基础信息
项目名称:Tribler/tribler
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1752024010772455424/1752024171259109376
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| libtorrent 存在整数溢出或超界折返漏洞 | 整数溢出或环绕 | MPS-2022-14972 | 中危 | |
| configobj | ReDoS | MPS-2023-5106 | CVE-2023-26112 | 低危 |
| OpenSSL 拒绝服务漏洞 | 对因果或异常条件的不恰当检查 | MPS-7ch0-so2p | CVE-2023-5678 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| cryptography | 41.0.6 | 间接依赖 | 可选修复 | |
| libtorrent | 1.2.19 | 2.0.5 | 间接依赖 | 可选修复 |
| configobj | 5.0.8 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 16 | 低 |
| 自定义许可证 | 8 | 低 |
| Apache-2.0 | 6 | 低 |
| Unlicense | 1 | 低 |
| HPND | 1 | 低 |
| BSD-3-Clause | 1 | 低 |
| GPL-3.0 | 2 | 中 |
| Apache-2.0 OR BSD-3-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| FrameType | 间接依赖 | pip | |
| query_uri | 间接依赖 | pip | |
| open_connection | 间接依赖 | pip | |
| Boolean | 间接依赖 | pip | |
| NotifierError | 间接依赖 | pip | |
| libtorrent | 1.2.19 | 间接依赖 | pip |
| pytest-randomly | 3.15.0 | 间接依赖 | pip |
| delimiter_re | 间接依赖 | pip | |
| dataclass | 间接依赖 | pip | |
| SizeException | 间接依赖 | pip | |
| localtime | 间接依赖 | pip | |
| file-read-backwards | 3.0.0 | 间接依赖 | pip |
| strftime | 间接依赖 | pip | |
| Iterable | 间接依赖 | pip | |
| fail | 间接依赖 | pip | |
| uic | 间接依赖 | pip | |
| DatagramProtocol | 间接依赖 | pip | |
| chardet | 5.1.0 | 间接依赖 | pip |
| namedtuple | 间接依赖 | pip | |
| Source | 间接依赖 | pip | |
| Category | 间接依赖 | pip | |
| QColor | 间接依赖 | pip | |
| sphinxcontrib-openapi | 0.8.3 | 间接依赖 | pip |
| aiohttp | 3.9.0 | 间接依赖 | pip |
| patch | 间接依赖 | pip | |
| pyqtgraph | 0.12.3 | 间接依赖 | pip |
| SentryReporter | 间接依赖 | pip | |
| Qt | 间接依赖 | pip | |
| unshorten | 间接依赖 | pip | |
| all_tasks | 间接依赖 | pip | |
| bitarray | 2.7.6 | 间接依赖 | pip |
| Required | 间接依赖 | pip | |
| Protocol | 间接依赖 | pip | |
| Rule | 间接依赖 | pip | |
| CancelledError | 间接依赖 | pip | |
| ensure_future | 间接依赖 | pip | |
| b64encode | 间接依赖 | pip | |
| TorrentDef | 间接依赖 | pip | |
| RulesList | 间接依赖 | pip | |
| QFileDialog | 间接依赖 | pip | |
| unhexlify | 间接依赖 | pip | |
| Tuple | 间接依赖 | pip | |
| HTTP_REQUEST_ENTITY_TOO_LARGE | 间接依赖 | pip | |
| requirements/core-requirements.txt | 间接依赖 | pip | |
| filelock | 3.13.0 | 间接依赖 | pip |
| Enum | 间接依赖 | pip | |
| MAX_REQUEST_SIZE | 间接依赖 | pip | |
| sentry-sdk | 1.31.0 | 间接依赖 | pip |
| filter_keywords | 间接依赖 | pip | |
| QCoreApplication | 间接依赖 | pip | |
| Pillow | 10.2.0 | 间接依赖 | pip |
| deque | 间接依赖 | pip | |
| OperationalError | 间接依赖 | pip | |
| QPoint | 间接依赖 | pip | |
| Any | 间接依赖 | pip | |
| pyyaml | 6.0 | 间接依赖 | pip |
| pony | 0.7.17 | 间接依赖 | pip |
| Event | 间接依赖 | pip | |
| pytest-timeout | 2.2.0 | 间接依赖 | pip |
| coverage | 7.3.2 | 间接依赖 | pip |
| QMetaObject | 间接依赖 | pip | |
| sphinxcontrib-httpdomain | 1.8.1 | 间接依赖 | pip |
| QTimer | 间接依赖 | pip | |
| TriblerConfig | 间接依赖 | pip | |
| HTTPS_PORT | 间接依赖 | pip | |
| EXIT_NODE | 间接依赖 | pip | |
| psutil | 5.9.5 | 间接依赖 | pip |
| GUI_LOCK_FILENAME | 间接依赖 | pip | |
| b64decode | 间接依赖 | pip | |
| json_schema | 间接依赖 | pip | |
| Float | 间接依赖 | pip | |
| pygments | 2.17.2 | 间接依赖 | pip |
| Future | 间接依赖 | pip | |
| task | 间接依赖 | pip | |
| try_acquire_file_lock | 间接依赖 | pip | |
| succeed | 间接依赖 | pip | |
| events | 间接依赖 | pip | |
| SentryStrategy | 间接依赖 | pip | |
| yappi | 1.4.0 | 间接依赖 | pip |
| validate_resource | 间接依赖 | pip | |
| QUrl | 间接依赖 | pip | |
| auto | 间接依赖 | pip | |
| LibtorrentSettings | 间接依赖 | pip | |
| PeerObserver | 间接依赖 | pip | |
| Union | 间接依赖 | pip | |
| libnacl | 1.8.0 | 间接依赖 | pip |
| validate_operation | 间接依赖 | pip | |
| field | 间接依赖 | pip | |
| pytest | 7.4.3 | 间接依赖 | pip |
| RequestRejected | 间接依赖 | pip | |
| PyOpenSSL | 23.2.0 | 间接依赖 | pip |
| QEvent | 间接依赖 | pip | |
| networkx | 3.1 | 间接依赖 | pip |
| pyqtSignal | 间接依赖 | pip | |
| cmp_rank | 间接依赖 | pip | |
| marshmallow | 3.19.0 | 间接依赖 | pip |
| PyQtWebEngine | 5.15.2 | 间接依赖 | pip |
| configobj | 5.0.8 | 间接依赖 | pip |
| hexlify | 间接依赖 | pip | |
| TorrentDefNoMetainfo | 间接依赖 | pip | |
| TaskManager | 间接依赖 | pip | |
| HTTPRequestEntityTooLarge | 间接依赖 | pip | |
| find_word_and_rotate_title | 间接依赖 | pip | |
| EPOCH | 间接依赖 | pip | |
| NetworkUtils | 间接依赖 | pip | |
| extension_re | 间接依赖 | pip | |
| pytest-asyncio | 0.21.1 | 间接依赖 | pip |
| pytest-aiohttp | 1.0.5 | 间接依赖 | pip |
| Queue | 间接依赖 | pip | |
| STATEDIR_CHECKPOINT_DIR | 间接依赖 | pip | |
| QueryStat | 间接依赖 | pip | |
| QDir | 间接依赖 | pip | |
| QtCore | 间接依赖 | pip | |
| CIRCUIT_STATE_EXTENDING | 间接依赖 | pip | |
| Operation | 间接依赖 | pip | |
| db_session | 间接依赖 | pip | |
| pyipv8 | 2.12.0 | 间接依赖 | pip |
| Faker | 18.11.2 | 间接依赖 | pip |
| Iterator | 间接依赖 | pip | |
| CIRCUIT_STATE_READY | 间接依赖 | pip | |
| PyQt5 | 5.15.1 | 间接依赖 | pip |
| DownloadDefaultsSettings | 间接依赖 | pip | |
| FreePortNotFoundError | 间接依赖 | pip | |
| Network | 间接依赖 | pip | |
| NamedTuple | 间接依赖 | pip | |
| sentry_sdk | 1.31.0 | 间接依赖 | pip |
| QPainter | 间接依赖 | pip | |
| Dict | 间接依赖 | pip | |
| aiohttp_apispec | 2.2.3 | 间接依赖 | pip |
| List | 间接依赖 | pip | |
| HEALTH_FRESHNESS_SECONDS | 间接依赖 | pip | |
| Task | 间接依赖 | pip | |
| QRegion | 间接依赖 | pip | |
| HTTP_PORT | 间接依赖 | pip | |
| human-readable | 1.3.2 | 间接依赖 | pip |
| Handle | 间接依赖 | pip | |
| int2time | 间接依赖 | pip | |
| QCheckBox | 间接依赖 | pip | |
| Set | 间接依赖 | pip | |
| docs | 间接依赖 | pip | |
| timedelta | 间接依赖 | pip | |
| cryptography | 41.0.6 | 间接依赖 | pip |
| PyQt5-sip | 12.8.1 | 间接依赖 | pip |
| ipv8 | 间接依赖 | pip | |
| HTTPNotFound | 间接依赖 | pip | |
| count | 间接依赖 | pip | |
| sphinx_rtd_theme | 2.0.0 | 间接依赖 | pip |
| Callable | 间接依赖 | pip | |
| tribler_apptester | 间接依赖 | pip | |
| MissingSectionHeaderError | 间接依赖 | pip | |
| tribler | 间接依赖 | pip | |
| sphinx | 7.1.2 | 间接依赖 | pip |
| requests | 2.31.0 | 间接依赖 | pip |
| STATEDIR_CHANNELS_DIR | 间接依赖 | pip | |
| colorlog | 6.7.0 | 间接依赖 | pip |
| MagicMock | 间接依赖 | pip | |
| Optional | 间接依赖 | pip | |
| ORIGINATOR | 间接依赖 | pip | |
| QPixmap | 间接依赖 | pip | |
| ResourceType | 间接依赖 | pip | |
| lz4 | 4.3.2 | 间接依赖 | pip |
| querystring_schema | 间接依赖 | pip | |
| pylint-pytest | 1.1.7 | 间接依赖 | pip |
| FunctionType | 间接依赖 | pip | |
| get_event_loop | 间接依赖 | pip | |
| AsyncMock | 间接依赖 | pip | |
| DEFAULT_CONFIG_NAME | 间接依赖 | pip | |
| ParsingError | 间接依赖 | pip | |
| anyio | 3.7.1 | 间接依赖 | pip |
| pytest-qt | 4.2.0 | 间接依赖 | pip |
| QAction | 间接依赖 | pip | |
| pydantic | 1.10.11 | 间接依赖 | pip |
| HealthInfo | 间接依赖 | pip | |
| Notifier | 间接依赖 | pip | |
| Mock | 间接依赖 | pip |