基础信息
项目名称:fossology/fossology
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721207446986362880/1730961899480637440
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Bootstrap 跨站脚本漏洞 | XSS | MPS-2018-9640 | CVE-2018-14040 | 中危 |
| Bootstrap 跨站脚本漏洞 | XSS | MPS-2018-9642 | CVE-2018-14042 | 中危 |
| Slim psr7 安全漏洞 | 解释冲突 | MPS-2023-10989 | CVE-2023-30536 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| twbs/bootstrap | v4.1.0 | 4.1.2 | 间接依赖 | 建议修复 |
| slim/psr7 | 1.4.1 | 1.6.1 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 46 | 低 |
| GPLv2 | 2 | 中 |
| GPLv2+ | 1 | 中 |
| LGPLv2+ | 1 | 中 |
| Public Domain | 1 | 低 |
| BSD with advertising | 1 | 低 |
| LGPL-2.0 | 2 | 中 |
| LGPL-3.0 | 1 | 中 |
| BSD-3-Clause | 5 | 低 |
| Python-2.0 | 1 | 低 |
| Apache-2.0 | 2 | 低 |
| BSD-2-Clause | 1 | 低 |
| BSD-4-Clause | 2 | 低 |
| LGPL-2.1 | 1 | 中 |
| ISC | 1 | 低 |
| Zlib | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| psr/cache | 1.0.1 | 间接依赖 | composer |
| composer/spdx-licenses | 1.5.8 | 间接依赖 | composer |
| symfony/polyfill-php80 | v1.28.0 | 间接依赖 | composer |
| psr/http-client | 1.0.3 | 间接依赖 | composer |
| league/oauth2-client | 2.6.1 | 间接依赖 | composer |
| fig/http-message-util | 1.1.5 | 间接依赖 | composer |
| symfony/polyfill-mbstring | v1.28.0 | 间接依赖 | composer |
| symfony/service-contracts | v2.5.2 | 间接依赖 | composer |
| symfony/polyfill-php73 | v1.28.0 | 间接依赖 | composer |
| monolog/monolog | 2.8.0 | 间接依赖 | composer |
| symfony/polyfill-ctype | v1.28.0 | 间接依赖 | composer |
| symfony/var-exporter | v5.4.26 | 间接依赖 | composer |
| util-linux | 间接依赖 | ||
| lib-libxml | 间接依赖 | composer | |
| slim/psr7 | 1.4.1 | 间接依赖 | composer |
| phpoffice/phpword | 0.18.3 | 间接依赖 | composer |
| symfony/polyfill-intl-idn | v1.28.0 | 间接依赖 | composer |
| ezyang/htmlpurifier | v4.17.0 | 间接依赖 | composer |
| laminas/laminas-escaper | 2.9.0 | 间接依赖 | composer |
| cpython | 2.7.18 | 间接依赖 | |
| twbs/bootstrap | v4.1.0 | 间接依赖 | composer |
| psr/simple-cache | 1.0.1 | 间接依赖 | composer |
| guzzlehttp/psr7 | 2.6.1 | 间接依赖 | composer |
| nikic/fast-route | v1.3.0 | 间接依赖 | composer |
| symfony/config | v5.4.11 | 间接依赖 | composer |
| mscoree.dll | 间接依赖 | ||
| twig/twig | v3.4.3 | 间接依赖 | composer |
| phpoffice/phpspreadsheet | 1.19.0 | 间接依赖 | composer |
| symfony/polyfill-intl-normalizer | v1.28.0 | 间接依赖 | composer |
| easyrdf/easyrdf | 1.1.1 | 间接依赖 | composer |
| spdx-tools | 0.8.0a2 | 间接依赖 | pip |
| busybox | 间接依赖 | ||
| symfony/http-foundation | v5.4.13 | 间接依赖 | composer |
| psr/http-factory | 1.0.2 | 间接依赖 | composer |
| symfony/polyfill-php81 | v1.28.0 | 间接依赖 | composer |
| guzzlehttp/promises | 1.5.3 | 间接依赖 | composer |
| symfony/translation | v5.4.12 | 间接依赖 | composer |
| paragonie/random_compat | v9.99.100 | 间接依赖 | composer |
| symfony/deprecation-contracts | v2.5.2 | 间接依赖 | composer |
| symfony/yaml | v5.4.12 | 间接依赖 | composer |
| psr/container | 1.1.1 | 间接依赖 | composer |
| maennchen/zipstream-php | 2.1.0 | 间接依赖 | composer |
| symfony/polyfill-php72 | v1.28.0 | 间接依赖 | composer |
| psr/http-server-handler | 1.0.2 | 间接依赖 | composer |
| myclabs/php-enum | 1.8.4 | 间接依赖 | composer |
| symfony/filesystem | v5.4.25 | 间接依赖 | composer |
| symfony/dependency-injection | v5.4.13 | 间接依赖 | composer |
| guzzlehttp/guzzle | 7.5.0 | 间接依赖 | composer |
| openssl | 间接依赖 | ||
| symfony/mime | v5.4.13 | 间接依赖 | composer |
| slim/slim | 4.8.1 | 间接依赖 | composer |
| zlib | 间接依赖 | ||
| ralouphie/getallheaders | 3.0.3 | 间接依赖 | composer |
| /bin/requirements.txt | 间接依赖 | pip | |
| symfony/cache | v5.4.13 | 间接依赖 | composer |
| markbaker/matrix | 3.0.1 | 间接依赖 | composer |
| firebase/php-jwt | v6.3.0 | 间接依赖 | composer |
| psr/log | 1.1.4 | 间接依赖 | composer |
| markbaker/complex | 3.0.2 | 间接依赖 | composer |
| psr/http-server-middleware | 1.0.2 | 间接依赖 | composer |
| symfony/translation-contracts | v2.5.2 | 间接依赖 | composer |
| symfony/cache-contracts | v2.5.2 | 间接依赖 | composer |
| psr/http-message | 1.1 | 间接依赖 | composer |
| OpenDDS | 间接依赖 |