基础信息
项目名称:joni-jones/yii2-wschat
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721318989148749824/1730526560737251328
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| PHP 输入验证错误漏洞 | 跨站重定向 | MPS-2016-3552 | CVE-2016-5385 | 高危 |
| Yii Framework 跨站脚本漏洞 | XSS | MPS-2017-3257 | CVE-2017-7271 | 中危 |
| Yii Framework 跨站请求伪造漏洞 | CSRF | MPS-2018-0950 | CVE-2018-6009 | 高危 |
| Yii Framework 信息泄露漏洞 | XSS | MPS-2018-0951 | CVE-2018-6010 | 高危 |
| Sensio Labs Symfony 安全漏洞 | 访问控制不当 | MPS-2018-10832 | CVE-2018-14773 | 中危 |
| Yii SQL注入漏洞 | SQL注入 | MPS-2018-3472 | CVE-2018-7269 | 严重 |
| Sensio Labs Symfony HttpFoundation组件安全漏洞 | 不充分的会话过期机制 | MPS-2018-7896 | CVE-2018-11386 | 中危 |
| Yii 安全漏洞 | 源验证错误 | MPS-2019-1104 | CVE-2018-20745 | 中危 |
| yiisoft/yii2 | 反序列化 | MPS-2020-12991 | CVE-2020-15148 | 严重 |
| yii2 安全特征问题漏洞 | 使用不充分的随机数 | MPS-2021-16549 | CVE-2021-3689 | 高危 |
| yii2 安全特征问题漏洞 | 使用不充分的随机数 | MPS-2021-16552 | CVE-2021-3692 | 中危 |
| Yii SQL注入漏洞 | SQL注入 | MPS-2023-5918 | CVE-2023-26750 | 严重 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| yiisoft/yii2 | 2.0.6 | 2.0.47 | 间接依赖 | 强烈建议修复 |
| symfony/http-foundation | v3.0.2 | 3.3.18 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 13 | 低 |
| LGPL-2.0 | 1 | 中 |
| BSD-3-Clause | 4 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| react/socket | v0.4.2 | 间接依赖 | composer |
| symfony/http-foundation | v3.0.2 | 间接依赖 | composer |
| ezyang/htmlpurifier | v4.6.0 | 间接依赖 | composer |
| guzzle/parser | v3.9.2 | 间接依赖 | composer |
| lib-pcre | 间接依赖 | composer | |
| guzzle/stream | v3.9.2 | 间接依赖 | composer |
| bower-asset/js-cookie | v2.1.0 | 间接依赖 | composer |
| react/event-loop | v0.4.1 | 间接依赖 | composer |
| bower-asset/pnotify | 2.0.1 | 间接依赖 | composer |
| yiisoft/yii2 | 2.0.6 | 间接依赖 | composer |
| bower-asset/yii2-pjax | v2.0.5 | 间接依赖 | composer |
| symfony/event-dispatcher | v3.0.2 | 间接依赖 | composer |
| evenement/evenement | v2.0.0 | 间接依赖 | composer |
| guzzle/common | v3.9.2 | 间接依赖 | composer |
| bower-asset/bootstrap | v3.3.5 | 间接依赖 | composer |
| bower-asset/punycode | v1.3.2 | 间接依赖 | composer |
| bower-asset/jquery.inputmask | 3.1.63 | 间接依赖 | composer |
| yiisoft/yii2-bootstrap | 2.0.5 | 间接依赖 | composer |
| react/stream | v0.4.3 | 间接依赖 | composer |
| bower-asset/backbone | 1.2.3 | 间接依赖 | composer |
| guzzle/http | v3.9.2 | 间接依赖 | composer |
| yiisoft/yii2-mongodb | 2.0.4 | 间接依赖 | composer |
| bower-asset/underscore | 1.8.3 | 间接依赖 | composer |
| cebe/markdown | 1.1.0 | 间接依赖 | composer |
| bower-asset/fontawesome | v4.5.0 | 间接依赖 | composer |
| symfony/routing | v3.0.2 | 间接依赖 | composer |
| bower-asset/jquery | 2.1.4 | 间接依赖 | composer |
| yiisoft/yii2-composer | 2.0.4 | 间接依赖 | composer |
| cboden/ratchet | v0.3.4 | 间接依赖 | composer |
| composer-plugin-api | 间接依赖 | composer |