基础信息
项目名称:OpenDroneMap/ODM
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1744049782665437184/1744049782707380224
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Lxml 跨站脚本漏洞 | XSS | MPS-2020-17664 | CVE-2020-27783 | 中危 |
| NumPy 代码问题漏洞 | 空指针取消引用 | MPS-2021-32278 | CVE-2021-41495 | 中危 |
| Lxml 跨站脚本漏洞 | XSS | MPS-2021-3272 | CVE-2021-28957 | 中危 |
| lxml 注入漏洞 | XSS | MPS-2021-36943 | CVE-2021-43818 | 高危 |
| networkx 存在反序列化漏洞 | 反序列化 | MPS-2022-15000 | 高危 | |
| piexif 存在路径遍历漏洞 | 路径遍历 | MPS-2022-15029 | 中危 | |
| lxml 和 libxml2 代码问题漏洞 | 空指针取消引用 | MPS-2022-46661 | CVE-2022-2309 | 高危 |
| joblib 安全漏洞 | MPS-2022-5059 | CVE-2022-21797 | 严重 | |
| SciPy 安全漏洞 | MPS-2023-4046 | CVE-2023-25399 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| networkx | 2.5 | 2.6 | 间接依赖 | 建议修复 |
| joblib | 1.1.0 | 1.1.1 | 间接依赖 | 建议修复 |
| lxml | 4.6.1 | 4.9.1 | 间接依赖 | 建议修复 |
| scipy | 1.8.1 | 1.10.0rc1 | 间接依赖 | 可选修复 |
| numpy | 1.23.1 | 间接依赖 | 可选修复 | |
| piexif | 1.1.3 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| 自定义许可证 | 11 | 低 |
| Apache-2.0 | 1 | 低 |
| HPND | 1 | 低 |
| BSD-3-Clause | 4 | 低 |
| MIT | 8 | 低 |
| LGPL-3.0-or-later | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| OSFMContext | 间接依赖 | pip | |
| gaussian | 间接依赖 | pip | |
| abstractmethod | 间接依赖 | pip | |
| Affine | 间接依赖 | pip | |
| Transformer | 间接依赖 | pip | |
| rowcol | 间接依赖 | pip | |
| pygltflib | 1.15.3 | 间接依赖 | pip |
| edt | 2.0.2 | 间接依赖 | pip |
| codem | 0.24.0 | 间接依赖 | pip |
| double_quote | 间接依赖 | pip | |
| Pillow | 8.3.2 | 间接依赖 | pip |
| scikit-learn | 1.1.1 | 间接依赖 | pip |
| Parallel | 间接依赖 | pip | |
| joblib | 1.1.0 | 间接依赖 | pip |
| Video2Dataset | 间接依赖 | pip | |
| BoxBounds | 间接依赖 | pip | |
| PartitionPlan | 间接依赖 | pip | |
| cloudpickle | 1.6.0 | 间接依赖 | pip |
| Task | 间接依赖 | pip | |
| Parameters | 间接依赖 | pip | |
| floor | 间接依赖 | pip | |
| matplotlib | 3.3.3 | 间接依赖 | pip |
| onnxruntime | 1.12.1 | 间接依赖 | pip |
| appsettings | 0.8 | 间接依赖 | pip |
| scikit-image | 0.19.3 | 间接依赖 | pip |
| LineString | 间接依赖 | pip | |
| pyproj | 3.3.1 | 间接依赖 | pip |
| Pywavelets | 1.3.0 | 间接依赖 | pip |
| Node | 间接依赖 | pip | |
| scipy | 1.8.1 | 间接依赖 | pip |
| get_processing_results_paths | 间接依赖 | pip | |
| attrs | 20.3.0 | 间接依赖 | pip |
| exceptions | 间接依赖 | pip | |
| Partition | 间接依赖 | pip | |
| fpdf2 | 2.4.6 | 间接依赖 | pip |
| rank | 间接依赖 | pip | |
| pandas | 1.5.2 | 间接依赖 | pip |
| export_to_bounds_files | 间接依赖 | pip | |
| boundary_offset | 间接依赖 | pip | |
| Pysolar | 0.9 | 间接依赖 | pip |
| networkx | 2.5 | 间接依赖 | pip |
| mapping | 间接依赖 | pip | |
| beautifulsoup4 | 4.9.3 | 间接依赖 | pip |
| Proj | 间接依赖 | pip | |
| PyYAML | 5.1 | 间接依赖 | pip |
| RangeNotAvailableError | 间接依赖 | pip | |
| ceil | 间接依赖 | pip | |
| OdmError | 间接依赖 | pip | |
| get_submodel_args_dict | 间接依赖 | pip | |
| LocalRemoteExecutor | 间接依赖 | pip | |
| ODMExifRead | 3.0.4 | 间接依赖 | pip |
| get_max_memory | 间接依赖 | pip | |
| piexif | 1.1.3 | 间接依赖 | pip |
| get_submodel_argv | 间接依赖 | pip | |
| read_cloud | 间接依赖 | pip | |
| xmltodict | 0.12.0 | 间接依赖 | pip |
| args_to_dict | 间接依赖 | pip | |
| timedelta | 间接依赖 | pip | |
| trimesh | 3.17.1 | 间接依赖 | pip |
| copy_paths | 间接依赖 | pip | |
| compute_boundary_from_shots | 间接依赖 | pip | |
| osgeo | 间接依赖 | pip | |
| get_orthophoto_vars | 间接依赖 | pip | |
| pytz | 2020.4 | 间接依赖 | pip |
| delayed | 间接依赖 | pip | |
| write_cloud | 间接依赖 | pip | |
| ABCMeta | 间接依赖 | pip | |
| opendm | 间接依赖 | pip | |
| sklearn | 间接依赖 | pip | |
| pyodm | 1.5.8 | 间接依赖 | pip |
| Shapely | 1.7.1 | 间接依赖 | pip |
| as_polygon | 间接依赖 | pip | |
| vmem | 1.0.2 | 间接依赖 | pip |
| lxml | 4.6.1 | 间接依赖 | pip |
| PolyBounds | 间接依赖 | pip | |
| PIL | 间接依赖 | pip | |
| repoze.lru | 0.7 | 间接依赖 | pip |
| numpy | 1.23.1 | 间接依赖 | pip |