基础信息
项目名称:python/cpython
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1752022863033151488/1752022909740920832
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Google Chrome 代码问题漏洞 | 不可信的搜索路径 | MPS-2011-3488 | CVE-2011-3640 | 高危 |
| Mozilla Network Security Services 安全漏洞 | MPS-2012-1903 | CVE-2011-5094 | 中危 | |
| 多个TLS/DTLS实现加密问题漏洞 | 密码学问题 | MPS-2013-0546 | CVE-2013-0169 | 低危 |
| Mozilla Network Security Services TLS实现加密问题漏洞 | 通过差异性导致的信息暴露 | MPS-2013-0549 | CVE-2013-1620 | 中危 |
| TLS/SSL协议 RC4算法加密问题漏洞 | 加密强度不足 | MPS-2013-1069 | CVE-2013-2566 | 中危 |
| Mozilla Firefox/Thunderbird/SeaMonkey NSS 拒绝服务漏洞 | 缓冲区溢出 | MPS-2013-1302 | CVE-2013-0791 | 中危 |
| Mozilla Network Security Services 加密问题漏洞 | 密码学问题 | MPS-2014-0337 | CVE-2013-1740 | 中危 |
| Mozilla Network Security Services 竞争条件漏洞 | 竞争条件 | MPS-2014-0641 | CVE-2014-1490 | 严重 |
| OpenSSL 存在DROWN攻击漏洞 | 密码学问题 | MPS-2014-5713 | CVE-2014-3566 | 低危 |
| RC4 加密问题漏洞 | 密码算法不安全 | MPS-2015-1654 | CVE-2015-2808 | 中危 |
| OpenSSL 存在 Logjam 漏洞 | 密码学问题 | MPS-2015-2457 | CVE-2015-4000 | 低危 |
| Oracle Java SE和Java SE Embedded JCE子组件安全漏洞 | 不恰当实现的标准安全检查 | MPS-2015-3503 | CVE-2015-2613 | 中危 |
| Mozilla Firefox和Firefox ESR Network Security Services 缓冲区溢出漏洞 | 缓冲区溢出 | MPS-2015-5610 | CVE-2015-7181 | 高危 |
| Mozilla Firefox和Firefox ESR Network Security Services 基于堆的缓冲区溢出漏洞 | 缓冲区溢出 | MPS-2015-5611 | CVE-2015-7182 | 严重 |
| Mozilla Firefox和Firefox ESR Network Security Services 权限许可和访问控制漏洞 | 数据处理错误 | MPS-2016-0169 | CVE-2015-7575 | 中危 |
| Mozilla Firefox Network Security Services 安全漏洞 | 密码学问题 | MPS-2016-0659 | CVE-2016-1938 | 中危 |
| Mozilla Network Security Services 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2017-14508 | CVE-2017-11695 | 高危 |
| Mozilla Network Security Services 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2017-14509 | CVE-2017-11696 | 高危 |
| Mozilla Network Security Services 安全漏洞 | 缓冲区溢出 | MPS-2017-14510 | CVE-2017-11697 | 高危 |
| Mozilla Network Security Services 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2017-14511 | CVE-2017-11698 | 高危 |
| NSS 代码问题漏洞 | 空指针取消引用 | MPS-2017-5991 | CVE-2017-7502 | 高危 |
| Red Hat Network Security Services 安全漏洞 | 会话固定 | MPS-2018-10079 | CVE-2016-9574 | 中危 |
| Mozilla Network Security Services 安全绕过漏洞 | 未授权敏感信息泄露 | MPS-2018-7611 | CVE-2016-9074 | 中危 |
| Mozilla Firefox 安全漏洞 | 数值类型间的不正确转换 | MPS-2018-7749 | CVE-2017-7781 | 中危 |
| Mozilla Firefox、Firefox ESR和Thunderbird 安全漏洞 | UAF | MPS-2018-7772 | CVE-2017-7805 | 高危 |
| NSS安全特征问题漏洞 | PRNG种子错误 | MPS-2019-4655 | CVE-2018-12384 | 中危 |
| Slackware mozilla-nss 加密问题漏洞 | 未授权敏感信息泄露 | MPS-2019-4770 | CVE-2018-12404 | 中危 |
| Mozilla Firefox 信任管理问题漏洞 | 证书验证不恰当 | MPS-2019-8367 | CVE-2019-11727 | 中危 |
| Mozilla Network Security Services 信息泄露漏洞 | 通过差异性导致的信息暴露 | MPS-2020-14079 | CVE-2020-12400 | 中危 |
| Amazon Linux AMI 加密问题漏洞 | 通过差异性导致的信息暴露 | MPS-2020-14080 | CVE-2020-12401 | 中危 |
| Network Security Services 代码问题漏洞 | 空指针取消引用 | MPS-2020-15037 | CVE-2018-18508 | 中危 |
| Mozilla Network Security Services 安全漏洞 | 密码算法不安全 | MPS-2020-15243 | CVE-2020-6829 | 中危 |
| Mozilla NSS 安全漏洞 | 不加限制或调节的资源分配 | MPS-2020-15755 | CVE-2020-25648 | 高危 |
| Mozilla Firefox 信息泄露漏洞 | 通过差异性导致的信息暴露 | MPS-2020-25206 | CVE-2020-12413 | 中危 |
| Mozilla Network Security Services 缓冲区错误漏洞 | 越界写入 | MPS-2021-35347 | CVE-2021-43527 | 严重 |
| Mozilla Network Security Services 缓冲区错误漏洞 | 越界读取 | MPS-2021-7607 | CVE-2020-12403 | 严重 |
| Mozilla Firefox 信任管理问题漏洞 | 证书验证不恰当 | MPS-2022-0728 | CVE-2022-22747 | 中危 |
| Python 安全漏洞 | ReDoS | MPS-2022-57238 | CVE-2022-40897 | 中危 |
| NSS 安全漏洞 | 输入验证不恰当 | MPS-2022-59754 | CVE-2022-3479 | 高危 |
| Mozilla NSS 资源管理错误漏洞 | UAF | MPS-2022-6837 | CVE-2022-1097 | 中危 |
| Mozilla Firefox 安全漏洞 | MPS-2023-4397 | CVE-2023-0767 | 高危 | |
| Red Hat Enterprise Linux 安全漏洞 | 通过差异性导致的信息暴露 | MPS-ph5d-a3zs | CVE-2023-4421 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| nss | 3.72 | 间接依赖 | 建议修复 | |
| setuptools | 39.2.0 | 65.5.1 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| 自定义许可证 | 23 | 低 |
| MIT | 18 | 低 |
| Python-2.0 | 2 | 低 |
| Apache-2.0 | 2 | 低 |
| BSD-3-Clause | 4 | 低 |
| BSD-2-Clause | 3 | 低 |
| MPL-2.0 | 2 | 低 |
| BSL-1.0 | 1 | 低 |
| ISC | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| assert_python_failure | 间接依赖 | pip | |
| alabaster | 0.7.13 | 间接依赖 | pip |
| getargs_keywords | 间接依赖 | pip | |
| sphinxcontrib-serializinghtml | 1.1.5 | 间接依赖 | pip |
| CDLL | 间接依赖 | pip | |
| sphinx-notfound-page | 1.0.0 | 间接依赖 | pip |
| _parser | 间接依赖 | pip | |
| DEFAULT | 间接依赖 | pip | |
| cpython | 3.10.0 | 间接依赖 | |
| cpython_only | 间接依赖 | pip | |
| AF_INET6 | 间接依赖 | pip | |
| parsing | 间接依赖 | pip | |
| Process | 间接依赖 | pip | |
| ZipFile | 间接依赖 | pip | |
| z | 间接依赖 | pip | |
| c_void_p | 间接依赖 | pip | |
| OrderedDict | 间接依赖 | pip | |
| _run_output | 间接依赖 | pip | |
| inet_pton | 间接依赖 | pip | |
| requests | 2.31.0 | 间接依赖 | pip |
| Py_C_RECURSION_LIMIT | 间接依赖 | pip | |
| ALWAYS_EQ | 间接依赖 | pip | |
| StringIO | 间接依赖 | pip | |
| log | 间接依赖 | pip | |
| product | 间接依赖 | pip | |
| urllib3 | 2.0.7 | 间接依赖 | pip |
| runtime_checkable | 间接依赖 | pip | |
| TextIO | 间接依赖 | pip | |
| sphinxext-opengraph | 0.7.5 | 间接依赖 | pip |
| sentinel | 间接依赖 | pip | |
| ttk | 间接依赖 | pip | |
| requires_subprocess | 间接依赖 | pip | |
| cpython | 间接依赖 | ||
| cdll | 间接依赖 | pip | |
| HTTPServer | 间接依赖 | pip | |
| MarkupSafe | 2.1.3 | 间接依赖 | pip |
| mimalloc | 2.0.3 | 间接依赖 | |
| c_int | 间接依赖 | pip | |
| _builtin_types | 间接依赖 | pip | |
| _test_simple_enum | 间接依赖 | pip | |
| sphinxcontrib-htmlhelp | 2.0.1 | 间接依赖 | pip |
| set_spawning_popen | 间接依赖 | pip | |
| Py_DEBUG | 间接依赖 | pip | |
| mul | 间接依赖 | pip | |
| HWND | 间接依赖 | pip | |
| idlelib | 间接依赖 | pip | |
| field | 间接依赖 | pip | |
| FS_NONASCII | 间接依赖 | pip | |
| mypy | 1.8.0 | 间接依赖 | pip |
| AbstractDefaultRootTest | 间接依赖 | pip | |
| _contextvars | 间接依赖 | pip | |
| RegexLexer | 间接依赖 | pip | |
| import_module | 间接依赖 | pip | |
| SubRuleValidator | 间接依赖 | pip | |
| Invoked | 间接依赖 | pip | |
| xxsubtype | 间接依赖 | pip | |
| set_match_tests | 间接依赖 | pip | |
| PY_SSIZE_T_MAX | 间接依赖 | pip | |
| iscoroutinefunction | 间接依赖 | pip | |
| ExitStack | 间接依赖 | pip | |
| resources | 间接依赖 | pip | |
| urlopen | 间接依赖 | pip | |
| nss | 间接依赖 | ||
| machinery | 间接依赖 | pip | |
| ResourceReader | 间接依赖 | pip | |
| zipdata01 | 间接依赖 | pip | |
| setup_module | 间接依赖 | pip | |
| ValidationError | 间接依赖 | pip | |
| PyTest | 间接依赖 | pip | |
| python-docs-theme | 2022.1 | 间接依赖 | pip |
| TESTFN | 间接依赖 | pip | |
| Toplevel | 间接依赖 | pip | |
| mock_socket | 间接依赖 | pip | |
| configure_logger | 间接依赖 | pip | |
| Message | 间接依赖 | pip | |
| Structure | 间接依赖 | pip | |
| exp | 间接依赖 | pip | |
| sphinxcontrib-jsmath | 1.0.1 | 间接依赖 | pip |
| realpath | 间接依赖 | pip | |
| ExecutorMixin | 间接依赖 | pip | |
| Instruction | 间接依赖 | pip | |
| check_syntax_error | 间接依赖 | pip | |
| ZipInfo | 间接依赖 | pip | |
| write_perf_map_entry | 间接依赖 | pip | |
| PY_SSIZE_T_MIN | 间接依赖 | pip | |
| message_from_string | 间接依赖 | pip | |
| pyvectorcall_call | 间接依赖 | pip | |
| Literal | 间接依赖 | pip | |
| timedelta | 间接依赖 | pip | |
| _ThreadWakeup | 间接依赖 | pip | |
| BOOL | 间接依赖 | pip | |
| StackItem | 间接依赖 | pip | |
| INT_MAX | 间接依赖 | pip | |
| fsutil | 间接依赖 | pip | |
| nss | 3.72 | 间接依赖 | |
| FileInfo | 间接依赖 | pip | |
| MagicMock | 间接依赖 | pip | |
| StrEnum | 间接依赖 | pip | |
| POINTER | 间接依赖 | pip | |
| script_helper | 间接依赖 | pip | |
| sizeof | 间接依赖 | pip | |
| BrokenProcessPool | 间接依赖 | pip | |
| final | 间接依赖 | pip | |
| cycle | 间接依赖 | pip | |
| StubClass | 间接依赖 | pip | |
| hashlib_helper | 间接依赖 | pip | |
| Iterable | 间接依赖 | pip | |
| which | 间接依赖 | pip | |
| Union | 间接依赖 | pip | |
| Set | 间接依赖 | pip | |
| swap_attr | 间接依赖 | pip | |
| client | 间接依赖 | pip | |
| run | 间接依赖 | pip | |
| SourceLine | 间接依赖 | pip | |
| IO | 间接依赖 | pip | |
| ThreadingMock | 间接依赖 | pip | |
| docutils | 0.17.1 | 间接依赖 | pip |
| check_disallow_instantiation | 间接依赖 | pip | |
| is_wasi | 间接依赖 | pip | |
| shuffle | 间接依赖 | pip | |
| OpenDDS | 间接依赖 | ||
| ModuleBrowserTreeItem | 间接依赖 | pip | |
| snowballstemmer | 2.2.0 | 间接依赖 | pip |
| Tcl | 间接依赖 | pip | |
| sphinxcontrib-qthelp | 1.0.3 | 间接依赖 | pip |
| run_code | 间接依赖 | pip | |
| ColorDelegator | 间接依赖 | pip | |
| hypothesis | 6.92.2 | 间接依赖 | pip |
| _meta | 间接依赖 | pip | |
| support | 间接依赖 | pip | |
| skip_if_missing | 间接依赖 | pip | |
| _grouper | 间接依赖 | pip | |
| Protocol | 间接依赖 | pip | |
| UserDict | 间接依赖 | pip | |
| TestEmailBase | 间接依赖 | pip | |
| packaging | 23.2 | 间接依赖 | pip |
| randrange | 间接依赖 | pip | |
| pygments | 间接依赖 | pip | |
| imagesize | 1.4.1 | 间接依赖 | pip |
| poco | 间接依赖 | ||
| LoggingResult | 间接依赖 | pip | |
| _2G | 间接依赖 | pip | |
| randint | 间接依赖 | pip | |
| skipUnless | 间接依赖 | pip | |
| policy | 间接依赖 | pip | |
| create_executor_tests | 间接依赖 | pip | |
| pyobject_vectorcall | 间接依赖 | pip | |
| AbstractTkTest | 间接依赖 | pip | |
| util | 间接依赖 | pip | |
| Generic | 间接依赖 | pip | |
| check_impl_detail | 间接依赖 | pip | |
| c_byte | 间接依赖 | pip | |
| _captured_script | 间接依赖 | pip | |
| Text | 间接依赖 | pip | |
| Any | 间接依赖 | pip | |
| NoReturn | 间接依赖 | pip | |
| temp_dir | 间接依赖 | pip | |
| _1G | 间接依赖 | pip | |
| TestBase | 间接依赖 | pip | |
| DynamicClassAttribute | 间接依赖 | pip | |
| DebuggerTests | 间接依赖 | pip | |
| charset-normalizer | 3.3.0 | 间接依赖 | pip |
| types-setuptools | 69.0.0.0 | 间接依赖 | pip |
| spawn_python | 间接依赖 | pip | |
| pythonapi | 间接依赖 | pip | |
| _tee | 间接依赖 | pip | |
| MultiplexedPath | 间接依赖 | pip | |
| Sphinx | 4.2.0 | 间接依赖 | pip |
| mock | 间接依赖 | pip | |
| MappingProxyType | 间接依赖 | pip | |
| dataclass | 间接依赖 | pip | |
| combinations | 间接依赖 | pip | |
| but | 间接依赖 | pip | |
| TestEquality | 间接依赖 | pip | |
| GenericAlias | 间接依赖 | pip | |
| RTLD_GLOBAL | 间接依赖 | pip | |
| MS_WINDOWS | 间接依赖 | pip | |
| CTest | 间接依赖 | pip | |
| Jinja2 | 3.1.2 | 间接依赖 | pip |
| MutableSet | 间接依赖 | pip | |
| patch | 间接依赖 | pip | |
| State | 间接依赖 | pip | |
| run_gdb | 间接依赖 | pip | |
| c_common | 间接依赖 | pip | |
| BaseHTTPRequestHandler | 间接依赖 | pip | |
| stub_factory | 间接依赖 | pip | |
| get_spawning_popen | 间接依赖 | pip | |
| get_tk_patchlevel | 间接依赖 | pip | |
| _adapters | 间接依赖 | pip | |
| gc_collect | 间接依赖 | pip | |
| requires | 间接依赖 | pip | |
| preprocess | 间接依赖 | pip | |
| abspath | 间接依赖 | pip | |
| islice | 间接依赖 | pip | |
| cpython | 间接依赖 | pip | |
| bygroups | 间接依赖 | pip | |
| urlcleanup | 间接依赖 | pip | |
| _sysconfigdata | 间接依赖 | pip | |
| bigmemtest | 间接依赖 | pip | |
| cpython | 2.7.18 | 间接依赖 | |
| expand_filenames | 间接依赖 | pip | |
| Dict | 间接依赖 | pip | |
| requires_resource | 间接依赖 | pip | |
| zipdata02 | 间接依赖 | pip | |
| HTTPStatus | 间接依赖 | pip | |
| contextmanager | 间接依赖 | pip | |
| isnan | 间接依赖 | pip | |
| _locale | 间接依赖 | pip | |
| captured_stderr | 间接依赖 | pip | |
| c_char_p | 间接依赖 | pip | |
| WINFUNCTYPE | 间接依赖 | pip | |
| wraps | 间接依赖 | pip | |
| idna | 3.4 | 间接依赖 | pip |
| REPO_ROOT | 间接依赖 | pip | |
| main | 间接依赖 | pip | |
| VERBOSITY | 间接依赖 | pip | |
| TclError | 间接依赖 | pip | |
| Queue | 间接依赖 | pip | |
| _collections_abc | 间接依赖 | pip | |
| threading_helper | 间接依赖 | pip | |
| _compat_pickle | 间接依赖 | pip | |
| NamespaceReader | 间接依赖 | pip | |
| _SimpleCData | 间接依赖 | pip | |
| process | 间接依赖 | pip | |
| Enum | 间接依赖 | pip | |
| ModuleBrowser | 间接依赖 | pip | |
| _weakrefset | 间接依赖 | pip | |
| os_helper | 间接依赖 | pip | |
| is_emscripten | 间接依赖 | pip | |
| _main | 间接依赖 | pip | |
| strutil | 间接依赖 | pip | |
| types-psutil | 5.9.5.17 | 间接依赖 | pip |
| UnsupportedOperation | 间接依赖 | pip | |
| CFUNCTYPE | 间接依赖 | pip | |
| sphinxcontrib-applehelp | 1.0.4 | 间接依赖 | pip |
| Mock | 间接依赖 | pip | |
| nextafter | 间接依赖 | pip | |
| import_helper | 间接依赖 | pip | |
| mimalloc | 间接依赖 | ||
| _analyzer | 间接依赖 | pip | |
| Babel | 2.13.0 | 间接依赖 | pip |
| requires_working_socket | 间接依赖 | pip | |
| warnings_helper | 间接依赖 | pip | |
| isinf | 间接依赖 | pip | |
| Pygments | 2.16.1 | 间接依赖 | pip |
| reduction | 间接依赖 | pip | |
| c_parser | 间接依赖 | pip | |
| Iterator | 间接依赖 | pip | |
| y | 间接依赖 | pip | |
| Array | 间接依赖 | pip | |
| BinaryIO | 间接依赖 | pip | |
| setuptools | 39.2.0 | 间接依赖 | pip |
| assert_python_ok | 间接依赖 | pip | |
| match_test | 间接依赖 | pip | |
| FunctionType | 间接依赖 | pip | |
| _parse_makefile | 间接依赖 | pip | |
| atan2 | 间接依赖 | pip | |
| imports_under_tool | 间接依赖 | pip | |
| color_config | 间接依赖 | pip | |
| EmailMessage | 间接依赖 | pip | |
| TESTFN_UNDECODABLE | 间接依赖 | pip | |
| TestResult | 间接依赖 | pip | |
| message_from_bytes | 间接依赖 | pip | |
| iter_files_by_suffix | 间接依赖 | pip | |
| lru_cache | 间接依赖 | pip | |
| c_char | 间接依赖 | pip | |
| Optional | 间接依赖 | pip | |
| certifi | 2023.7.22 | 间接依赖 | pip |
| BytesIO | 间接依赖 | pip | |
| Printer | 间接依赖 | pip | |
| TraversableResources | 间接依赖 | pip | |
| parameterize | 间接依赖 | pip | |
| getargs_keyword_only | 间接依赖 | pip | |
| AsyncMock | 间接依赖 | pip | |
| _Pointer | 间接依赖 | pip | |
| ExecutorTest | 间接依赖 | pip | |
| PathModuleBase | 间接依赖 | pip | |
| EnumMeta | 间接依赖 | pip | |
| sphinxcontrib-devhelp | 1.0.2 | 间接依赖 | pip |
| perf_map_state_teardown | 间接依赖 | pip | |
| captured_stdout | 间接依赖 | pip | |
| unlink | 间接依赖 | pip | |
| MISSING_C_DOCSTRINGS | 间接依赖 | pip | |
| Callable | 间接依赖 | pip | |
| INT_MIN | 间接依赖 | pip |