.4.4 间接依赖 maven
org.springframework.cloud:spring-cloud-starter 4.0.4 间接依赖 maven
org.springframework.cloud:spring-cloud-starter-gateway 4.0.7 直接依赖 maven
com.netflix.archaius:archaius-core 0.7.7 间接依赖 maven
org.hibernate.validator:hibernate-validator 8.0.1.Final 间接依赖 maven
io.projectreactor.addons:reactor-extra 3.5.1 间接依赖 maven
io.github.resilience4j:resilience4j-timelimiter 1.7.0 间接依赖 maven
io.prometheus:simpleclient_tracer_common 0.16.0 间接依赖 maven
io.github.openfeign:feign-slf4j 12.4 间接依赖 maven
org.springframework:spring-jcl 6.0.13 间接依赖 maven
org.apache.logging.log4j:log4j-to-slf4j 2.20.0 间接依赖 maven
io.github.resilience4j:resilience4j-cache 1.7.0 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-nacos-webflux 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.springframework.boot:spring-boot-actuator-autoconfigure 3.1.5 间接依赖 maven
com.alibaba.nacos:nacos-auth-plugin 2.2.1 间接依赖 maven
jakarta.annotation:jakarta.annotation-api 2.1.1 间接依赖 maven
com.alibaba:hessian-lite 3.2.13 间接依赖 maven
org.apache.servicecomb:foundation-ssl 2.8.13 间接依赖 maven
io.github.resilience4j:resilience4j-bulkhead 1.7.0 间接依赖 maven
org.springframework.cloud:spring-cloud-openfeign-core 4.0.4 直接依赖 maven
io.netty:netty-transport-classes-epoll 4.1.100.Final 间接依赖 maven
io.prometheus:simpleclient 0.16.0 间接依赖 maven
org.springframework.cloud:spring-cloud-starter-openfeign 4.0.4 直接依赖 maven
org.apache.commons:commons-lang3 3.12.0 间接依赖 maven
io.netty:netty-resolver-dns-classes-macos 4.1.100.Final 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-service-engine-config 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-governance 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
com.huaweicloud:spring-cloud-huawei-mesh 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
io.github.resilience4j:resilience4j-retry 1.7.0 间接依赖 maven
org.springframework.boot:spring-boot-starter-validation 3.1.5 间接依赖 maven
com.huaweicloud:discovery-tests-common 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.springframework.boot:spring-boot-starter-logging 3.1.5 间接依赖 maven
org.springframework.cloud:spring-cloud-loadbalancer 4.0.4 直接依赖 maven
org.apache.dubbo:dubbo-serialization-api 2.7.22 间接依赖 maven
io.netty:netty-codec-http2 4.1.100.Final 间接依赖 maven
org.springframework:spring-expression 6.0.13 间接依赖 maven
io.netty:netty-resolver-dns 4.1.100.Final 间接依赖 maven
org.apache.servicecomb:foundation-common 2.8.13 直接依赖 maven
io.micrometer:micrometer-commons 1.11.5 间接依赖 maven
org.springframework.boot:spring-boot-configuration-processor 3.1.5 直接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-jasypt 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.springframework.security:spring-security-crypto 6.1.5 间接依赖 maven
io.netty:netty-tcnative-boringssl-static 2.0.61.Final 间接依赖 maven
org.slf4j:slf4j-api 2.0.9 直接依赖 maven
com.google.guava:listenablefuture 9999.0-empty-to-avoid-conflict-with-guava 间接依赖 maven
com.huaweicloud:spring-cloud-huawei-service-engine-config 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.springframework.cloud:spring-cloud-starter-bootstrap 4.0.4 直接依赖 maven
org.springframework.boot:spring-boot 3.1.5 间接依赖 maven
org.apache.dubbo:dubbo-common 2.7.22 间接依赖 maven
ch.qos.logback:logback-core 1.4.11 间接依赖 maven
ch.qos.logback:logback-classic 1.4.11 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-nacos-gateway 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.aspectj:aspectjweaver 1.9.20 直接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-router 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.springframework.boot:spring-boot-starter-aop 3.1.5 直接依赖 maven
jakarta.validation:jakarta.validation-api 3.0.2 间接依赖 maven
io.projectreactor.netty:reactor-netty-core 1.1.12 间接依赖 maven
com.fasterxml.jackson.datatype:jackson-datatype-jdk8 2.15.3 间接依赖 maven
org.apache.tomcat.embed:tomcat-embed-el 10.1.15 间接依赖 maven
org.springframework:spring-webflux 6.0.13 间接依赖 maven
jakarta.servlet:jakarta.servlet-api 6.0.0 直接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-service-engine-discovery 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
com.huaweicloud:spring-cloud-huawei-nacos 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
io.vavr:vavr 0.10.2 间接依赖 maven
com.google.code.findbugs:jsr305 3.0.1 间接依赖 maven
io.netty:netty-codec-socks 4.1.100.Final 间接依赖 maven
org.springframework.cloud:spring-cloud-commons 4.0.4 直接依赖 maven
org.latencyutils:LatencyUtils 2.0.3 间接依赖 maven
com.github.ulisesbocchio:jasypt-spring-boot 3.0.4 间接依赖 maven
com.google.errorprone:error_prone_annotations 2.11.0 间接依赖 maven
com.google.code.findbugs:jsr305 3.0.2 间接依赖 maven
io.github.resilience4j:resilience4j-circuitbreaker 1.7.0 间接依赖 maven
io.micrometer:micrometer-core 1.11.5 直接依赖 maven
com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-discovery 2022.0.0.0-RC2 直接依赖 maven
io.github.resilience4j:resilience4j-reactor 1.7.0 直接依赖 maven
commons-lang:commons-lang 2.6 间接依赖 maven
io.netty:netty-transport-native-unix-common 4.1.100.Final 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-mesh 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.15.3 间接依赖 maven
com.alibaba.spring:spring-context-support 1.0.11 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-service-engine-webflux 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.springframework.boot:spring-boot-starter 3.1.5 间接依赖 maven
com.huaweicloud:spring-cloud-huawei-router 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.apache.servicecomb:config-kie-client 2.8.13 直接依赖 maven
org.springframework.boot:spring-boot-starter-tomcat 3.1.5 间接依赖 maven
org.javassist:javassist 3.23.1-GA 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-service-engine-core 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
com.alibaba:fastjson 1.2.83 间接依赖 maven
com.huaweicloud:spring-cloud-huawei-service-engine-dashboard 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.reactivestreams:reactive-streams 1.0.4 间接依赖 maven
io.netty:netty-codec 4.1.100.Final 间接依赖 maven
com.huaweicloud:spring-cloud-huawei-common 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-hessian 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.springframework:spring-core 6.0.13 间接依赖 maven
commons-io:commons-io 2.7 间接依赖 maven
org.apache.servicecomb:foundation-spi 2.8.13 直接依赖 maven
org.jasypt:jasypt 1.9.3 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-service-engine-dashboard 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
com.huaweicloud:spring-cloud-huawei-swagger 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
io.swagger.core.v3:swagger-models-jakarta 2.2.9 间接依赖 maven
org.bouncycastle:bcutil-jdk18on 1.73 间接依赖 maven
org.apache.tomcat.embed:tomcat-embed-websocket 10.1.15 间接依赖 maven
org.springframework.boot:spring-boot-starter-actuator 3.1.5 直接依赖 maven
org.springframework.boot:spring-boot-autoconfigure 3.1.5 直接依赖 maven
org.springframework.boot:spring-boot-starter-reactor-netty 3.1.5 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-nacos 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.java-websocket:Java-WebSocket 1.5.0 间接依赖 maven
io.netty:netty-codec-dns 4.1.100.Final 间接依赖 maven
org.apache.httpcomponents:httpcore-nio 4.4.16 间接依赖 maven
org.apache.dubbo:dubbo-serialization-hessian2 2.7.22 直接依赖 maven
com.fasterxml.woodstox:woodstox-core 6.5.1 间接依赖 maven
org.yaml:snakeyaml 1.32 直接依赖 maven
io.github.resilience4j:resilience4j-micrometer 1.7.0 直接依赖 maven
org.aspectj:aspectjrt 1.9.20 直接依赖 maven
com.google.guava:guava 31.1-jre 直接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-mesh-gateway 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
io.netty:netty-transport-native-epoll 4.1.100.Final 间接依赖 maven
io.swagger.core.v3:swagger-annotations-jakarta 2.2.9 间接依赖 maven
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml 2.15.3 间接依赖 maven
org.apache.servicecomb:service-center-client 2.8.13 直接依赖 maven
io.netty:netty-handler-proxy 4.1.100.Final 间接依赖 maven
com.huaweicloud:spring-cloud-huawei-service-engine-common 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
io.netty:netty-tcnative-classes 2.0.61.Final 间接依赖 maven
org.springframework:spring-beans 6.0.13 间接依赖 maven
io.netty:netty-common 4.1.100.Final 间接依赖 maven
io.prometheus:simpleclient_tracer_otel_agent 0.16.0 间接依赖 maven
org.springframework:spring-context 6.0.13 间接依赖 maven
org.springframework.cloud:spring-cloud-context 4.0.4 直接依赖 maven
org.springdoc:springdoc-openapi-starter-common 2.1.0 间接依赖 maven
org.jboss.logging:jboss-logging 3.5.3.Final 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-swagger 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.15.3 间接依赖 maven
com.fasterxml.jackson.core:jackson-databind 2.15.3 直接依赖 maven
jakarta.ws.rs:jakarta.ws.rs-api 3.1.0 间接依赖 maven
io.swagger.core.v3:swagger-core-jakarta 2.2.9 间接依赖 maven
org.apache.tomcat.embed:tomcat-embed-core 10.1.15 间接依赖 maven
com.github.ulisesbocchio:jasypt-spring-boot-starter 3.0.4 直接依赖 maven
org.apache.httpcomponents.core5:httpcore5-h2 5.2.3 间接依赖 maven
org.assertj:assertj-core 3.24.2 直接依赖 maven
com.fasterxml.jackson.core:jackson-annotations 2.15.3 间接依赖 maven
io.netty:netty-buffer 4.1.100.Final 间接依赖 maven
commons-logging:commons-logging 1.2 间接依赖 maven
org.springframework.boot:spring-boot-actuator 3.1.5 间接依赖 maven
commons-codec:commons-codec 1.15 间接依赖 maven
org.springframework.cloud:spring-cloud-gateway-server 4.0.7 间接依赖 maven
org.springframework:spring-web 6.0.13 直接依赖 maven
io.github.resilience4j:resilience4j-ratelimiter 1.7.0 间接依赖 maven
org.bouncycastle:bcpkix-jdk18on 1.73 间接依赖 maven
commons-logging:commons-logging 1.1.1 间接依赖 maven
io.github.openfeign.form:feign-form-spring 3.8.0 间接依赖 maven
org.apache.servicecomb:config-center-client 2.8.13 直接依赖 maven
io.vavr:vavr-match 0.10.2 间接依赖 maven
org.springframework.boot:spring-boot-starter-webflux 3.1.5 直接依赖 maven
org.apache.servicecomb:dashboard-client 2.8.13 直接依赖 maven
io.netty:netty-codec-http 4.1.100.Final 间接依赖 maven
org.apache.httpcomponents:httpcore 4.4.16 间接依赖 maven
org.springframework:spring-webmvc 6.0.13 直接依赖 maven
org.hdrhistogram:HdrHistogram 2.1.12 间接依赖 maven
org.springdoc:springdoc-openapi-starter-webmvc-api 2.1.0 直接依赖 maven
io.netty:netty-resolver 4.1.100.Final 间接依赖 maven
io.projectreactor.netty:reactor-netty-http 1.1.12 间接依赖 maven
org.apache.logging.log4j:log4j-api 2.20.0 间接依赖 maven
org.codehaus.woodstox:stax2-api 4.2.1 间接依赖 maven
io.netty:netty-resolver-dns-native-macos 4.1.100.Final 间接依赖 maven
org.apache.servicecomb:http-client-common 2.8.13 直接依赖 maven
com.alibaba.nacos:nacos-encryption-plugin 2.2.1 间接依赖 maven
net.bytebuddy:byte-buddy 1.14.9 间接依赖 maven
org.checkerframework:checker-qual 3.12.0 间接依赖 maven
com.fasterxml:classmate 1.5.1 间接依赖 maven
io.netty:netty-handler 4.1.100.Final 间接依赖 maven
com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config 2022.0.0.0-RC2 直接依赖 maven
net.jcip:jcip-annotations 1.0 间接依赖 maven
javax.annotation:javax.annotation-api 1.3.2 间接依赖 maven
com.google.code.findbugs:annotations 3.0.1 直接依赖 maven
io.github.resilience4j:resilience4j-all 1.7.0 间接依赖 maven
com.fasterxml.jackson.module:jackson-module-parameter-names 2.15.3 间接依赖 maven
org.apache.httpcomponents:httpasyncclient 4.1.5 间接依赖 maven
org.bouncycastle:bcprov-jdk18on 1.73 间接依赖 maven
org.springframework.boot:spring-boot-starter-json 3.1.5 间接依赖 maven
io.github.openfeign:feign-hc5 12.3 直接依赖 maven
com.alibaba.cloud:spring-cloud-alibaba-commons 2022.0.0.0-RC2 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-service-engine 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
commons-fileupload:commons-fileupload 1.5 间接依赖 maven
com.huaweicloud:spring-cloud-huawei-service-engine-discovery 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
com.alibaba.nacos:nacos-client 2.2.1 间接依赖 maven
com.huaweicloud:spring-cloud-huawei-governance 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
io.netty:netty-transport 4.1.100.Final 间接依赖 maven
org.apache.httpcomponents.core5:httpcore5 5.2.3 间接依赖 maven
org.apache.httpcomponents.client5:httpclient5 5.2.1 直接依赖 maven
org.springframework:spring-aop 6.0.13 间接依赖 maven
com.huaweicloud:spring-cloud-starter-huawei-service-engine-gateway 1.12.0-2022.0.x-SNAPSHOT 直接依赖 maven
org.springframework.security:spring-security-rsa 1.0.12.RELEASE 间接依赖 maven
commons-configuration:commons-configuration 1.10 直接依赖 maven
io.github.openfeign.form:feign-form 3.8.0 间接依赖 maven
io.github.openfeign:feign-core 12.3 间接依赖 maven
org.apache.httpcomponents:httpclient 4.5.14 直接依赖 maven
org.apache.servicecomb:servicecomb-governance 2.8.13 直接依赖 maven
io.github.resilience4j:resilience4j-core 1.7.0 间接依赖 maven
javax.cache:cache-api 1.1.1 间接依赖 maven
io.micrometer:micrometer-observation 1.11.5 间接依赖 maven
(0)
上一篇 2023年11月25日
下一篇 2023年11月25日

相关推荐

  • dpzmick/neovim-hackernews 软件分析报告

    基础信息 项目名称:dpzmick/neovim-hackernews 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721146036478541824/1729298869124026368 此报告由Murp…

    软件分析 2023年11月28日
    0
  • keepassxreboot/keepassxc 软件分析报告

    基础信息 项目名称:keepassxreboot/keepassxc 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721333477764059136/1724404127554818048 此报告由Murph…

    软件分析 2023年11月14日
    0
  • AOMediaCodec/SVT-AV1 软件分析报告

    基础信息 项目名称:AOMediaCodec/SVT-AV1 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1720444176292024320/1720444176707260416 此报告由Murphysec…

    软件分析 2023年11月3日
    0
  • cube-ai/cubeai 软件分析报告

    基础信息 项目名称:cube-ai/cubeai 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721117308859973632/1727778184352980992 此报告由Murphysec提供 漏洞列…

    软件分析 2023年11月24日
    0
  • google/googleapps-password-generator 软件分析报告

    基础信息 项目名称:google/googleapps-password-generator 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721235826699927552/17263948772246405…

    软件分析 2023年11月20日
    0