akka/akka 软件分析报告

基础信息

项目名称:akka/akka

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1749302334318280704/1749302345227665408

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
Lightbeed Akka Akka-http 安全漏洞 MPS-8hzc-ex6k CVE-2023-31442 高危
logback 安全漏洞 反序列化 MPS-e8pm-na64 CVE-2023-6378 高危
【存在争议】FasterXML jackson-databind 代码问题漏洞 不加限制或调节的资源分配 MPS-z1bx-p8y2 CVE-2023-35116 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
com.typesafe.akka:akka-discovery_2.13 0.0.0+1-2754d3ea-SNAPSHOT 2.8.1 间接依赖 建议修复
com.fasterxml.jackson.core:jackson-databind 2.15.3 2.16.0 间接依赖 建议修复
ch.qos.logback:logback-classic 1.2.13 1.3.12 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
自定义许可证 22
Apache-2.0 59
BSD-3-Clause 5
EPL-1.0 2
MIT 3
MIT-0 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
org.scalatest:scalatest_2.13 3.2.17 间接依赖 maven
com.typesafe.akka:akka-persistence_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-multi-node-testkit_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.scalatest:scalatest-flatspec_2.13 3.2.17 间接依赖 maven
com.typesafe.akka:akka-stream-typed_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.scalatest:scalatest-featurespec_2.13 3.2.17 间接依赖 maven
com.typesafe.akka:akka-distributed-data_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.agrona:agrona 1.19.2 间接依赖 maven
org.scalatest:scalatest-funsuite_2.13 3.2.17 间接依赖 maven
org.ow2.asm:asm-commons 9.2 间接依赖 maven
org.scalatest:scalatest-compatible 3.2.17 间接依赖 maven
msvcrt.dll 间接依赖
org.scalatest:scalatest-shouldmatchers_2.13 3.2.17 间接依赖 maven
com.typesafe.akka:akka-actor-testkit-typed_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
ch.qos.logback:logback-classic 1.2.13 间接依赖 maven
com.typesafe.akka:akka-persistence-query_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-stream-tests-tck_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.lz4:lz4-java 1.8.0 间接依赖 maven
com.typesafe.akka:akka-actor-tests_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
io.aeron:aeron-client 1.42.1 间接依赖 maven
junit:junit 3.8.1 直接依赖 maven
com.github.jnr:jnr-ffi 2.2.13 间接依赖 maven
com.typesafe.akka:akka_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-bom_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
io.netty:netty-resolver 4.1.104.Final 间接依赖 maven
javax.jms:jms 1.1 直接依赖 maven
com.hierynomus:asn-one 0.6.0 间接依赖 maven
com.sun.jdmk:jmxtools 1.2.1 直接依赖 maven
com.sun.jmx:jmxri 1.2.1 直接依赖 maven
org.apache.commons:commons-math3 3.6.1 间接依赖 maven
com.typesafe.akka:akka-cluster-typed_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.15.3 间接依赖 maven
com.typesafe.akka:akka-serialization-jackson_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.openjdk.jmh:jmh-generator-bytecode 1.37 间接依赖 maven
javax.mail:mail 1.4 直接依赖 maven
com.github.jnr:jnr-constants 0.10.4 间接依赖 maven
com.fasterxml.jackson.module:jackson-module-scala_2.13 2.15.3 间接依赖 maven
com.typesafe.akka:akka-discovery_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.ow2.asm:asm-tree 9.2 间接依赖 maven
com.typesafe.akka:akka-actor_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-persistence-typed_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-bench-jmh_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
io.netty:netty-handler 4.1.104.Final 间接依赖 maven
org.scalatest:scalatest-propspec_2.13 3.2.17 间接依赖 maven
com.typesafe.akka:akka-persistence-testkit_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
junit:junit 4.13.2 间接依赖 maven
com.typesafe.akka:akka-cluster_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.ow2.asm:asm-analysis 9.2 间接依赖 maven
org.scalatest:scalatest-freespec_2.13 3.2.17 间接依赖 maven
com.github.jnr:jnr-x86asm 1.0.2 间接依赖 maven
org.slf4j:slf4j-api 1.7.36 间接依赖 maven
org.scalatest:scalatest-wordspec_2.13 3.2.17 间接依赖 maven
org.reactivestreams:reactive-streams 1.0.4 间接依赖 maven
com.typesafe.akka:akka-persistence-typed-tests_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-stream-tests_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.scalatest:scalatest-refspec_2.13 3.2.17 间接依赖 maven
com.typesafe.akka:akka-persistence-tck_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.openjdk.jmh:jmh-core 1.37 间接依赖 maven
com.typesafe.akka:akka-cluster-tools_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.ow2.asm:asm 9.2 间接依赖 maven
org.scala-lang.modules:scala-java8-compat_2.13 1.0.2 间接依赖 maven
com.typesafe.akka:akka-testkit_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.scalatest:scalatest-diagrams_2.13 3.2.17 间接依赖 maven
com.typesafe.akka:akka-protobuf-v3_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.github.jnr:jnr-a64asm 1.0.0 间接依赖 maven
com.typesafe.akka:akka-cluster-sharding_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.jctools:jctools-core 3.3.0 间接依赖 maven
org.scalatest:scalatest-core_2.13 3.2.17 间接依赖 maven
org.scala-lang:scala-reflect 2.13.12 间接依赖 maven
org.scala-lang.modules:scala-xml_2.13 2.1.0 间接依赖 maven
com.fasterxml.jackson.core:jackson-annotations 2.15.3 间接依赖 maven
com.fasterxml.jackson.core:jackson-core 2.15.3 间接依赖 maven
com.typesafe.akka:akka-cluster-sharding-typed_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
net.sf.jopt-simple:jopt-simple 5.0.4 间接依赖 maven
com.typesafe.akka:akka-remote-tests_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-actor-typed-tests_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-stream_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
io.netty:netty-buffer 4.1.104.Final 间接依赖 maven
org.scalatest:scalatest-funspec_2.13 3.2.17 间接依赖 maven
org.scalatest:scalatest-mustmatchers_2.13 3.2.17 间接依赖 maven
com.typesafe.akka:akka-remote_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-persistence-shared_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
javax.activation:activation 1.1 间接依赖 maven
com.github.jnr:jffi 1.3.10 间接依赖 maven
KERNEL32.dll 间接依赖
org.ow2.asm:asm-util 9.2 间接依赖 maven
com.typesafe.akka:akka-docs_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.scalatest:scalatest-matchers-core_2.13 3.2.17 间接依赖 maven
org.scalactic:scalactic_2.13 3.2.17 间接依赖 maven
com.fasterxml.jackson.datatype:jackson-datatype-jdk8 2.15.3 间接依赖 maven
io.netty:netty-transport 4.1.104.Final 间接依赖 maven
io.netty:netty-common 4.1.104.Final 间接依赖 maven
com.fasterxml.jackson.module:jackson-module-parameter-names 2.15.3 间接依赖 maven
com.fasterxml.jackson.core:jackson-databind 2.15.3 间接依赖 maven
org.openjdk.jmh:jmh-generator-reflection 1.37 间接依赖 maven
com.typesafe.akka:akka-stream-testkit_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-coordination_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-serialization-jackson_2.13 0.0.0+1-2754d3ea-SNAPSHO.. 间接依赖 maven
com.typesafe.akka:akka-actor-typed_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
io.aeron:aeron-driver 1.42.1 间接依赖 maven
com.typesafe.akka:akka-cluster-sharding-typed_2.13 0.0.0+1-2754d3ea-SNAPSH.. 间接依赖 maven
com.typesafe.akka:akka-slf4j_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
com.typesafe.akka:akka-pki_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
org.lmdbjava:lmdbjava 0.8.3 间接依赖 maven
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor 2.15.3 间接依赖 maven
com.typesafe:config 1.4.3 间接依赖 maven
com.typesafe.akka:akka-cluster-metrics_2.13 0.0.0+1-2754d3ea-SNAPSHOT 间接依赖 maven
(0)
上一篇 2024年1月22日
下一篇 2024年1月22日

相关推荐

  • Azure/SimuLand 软件分析报告

    基础信息 项目名称:Azure/SimuLand 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716200254944706560/1716200259084484608 此报告由Murphysec提供 漏洞列…

    软件分析 2023年10月23日
    0
  • chunyeow/openairinterface5g 软件分析报告

    基础信息 项目名称:chunyeow/openairinterface5g 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716673147507965952/1716673147575074816 此报告由Mu…

    软件分析 2023年10月24日
    0
  • JoshMcguigan/traffic 软件分析报告

    基础信息 项目名称:JoshMcguigan/traffic 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721320654015123456/1726901201687502848 此报告由Murphysec…

    软件分析 2023年11月21日
    0
  • husixu1/HUST-Homeworks 软件分析报告

    基础信息 项目名称:husixu1/HUST-Homeworks 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718721210102890496/1718721210157416448 此报告由Murphys…

    软件分析 2023年10月30日
    0
  • GerritCodeReview/gerrit 软件分析报告

    基础信息 项目名称:GerritCodeReview/gerrit 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721220394798616576/1731936943186862080 此报告由Murphy…

    软件分析 2023年12月5日
    0