gephi/gephi 软件分析报告

基础信息

项目名称:gephi/gephi

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1721219912105459712/1731851914236088320

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
Apache NetBeans 信任管理问题漏洞 证书验证不恰当 MPS-2020-4727 CVE-2019-17560 严重
Apache NetBeans 输入验证错误漏洞 密码学签名的验证不恰当 MPS-2020-4728 CVE-2019-17561 高危
Apache Commons IO 存在路径遍历漏洞 路径遍历 MPS-2021-4531 CVE-2021-29425 中危
protobuf-java 存在输入验证不当漏洞 拒绝服务 MPS-2022-56472 CVE-2022-3171 中危
IBM WebSphere Application Server Liberty 存在拒绝服务漏洞 对因果或异常条件的不恰当检查 MPS-2022-59813 CVE-2022-3509 中危
Google protobuf 安全漏洞 MPS-2022-59814 CVE-2022-3510 高危
Apache XML Graphics Batik SSRF MPS-2022-63578 CVE-2022-44729 中危
Apache XML Graphics Batik 代码问题漏洞 SSRF MPS-2022-63579 CVE-2022-44730 中危
Oracle MySQL Server存在未明漏洞 MPS-2022-68556 CVE-2023-21971 中危
Oracle MySQL 安全漏洞 MPS-2022-68687 CVE-2023-22102 高危
Apache Commons Compress 资源管理错误漏洞 拒绝服务 MPS-9azi-sfqp CVE-2023-42503 中危
SQLite JDBC 远程代码执行漏洞 代码注入 MPS-zprx-hdwf CVE-2023-32697 高危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
org.apache.xmlgraphics:batik-transcoder 1.16 1.17 直接依赖 强烈建议修复
org.apache.xmlgraphics:batik-bridge 1.16 1.17 间接依赖 强烈建议修复
com.mysql:mysql-connector-j 8.0.31 8.2.0 直接依赖 建议修复
org.xerial:sqlite-jdbc 3.36.0.3 3.41.2.2 直接依赖 建议修复
org.netbeans.api:org-netbeans-modules-autoupdate-services RELEASE160 release113 直接依赖 建议修复
com.google.protobuf:protobuf-java 3.19.4 3.19.6 间接依赖 可选修复
commons-io:commons-io 2.6 2.7 间接依赖 可选修复
org.apache.commons:commons-compress 1.22 1.24.0 直接依赖 可选修复
org.apache.xmlgraphics:batik-script 1.16 1.17 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
CDDL-1.0 64
Apache-2.0 134
BSD-3-Clause 7
BSD-2-Clause 3
GPL-3.0 3
EPL-1.0 1
MIT 3
LGPL-2.1 1
自定义许可证 11

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
org.gephi:import-plugin-ui 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:desktop-datalab 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-modules-janitor RELEASE160 间接依赖 maven
org.netbeans.api:org-openide-util-lookup RELEASE160 直接依赖 maven
org.netbeans.api:org-netbeans-modules-autoupdate-ui RELEASE160 间接依赖 maven
org.netbeans.modules:org-netbeans-modules-progress-ui RELEASE160 间接依赖 maven
org.netbeans.modules:org-netbeans-modules-keyring-fallback RELEASE160 间接依赖 maven
org.netbeans.api:org-netbeans-modules-sendopts RELEASE160 直接依赖 maven
org.gephi:filters-plugin-ui 0.10.2-SNAPSHOT 直接依赖 maven
org.apache.xmlgraphics:batik-script 1.16 间接依赖 maven
org.netbeans.api:org-netbeans-modules-settings RELEASE160 直接依赖 maven
org.apache.poi:poi 5.2.3 间接依赖 maven
org.apache.xmlgraphics:batik-constants 1.16 间接依赖 maven
org.gephi:welcome-screen 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-netbeans-api-io RELEASE160 间接依赖 maven
org.gephi:db-drivers 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-netbeans-lib-uihandler RELEASE160 间接依赖 maven
org.gephi:timeline-api 0.10.2-SNAPSHOT 直接依赖 maven
@rpath/libswiftCore.dylib 间接依赖
org.netbeans.modules:org-openide-util-ui-svg RELEASE160 间接依赖 maven
org.apache.xmlgraphics:batik-xml 1.16 间接依赖 maven
org.jogamp.jogl:jogl-all 2.4.0 直接依赖 maven
com.mastfrog:simplevalidation-swing 1.14.1 直接依赖 maven
org.gephi:desktop-branding 0.10.2-SNAPSHOT 直接依赖 maven
xml-apis:xml-apis-ext 1.3.04 间接依赖 maven
joda-time:joda-time 2.12.2 间接依赖 maven
org.apache.xmlgraphics:batik-dom 1.16 间接依赖 maven
org.netbeans.api:org-netbeans-modules-editor-mimelookup RELEASE160 间接依赖 maven
org.gephi:graph-api 0.10.2-SNAPSHOT 直接依赖 maven
KERNEL32.dll 间接依赖
org.gephi:desktop-filters 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-openide-execution-compat8 RELEASE160 间接依赖 maven
org.gephi:layout-plugin 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-openide-util-ui RELEASE160 直接依赖 maven
org.netbeans.api:org-openide-actions RELEASE160 间接依赖 maven
org.netbeans.modules:org-netbeans-modules-autoupdate-cli RELEASE160 间接依赖 maven
colt:colt 1.2.0 间接依赖 maven
org.netbeans.api:org-openide-explorer RELEASE160 直接依赖 maven
org.apache.xmlgraphics:xmlgraphics-commons 2.7 间接依赖 maven
com.connectina.swing:fontchooser 1.0 直接依赖 maven
commons-io:commons-io 2.11.0 间接依赖 maven
org.netbeans.api:org-netbeans-api-templates RELEASE160 间接依赖 maven
org.gephi:desktop-context 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-swing-laf-dark RELEASE160 间接依赖 maven
org.apache.commons:commons-lang3 3.12.0 间接依赖 maven
org.gephi:algorithms-plugin 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:desktop-icons 0.10.2-SNAPSHOT 直接依赖 maven
nl.cloudfarming.client:lib-platform-l10n 1.1-NB80 直接依赖 maven
org.netbeans.api:org-openide-filesystems-compat8 RELEASE160 间接依赖 maven
org.gephi:desktop-statistics 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:filters-plugin 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-netbeans-libs-batik-read RELEASE160 间接依赖 maven
org.gephi:io-generator-api 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-modules-masterfs-nio2 RELEASE160 间接依赖 maven
@rpath/libswiftFoundation.dylib 间接依赖
org.gephi:generator-plugin-ui 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:ui-library-wrapper 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:tools-plugin 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:core-library-wrapper 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:statistics-plugin 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:filters-impl 0.10.2-SNAPSHOT 直接依赖 maven
org.checkerframework:checker-qual 3.5.0 间接依赖 maven
org.apache.xmlgraphics:batik-transcoder 1.16 直接依赖 maven
org.gephi:desktop-window 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:project-api 0.10.2-SNAPSHOT 直接依赖 maven
org.apache.commons:commons-collections4 4.4 间接依赖 maven
org.netbeans.api:org-netbeans-swing-plaf RELEASE160 间接依赖 maven
org.netbeans.modules:org-netbeans-modules-masterfs-linux RELEASE160 间接依赖 maven
org.gephi:tools-api 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-modules-options-keymap RELEASE160 间接依赖 maven
org.apache.xmlgraphics:batik-anim 1.16 间接依赖 maven
org.gephi:perspective-api 0.10.2-SNAPSHOT 直接依赖 maven
com.zaxxer:SparseBitSet 1.2 间接依赖 maven
org.apache.commons:commons-math3 3.6.1 直接依赖 maven
org.gephi:io-exporter-plugin 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:datalab-plugin 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-netbeans-core-multitabs RELEASE160 间接依赖 maven
org.gephi:desktop-generate 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:statistics-api 0.10.2-SNAPSHOT 直接依赖 maven
net.sf.trove4j:trove4j 3.0.3 直接依赖 maven
org.ow2.asm:asm 9.3 间接依赖 maven
org.netbeans.api:org-netbeans-core-multiview RELEASE160 间接依赖 maven
org.ow2.asm:asm-tree 9.3 间接依赖 maven
org.jogamp.gluegen:gluegen-rt 2.4.0 直接依赖 maven
org.apache.xmlgraphics:batik-svg-dom 1.16 间接依赖 maven
net.java.dev:stax-utils snapshot-20100402 直接依赖 maven
com.github.insubstantial:flamingo 7.3 直接依赖 maven
org.apache.xmlgraphics:batik-parser 1.16 间接依赖 maven
org.gephi:export-plugin-ui 0.10.2-SNAPSHOT 直接依赖 maven
com.formdev:flatlaf 2.6 间接依赖 maven
org.netbeans.api:org-openide-filesystems-nb RELEASE160 间接依赖 maven
org.netbeans.external:org-apache-commons-codec RELEASE160 间接依赖 maven
org.gephi:layout-api 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-core RELEASE160 间接依赖 maven
org.gephi:ui-components 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-netbeans-libs-jna RELEASE160 间接依赖 maven
org.gephi:io-generator-plugin 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-modules-masterfs-macosx RELEASE160 间接依赖 maven
org.gephi:preview-export-ui 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-netbeans-api-progress RELEASE160 直接依赖 maven
org.apache.xmlgraphics:batik-css 1.16 间接依赖 maven
org.codehaus.woodstox:stax2-api 4.2.1 间接依赖 maven
org.netbeans.modules:org-netbeans-core-windows RELEASE160 间接依赖 maven
org.apache.xmlgraphics:batik-gvt 1.16 间接依赖 maven
org.netbeans.modules:org-netbeans-libs-felix RELEASE160 间接依赖 maven
org.gephi:io-exporter-api 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-netbeans-libs-jna-platform RELEASE160 间接依赖 maven
com.google.protobuf:protobuf-java 3.19.4 间接依赖 maven
org.gephi:visualization-api 0.10.2-SNAPSHOT 直接依赖 maven
com.mysql:mysql-connector-j 8.0.31 直接依赖 maven
org.netbeans.api:org-openide-modules RELEASE160 直接依赖 maven
org.apache.xmlgraphics:batik-util 1.16 间接依赖 maven
org.netbeans.api:org-netbeans-api-intent RELEASE160 间接依赖 maven
/usr/lib/libSystem.B.dylib 间接依赖
org.netbeans.api:org-openide-text RELEASE160 间接依赖 maven
org.gephi:io-importer-api 0.10.2-SNAPSHOT 直接依赖 maven
io.sentry:sentry 5.7.3 直接依赖 maven
com.fasterxml.woodstox:woodstox-core 6.4.0 直接依赖 maven
org.gephi:statistics-plugin-ui 0.10.2-SNAPSHOT 直接依赖 maven
org.apache.pdfbox:pdfbox 2.0.27 直接依赖 maven
org.netbeans.api:org-netbeans-modules-sampler RELEASE160 间接依赖 maven
org.gephi:batik-wrapper 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-swing-laf-flatlaf RELEASE160 间接依赖 maven
org.swinglabs.swingx:swingx-all 1.6.5-1 直接依赖 maven
org.gephi:io-importer-plugin 0.10.2-SNAPSHOT 直接依赖 maven
org.apache.xmlgraphics:batik-bridge 1.16 间接依赖 maven
org.apache.poi:poi-ooxml-lite 5.2.3 间接依赖 maven
org.gephi:mostrecentfiles-api 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:desktop-preview 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-openide-loaders RELEASE160 间接依赖 maven
org.netbeans.modules:org-netbeans-core-ui RELEASE160 间接依赖 maven
org.gephi:desktop-tools 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-core-startup-base RELEASE160 间接依赖 maven
net.java.dev:timingframework 1.1 直接依赖 maven
it.unimi.dsi:fastutil 8.5.11 间接依赖 maven
org.netbeans.api:org-netbeans-modules-queries RELEASE160 间接依赖 maven
org.netbeans.api:org-netbeans-api-progress-compat8 RELEASE160 间接依赖 maven
org.ow2.asm:asm-analysis 9.3 间接依赖 maven
org.netbeans.modules:org-netbeans-modules-templates RELEASE160 间接依赖 maven
com.google.code.gson:gson 2.10 直接依赖 maven
org.netbeans.api:org-netbeans-modules-uihandler RELEASE160 间接依赖 maven
org.netbeans.api:org-netbeans-modules-options-api RELEASE160 直接依赖 maven
org.netbeans.modules:org-netbeans-core-network RELEASE160 间接依赖 maven
org.jdesktop:beansbinding 1.2.1 直接依赖 maven
org.netbeans.api:org-netbeans-libs-osgi RELEASE160 间接依赖 maven
/usr/lib/libobjc.A.dylib 间接依赖
org.gephi:desktop-appearance 0.10.2-SNAPSHOT 直接依赖 maven
commons-codec:commons-codec 1.15 直接依赖 maven
antlr:antlr 2.7.7 间接依赖 maven
org.apache.xmlgraphics:batik-shared-resources 1.16 间接依赖 maven
org.netbeans.api:org-openide-util RELEASE160 直接依赖 maven
com.microsoft.sqlserver:mssql-jdbc 11.2.1.jre11 直接依赖 maven
org.netbeans.api:org-netbeans-swing-tabcontrol RELEASE160 直接依赖 maven
com.github.insubstantial:trident 7.3 间接依赖 maven
org.gephi:appearance-plugin 0.10.2-SNAPSHOT 直接依赖 maven
org.apache.xmlgraphics:batik-ext 1.16 间接依赖 maven
com.github.virtuald:curvesapi 1.07 间接依赖 maven
org.gephi:preview-plugin 0.10.2-SNAPSHOT 直接依赖 maven
com.miglayout:miglayout 3.7.4 直接依赖 maven
org.postgresql:postgresql 42.4.3 直接依赖 maven
org.gephi:settings-upgrader 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-modules-core-kit RELEASE160 间接依赖 maven
concurrent:concurrent 1.3.4 间接依赖 maven
org.apache.pdfbox:fontbox 2.0.27 间接依赖 maven
org.gephi:desktop-import 0.10.2-SNAPSHOT 直接依赖 maven
org.jfree:jcommon 1.0.23 间接依赖 maven
org.apache.logging.log4j:log4j-api 2.18.0 间接依赖 maven
org.netbeans.cluster:platform RELEASE160 直接依赖 maven
org.gephi:desktop-layout 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-netbeans-swing-outline RELEASE160 直接依赖 maven
org.netbeans.api:org-netbeans-modules-autoupdate-services RELEASE160 直接依赖 maven
org.netbeans.external:org-apache-commons-logging RELEASE160 间接依赖 maven
org.apache.xmlgraphics:batik-svggen 1.16 间接依赖 maven
org.apache.poi:poi-ooxml 5.2.3 直接依赖 maven
org.gephi:graphstore 0.6.14 直接依赖 maven
org.netbeans.api:org-netbeans-libs-flatlaf RELEASE160 直接依赖 maven
org.netbeans.api:org-openide-execution RELEASE160 间接依赖 maven
org.gephi:filters-api 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-modules-masterfs RELEASE160 间接依赖 maven
org.netbeans.api:org-openide-windows RELEASE160 直接依赖 maven
org.netbeans.api:org-netbeans-modules-print RELEASE160 间接依赖 maven
org.xerial:sqlite-jdbc 3.36.0.3 直接依赖 maven
org.netbeans.modules:org-netbeans-core-nativeaccess RELEASE160 间接依赖 maven
org.jfree:jfreechart 1.0.19 直接依赖 maven
org.netbeans.api:org-netbeans-libs-asm RELEASE160 间接依赖 maven
org.netbeans.api:org-netbeans-modules-masterfs-ui RELEASE160 间接依赖 maven
org.apache.commons:commons-compress 1.22 直接依赖 maven
org.netbeans.html:generic 1.8.1 间接依赖 maven
org.netbeans.api:org-netbeans-spi-quicksearch RELEASE160 间接依赖 maven
org.gephi:desktop-timeline 0.10.2-SNAPSHOT 直接依赖 maven
commons-io:commons-io 2.6 间接依赖 maven
org.netbeans.modules:org-netbeans-bootstrap RELEASE160 间接依赖 maven
org.gephi:desktop-search 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:desktop-project 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:datalab-api 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:appearance-plugin-ui 0.10.2-SNAPSHOT 直接依赖 maven
/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 间接依赖
org.netbeans.external:updater RELEASE160 间接依赖 maven
org.netbeans.api:org-netbeans-api-scripting RELEASE160 间接依赖 maven
org.gephi:io-exporter-preview 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.modules:org-netbeans-modules-masterfs-windows RELEASE160 间接依赖 maven
org.netbeans.api:org-netbeans-modules-keyring RELEASE160 间接依赖 maven
org.netbeans.api:org-openide-nodes RELEASE160 直接依赖 maven
org.netbeans.modules:org-netbeans-modules-applemenu RELEASE160 间接依赖 maven
org.netbeans.api:org-openide-dialogs RELEASE160 直接依赖 maven
org.netbeans.api:org-netbeans-api-annotations-common RELEASE160 直接依赖 maven
org.gephi:ui-utils 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-netbeans-api-progress-nb RELEASE160 直接依赖 maven
org.apache.xmlgraphics:batik-i18n 1.16 间接依赖 maven
org.gephi:visualization 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:appearance-api 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-openide-filesystems RELEASE160 直接依赖 maven
org.netbeans.modules:org-netbeans-modules-favorites RELEASE160 间接依赖 maven
org.netbeans.modules:org-netbeans-core-io-ui RELEASE160 间接依赖 maven
org.netbeans.api:org-openide-io RELEASE160 直接依赖 maven
org.apache.commons:commons-csv 1.9.0 直接依赖 maven
commons-logging:commons-logging 1.2 间接依赖 maven
org.ow2.asm:asm-commons 9.3 间接依赖 maven
org.netbeans.api:org-netbeans-libs-javafx RELEASE160 间接依赖 maven
org.gephi:utils-longtask 0.10.2-SNAPSHOT 直接依赖 maven
org.apache.xmlgraphics:batik-awt-util 1.16 间接依赖 maven
org.apache.xmlbeans:xmlbeans 5.1.1 间接依赖 maven
org.gephi:preview-api 0.10.2-SNAPSHOT 直接依赖 maven
org.netbeans.api:org-openide-awt RELEASE160 直接依赖 maven
org.netbeans.modules:org-netbeans-core-output2 RELEASE160 直接依赖 maven
org.gephi:desktop-io-export 0.10.2-SNAPSHOT 直接依赖 maven
org.gephi:utils 0.10.2-SNAPSHOT 直接依赖 maven
com.mastfrog:colorchooser 1.4 直接依赖 maven
com.mastfrog:simplevalidation 1.14.1 间接依赖 maven
org.netbeans.modules:org-netbeans-modules-keyring-impl RELEASE160 间接依赖 maven
org.netbeans.modules:org-netbeans-core-startup RELEASE160 间接依赖 maven
com.formdev:flatlaf-swingx 2.6 直接依赖 maven
(0)
上一篇 2023年12月5日
下一篇 2023年12月5日

相关推荐

  • Avik-Jain/100-Days-Of-ML-Code 软件分析报告

    基础信息 项目名称:Avik-Jain/100-Days-Of-ML-Code 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1722047355780362240/1722047355914579968 此报告由…

    软件分析 2023年11月8日
    0
  • githubwing/ZoomHeader 软件分析报告

    基础信息 项目名称:githubwing/ZoomHeader 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721226010459897856/1726342956363243520 此报告由Murphyse…

    软件分析 2023年11月20日
    0
  • JJMM/DurexKit 软件分析报告

    基础信息 项目名称:JJMM/DurexKit 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1719164397762166784/1719164398055768064 此报告由Murphysec提供 漏洞列表…

    软件分析 2023年10月31日
    0
  • atnet/go2o 软件分析报告

    基础信息 项目名称:atnet/go2o 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716102687060967424/1716102688801603584 此报告由Murphysec提供 漏洞列表 暂无…

    软件分析 2023年10月23日
    0
  • engintron/engintron 软件分析报告

    基础信息 项目名称:engintron/engintron 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721163698923372544/1727909452559896576 此报告由Murphysec提…

    软件分析 2023年11月24日
    0