基础信息
项目名称:doubleleft/hook
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721144462817624064/1729295181188390912
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Composer 安全漏洞 | 对数据真实性的验证不充分 | MPS-2015-9246 | CVE-2015-8371 | 高危 |
| 多款Zend产品本地提权漏洞 | 权限、特权和访问控制 | MPS-2016-2723 | CVE-2015-5723 | 高危 |
| PHP 输入验证错误漏洞 | 跨站重定向 | MPS-2016-3552 | CVE-2016-5385 | 高危 |
| Swift Mailer mail transport 安全漏洞 | 命令注入 | MPS-2016-6443 | CVE-2016-10074 | 严重 |
| composer 命令注入漏洞 | 命令注入 | MPS-2021-31885 | CVE-2021-41116 | 严重 |
| composer 参数注入漏洞 | 代码注入 | MPS-2021-5227 | CVE-2021-29472 | 高危 |
| Guzzle 信息泄露漏洞 | 敏感数据的不恰当跨边界移除 | MPS-2022-11072 | CVE-2022-31042 | 高危 |
| Guzzle 信息泄露漏洞 | 敏感数据的不恰当跨边界移除 | MPS-2022-11073 | CVE-2022-31043 | 高危 |
| Guzzle 信息泄露漏洞 | 敏感数据的不恰当跨边界移除 | MPS-2022-11120 | CVE-2022-31090 | 高危 |
| Guzzle 信息泄露漏洞 | 未授权敏感信息泄露 | MPS-2022-11121 | CVE-2022-31091 | 高危 |
| illuminate/database 存在动态确定对象属性修改的控制不恰当漏洞 | 动态确定对象属性修改的控制不恰当 | MPS-2022-14276 | 中危 | |
| illuminate/database 存在SQL注入漏洞 | SQL注入 | MPS-2022-14277 | 高危 | |
| illuminate/database 验证错误漏洞 | 对数据真实性的验证不充分 | MPS-2022-14278 | 高危 | |
| swiftmailer/swiftmailer 存在命令注入漏洞 | 命令注入 | MPS-2022-14518 | 高危 | |
| illuminate/encryption 存在敏感数据加密缺失漏洞 | 敏感信息泄露 | MPS-2022-15774 | 低危 | |
| composer 参数注入漏洞 | 参数注入或修改 | MPS-2022-3795 | CVE-2022-24828 | 高危 |
| Guzzle信息泄露漏洞 | 在信任Cookie未进行验证与完整性检查 | MPS-2022-8649 | CVE-2022-29248 | 高危 |
| composer 注入漏洞 | 注入 | MPS-n0vt-o8bf | CVE-2023-43655 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| swiftmailer/swiftmailer | v5.0.3 | 5.4.5 | 间接依赖 | 强烈建议修复 |
| doctrine/annotations | v1.2.6 | 1.2.7 | 间接依赖 | 建议修复 |
| illuminate/database | v5.1.6 | 6.20.26 | 间接依赖 | 建议修复 |
| guzzlehttp/guzzle | 4.2.3 | 6.5.8 | 间接依赖 | 建议修复 |
| doctrine/common | v2.5.0 | 2.5.1 | 间接依赖 | 建议修复 |
| doctrine/cache | v1.4.1 | 1.4.2 | 间接依赖 | 建议修复 |
| composer/composer | 1.0.0-alpha10 | 1.10.27 | 间接依赖 | 建议修复 |
| illuminate/encryption | v5.1.6 | 5.5.40 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 1 | 低 |
| MIT | 33 | 低 |
| LGPL-2.0 | 3 | 中 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| endel/Slim | dev-master | 间接依赖 | composer |
| justinrainbow/json-schema | 1.4.4 | 间接依赖 | composer |
| doctrine/inflector | v1.0.1 | 间接依赖 | composer |
| evenement/evenement | v2.0.0 | 间接依赖 | composer |
| illuminate/cache | v5.1.6 | 间接依赖 | composer |
| illuminate/database | v5.1.6 | 间接依赖 | composer |
| composer/composer | 1.0.0-alpha10 | 间接依赖 | composer |
| symfony/console | v2.7.2 | 间接依赖 | composer |
| zordius/lightncandy | v0.21 | 间接依赖 | composer |
| symfony/finder | v2.7.2 | 间接依赖 | composer |
| illuminate/filesystem | v5.1.6 | 间接依赖 | composer |
| illuminate/config | v5.1.6 | 间接依赖 | composer |
| symfony/process | v2.7.2 | 间接依赖 | composer |
| react/socket | v0.4.2 | 间接依赖 | composer |
| doctrine/collections | v1.3.0 | 间接依赖 | composer |
| cboden/Ratchet | 0.3.* | 间接依赖 | composer |
| illuminate/support | v5.1.6 | 间接依赖 | composer |
| seld/jsonlint | 1.3.1 | 间接依赖 | composer |
| illuminate/events | v5.1.6 | 间接依赖 | composer |
| danielstjules/stringy | 1.9.0 | 间接依赖 | composer |
| guzzlehttp/guzzle | 4.2.3 | 间接依赖 | composer |
| illuminate/contracts | v5.1.1 | 间接依赖 | composer |
| doctrine/lexer | v1.0.1 | 间接依赖 | composer |
| lib-pcre | 间接依赖 | composer | |
| doctrine/dbal | v2.5.1 | 间接依赖 | composer |
| doctrine/annotations | v1.2.6 | 间接依赖 | composer |
| patchwork/utf8 | v1.2.3 | 间接依赖 | composer |
| swiftmailer/swiftmailer | v5.0.3 | 间接依赖 | composer |
| nesbot/carbon | 1.20.0 | 间接依赖 | composer |
| doctrine/common | v2.5.0 | 间接依赖 | composer |
| react/stream | v0.4.2 | 间接依赖 | composer |
| doctrine/cache | v1.4.1 | 间接依赖 | composer |
| illuminate/encryption | v5.1.6 | 间接依赖 | composer |
| illuminate/container | v5.1.6 | 间接依赖 | composer |
| react/event-loop | v0.4.1 | 间接依赖 | composer |
| guzzlehttp/streams | 2.1.0 | 间接依赖 | composer |
| symfony/translation | v2.7.2 | 间接依赖 | composer |