rapid7/metasploit-framework 软件分析报告

基础信息

项目名称:rapid7/metasploit-framework

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1744303462054223872/1749326323216384000

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
Ruby on Rails HTTP请求跨站请求伪造漏洞 CSRF MPS-2011-0608 CVE-2011-0447 中危
Capstone 缓冲区错误漏洞 越界读取 MPS-2019-5181 CVE-2016-7151 中危
rack 存在HTTP请求的解释不一致性(HTTP请求私运)漏洞 HTTP请求走私 MPS-2022-15297 中危
Puma 环境问题漏洞 HTTP请求走私 MPS-e17w-ut4i CVE-2024-21647 高危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
actionpack 7.0.8 间接依赖 可选修复
capstone 4.0.2 间接依赖 可选修复
rack 2.2.8 间接依赖 可选修复
puma 6.4.0 6.4.2 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
GPL-3.0 1
Apache-2.0 1
自定义许可证 13
GPLv2 1
GPLv2+ 1
LGPLv2+ 1
Public Domain 1
BSD with advertising 1
MIT 8
BSD-3-Clause 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 间接依赖
VCRUNTIME140.dll 间接依赖
MSVCR120.dll 间接依赖
sawyer 0.9.2 间接依赖 bundler
io-console 0.6.0 间接依赖 bundler
ADVAPI32.dll 间接依赖
hrr_rb_ssh-ed25519 0.4.2 间接依赖 bundler
mime-types 3.5.1 间接依赖 bundler
docile 1.4.0 间接依赖 bundler
ttfunk 1.7.0 间接依赖 bundler
simpleidn 0.2.1 间接依赖 bundler
/System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 间接依赖
simplecov 0.18.2 间接依赖 bundler
libdl.so.2 间接依赖
multi_json 1.15.0 间接依赖 bundler
ADVAPI32.DLL 间接依赖
libfuse.so.2 间接依赖
rack-test 2.1.0 间接依赖 bundler
/usr/lib/libgcc_s.1.dylib 间接依赖
activemodel 7.0.8 间接依赖 bundler
windows_error 0.1.5 间接依赖 bundler
mini_portile2 2.8.4 间接依赖 bundler
rspec 3.12.0 间接依赖 bundler
rainbow 3.1.1 间接依赖 bundler
aws-sdk-s3 1.136.0 间接依赖 bundler
aws-sigv4 1.6.0 间接依赖 bundler
packetfu 2.0.0 间接依赖 bundler
builder 3.2.4 间接依赖 bundler
simplecov-html 0.12.3 间接依赖 bundler
aws-sdk-ssm 1.158.0 间接依赖 bundler
winrm 2.3.6 间接依赖 bundler
SETUPAPI.dll 间接依赖
rspec-rerun 1.1.0 间接依赖 bundler
msgpack 1.6.1 间接依赖 bundler
net-protocol 0.2.1 间接依赖 bundler
httpclient 2.8.3 间接依赖 bundler
uuid 2.3.9 间接依赖 bundler
warden 1.2.9 间接依赖 bundler
openssl-cmac 2.0.2 间接依赖 bundler
ruby_smb 3.3.1 间接依赖 bundler
afm 0.2.2 间接依赖 bundler
mustermann 3.0.0 间接依赖 bundler
coderay 1.1.3 间接依赖 bundler
tzinfo 2.0.6 间接依赖 bundler
/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 间接依赖
parallel 1.23.0 间接依赖 bundler
net-ssh 7.2.0 间接依赖 bundler
xmlrpc 0.3.3 间接依赖 bundler
base64 0.1.1 间接依赖 bundler
aws-eventstream 1.2.0 间接依赖 bundler
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 间接依赖
rexml 3.2.6 间接依赖 bundler
sinatra 3.1.0 间接依赖 bundler
pry 0.14.2 间接依赖 bundler
rubyzip 2.3.2 间接依赖 bundler
rex-struct2 0.1.4 间接依赖 bundler
dnsruby 1.70.0 间接依赖 bundler
loofah 2.21.3 间接依赖 bundler
activerecord 7.0.8 间接依赖 bundler
nio4r 2.5.9 间接依赖 bundler
XPSPRINT.DLL 间接依赖
util-linux 间接依赖
libdl.so 间接依赖
rex-rop_builder 0.1.5 间接依赖 bundler
rex-core 0.1.31 间接依赖 bundler
actionview 7.0.8 间接依赖 bundler
ast 2.4.2 间接依赖 bundler
minitest 5.20.0 间接依赖 bundler
faraday 2.7.11 间接依赖 bundler
faraday-net_http 3.0.2 间接依赖 bundler
cdll 间接依赖 pip
jsobfu 0.4.2 间接依赖 bundler
VERSION.dll 间接依赖
gssapi 1.3.1 间接依赖 bundler
thin 1.8.2 间接依赖 bundler
crass 1.0.6 间接依赖 bundler
domain_name 0.5.20190701 间接依赖 bundler
gyoku 1.4.0 间接依赖 bundler
MSVCRT.dll 间接依赖
WS2_32.dll 间接依赖
libc.so.6 间接依赖
/System/Library/Frameworks/CoreAudioKit.framework/Versions/A/CoreAudioKit 间接依赖
USERENV.dll 间接依赖
net-smtp 0.4.0 间接依赖 bundler
Secur32.dll 间接依赖
racc 1.7.1 间接依赖 bundler
rex-random_identifier 0.1.11 间接依赖 bundler
rex-zip 0.1.5 间接依赖 bundler
zeitwerk 2.6.12 间接依赖 bundler
/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 间接依赖
ruby-progressbar 1.13.0 间接依赖 bundler
factory_bot 6.2.1 间接依赖 bundler
regexp_parser 2.8.1 间接依赖 bundler
rex-mime 0.1.8 间接依赖 bundler
allure-rspec 2.23.0 间接依赖 bundler
debug 1.8.0 间接依赖 bundler
/System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 间接依赖
libc.so.7 间接依赖
RPCRT4.dll 间接依赖
aws-sdk-kms 1.72.0 间接依赖 bundler
ld-linux-aarch64.so.1 间接依赖
date 3.3.3 间接依赖 bundler
libm.so 间接依赖
sqlite3 1.6.6 间接依赖 bundler
em-socksify 0.3.2 间接依赖 bundler
rails-dom-testing 2.2.0 间接依赖 bundler
GDI32.dll 间接依赖
faraday-retry 2.2.0 间接依赖 bundler
c_char_p 间接依赖 pip
MPR.dll 间接依赖
erubi 1.12.0 间接依赖 bundler
clfsw32.dll 间接依赖
rkelly-remix 0.0.7 间接依赖 bundler
api-ms-win-crt-runtime-l1-1-0.dll 间接依赖
parser 3.2.2.4 间接依赖 bundler
rex-arch 0.1.15 间接依赖 bundler
metasploit-credential 6.0.6 间接依赖 bundler
unicode-display_width 2.5.0 间接依赖 bundler
diff-lcs 1.5.0 间接依赖 bundler
rex-sslscan 0.1.10 间接依赖 bundler
aws-sdk-iam 1.87.0 间接依赖 bundler
/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 间接依赖
little-plugger 1.1.4 间接依赖 bundler
rails-html-sanitizer 1.6.0 间接依赖 bundler
ffi 1.16.3 间接依赖 bundler
ruby2_keywords 0.0.5 间接依赖 bundler
/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 间接依赖
unf_ext 0.0.8.2 间接依赖 bundler
byebug 11.1.3 间接依赖 bundler
nori 2.6.0 间接依赖 bundler
unf 0.1.4 间接依赖 bundler
/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 间接依赖
/System/Library/Frameworks/Security.framework/Versions/A/Security 间接依赖
i18n 1.14.1 间接依赖 bundler
bcrypt.dll 间接依赖
metasm 1.0.5 间接依赖 bundler
ole32.dll 间接依赖
rex-ole 0.1.8 间接依赖 bundler
addressable 2.8.5 间接依赖 bundler
ntdll.dll 间接依赖
bootsnap 1.16.0 间接依赖 bundler
tilt 2.3.0 间接依赖 bundler
libstdc++.so 间接依赖
/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 间接依赖
faker 3.2.1 间接依赖 bundler
/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 间接依赖
msvcrt.dll 间接依赖
cookiejar 0.3.3 间接依赖 bundler
daemons 1.4.1 间接依赖 bundler
rasn1 0.12.1 间接依赖 bundler
tzinfo-data 1.2023.3 间接依赖 bundler
arel-helpers 2.14.0 间接依赖 bundler
rubyntlm 0.6.3 间接依赖 bundler
SHELL32.dll 间接依赖
libc.so 间接依赖
macaddr 1.7.2 间接依赖 bundler
factory_bot_rails 6.2.0 间接依赖 bundler
json 2.6.3 间接依赖 bundler
/System/Library/Frameworks/Foundation.framework/Foundation 间接依赖
octokit 4.25.1 间接依赖 bundler
metasploit-model 5.0.2 间接依赖 bundler
PSAPI.DLL 间接依赖
rack-protection 3.1.0 间接依赖 bundler
thor 1.2.2 间接依赖 bundler
http_parser.rb 0.8.0 间接依赖 bundler
/usr/lib/libc++.1.dylib 间接依赖
puma 6.4.0 间接依赖 bundler
libpthread.so.0 间接依赖
rspec-expectations 3.12.3 间接依赖 bundler
/System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore 间接依赖
activesupport 7.0.8 间接依赖 bundler
metasploit_data_models 6.0.3 间接依赖 bundler
/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation 间接依赖
bindata 2.4.15 间接依赖 bundler
ntoskrnl.exe 间接依赖
websocket-driver 0.7.6 间接依赖 bundler
ruby-rc4 0.1.5 间接依赖 bundler
aws-partitions 1.834.0 间接依赖 bundler
net-imap 0.4.0 间接依赖 bundler
strptime 0.2.5 间接依赖 bundler
dbgeng.dll 间接依赖
/usr/lib/libobjc.A.dylib 间接依赖
USER32.dll 间接依赖
WINSPOOL.DRV 间接依赖
xdr 3.0.3 间接依赖 bundler
method_source 1.0.0 间接依赖 bundler
rubocop 1.56.4 间接依赖 bundler
nokogiri 1.14.5 间接依赖 bundler
rack 2.2.8 间接依赖 bundler
mscoree.dll 间接依赖
KERNEL32.dll 间接依赖
logging 2.3.1 间接依赖 bundler
rex-nop 0.1.3 间接依赖 bundler
websocket-extensions 0.1.5 间接依赖 bundler
actionpack 7.0.8 间接依赖 bundler
mime-types-data 3.2023.1003 间接依赖 bundler
rex-bin_tools 0.1.9 间接依赖 bundler
timeout 0.4.0 间接依赖 bundler
NETAPI32.dll 间接依赖
railties 7.0.8 间接依赖 bundler
allure-ruby-commons 2.23.0 间接依赖 bundler
concurrent-ruby 1.2.2 间接依赖 bundler
rake 13.0.6 间接依赖 bundler
pg 1.5.4 间接依赖 bundler
rubocop-ast 1.29.0 间接依赖 bundler
require_all 3.0.0 间接依赖 bundler
rspec-rails 6.0.3 间接依赖 bundler
aws-sdk-ec2instanceconnect 1.34.0 间接依赖 bundler
rspec-mocks 3.12.6 间接依赖 bundler
pcaprub 0.13.1 间接依赖 bundler
recog 3.1.2 间接依赖 bundler
language_server-protocol 3.17.0.3 间接依赖 bundler
newdev.dll 间接依赖
faye-websocket 0.11.3 间接依赖 bundler
em-http-request 1.1.7 间接依赖 bundler
reline 0.3.8 间接依赖 bundler
detoured.dll 间接依赖
pdf-reader 2.11.0 间接依赖 bundler
irb 1.7.4 间接依赖 bundler
Ascii85 1.1.0 间接依赖 bundler
rex-socket 0.1.55 间接依赖 bundler
hrr_rb_ssh 0.4.2 间接依赖 bundler
CRYPT32.dll 间接依赖
openssl-ccm 1.2.3 间接依赖 bundler
WININET.dll 间接依赖
rex-exploitation 0.1.39 间接依赖 bundler
rspec-core 3.12.2 间接依赖 bundler
rex-text 0.2.53 间接依赖 bundler
hashery 2.1.2 间接依赖 bundler
public_suffix 5.0.3 间接依赖 bundler
metasploit-concern 5.0.2 间接依赖 bundler
directshowbaseclasses 260557 间接依赖
ed25519 1.3.0 间接依赖 bundler
/usr/lib/libSystem.B.dylib 间接依赖
jmespath 1.6.2 间接依赖 bundler
systemu 2.6.5 间接依赖 bundler
rspec-support 3.12.1 间接依赖 bundler
aws-sdk-ec2 1.411.0 间接依赖 bundler
rex-powershell 0.1.99 间接依赖 bundler
http-cookie 1.0.5 间接依赖 bundler
pry-byebug 3.10.1 间接依赖 bundler
capstone 4.0.2 间接依赖
rex-encoder 0.1.7 间接依赖 bundler
webrick 1.8.1 间接依赖 bundler
aws-sdk-core 3.185.1 间接依赖 bundler
eventmachine 1.2.7 间接依赖 bundler
(0)
上一篇 2024年1月22日
下一篇 2024年1月22日

相关推荐

  • antvis/AVA 软件分析报告

    基础信息 项目名称:antvis/AVA 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715870666992697344/1715870667034640384 此报告由Murphysec提供 漏洞列表 暂无…

    软件分析 2023年10月23日
    0
  • ilyas-it83/CloudComparer 软件分析报告

    基础信息 项目名称:ilyas-it83/CloudComparer 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718794397457104896/1718794397494853632 此报告由Murph…

    软件分析 2023年10月30日
    0
  • AlloyTeam/JMUI 软件分析报告

    基础信息 项目名称:AlloyTeam/JMUI 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715722368206897152/1715722368269811712 此报告由Murphysec提供 漏洞列…

    软件分析 2023年10月23日
    0
  • yuanxiaosc/Machine-Learning-Book 软件分析报告

    基础信息 项目名称:yuanxiaosc/Machine-Learning-Book 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721674341593452544/1721674341639589888 此…

    软件分析 2023年11月7日
    0
  • andreyalexeich/gulp-scss-starter 软件分析报告

    基础信息 项目名称:andreyalexeich/gulp-scss-starter 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715816473166659584/1715816473221185536 此…

    软件分析 2023年10月23日
    0