基础信息
项目名称:sumatrapdfreader/sumatrapdf
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1752024763761700864/1752024851770781696
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| pigz 竞争条件漏洞 | 权限、特权和访问控制 | MPS-2014-2118 | CVE-2013-0296 | 中危 |
| pigz 目录遍历漏洞 | 路径遍历 | MPS-2015-0531 | CVE-2015-1191 | 中危 |
| OpenCV 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2017-14553 | CVE-2017-17760 | 中危 |
| OpenCV 安全漏洞 | 双重释放 | MPS-2017-3892 | CVE-2016-1516 | 高危 |
| OpenCV 输入验证漏洞 | 输入验证不恰当 | MPS-2017-3893 | CVE-2016-1517 | 中危 |
| Silicon Graphics LibTIFF 安全漏洞 | 越界读取 | MPS-2017-5747 | CVE-2017-9147 | 中危 |
| OpenCV 安全漏洞 | 越界写入 | MPS-2017-8482 | CVE-2017-12597 | 高危 |
| OpenCV 安全漏洞 | 越界读取 | MPS-2017-8483 | CVE-2017-12598 | 高危 |
| OpenCV 安全漏洞 | 越界读取 | MPS-2017-8484 | CVE-2017-12599 | 高危 |
| OpenCV 安全漏洞 | 拒绝服务 | MPS-2017-8485 | CVE-2017-12600 | 高危 |
| OpenCV 缓冲区错误漏洞 | 经典缓冲区溢出 | MPS-2017-8486 | CVE-2017-12601 | 高危 |
| OpenCV 安全漏洞 | 拒绝服务 | MPS-2017-8487 | CVE-2017-12602 | 高危 |
| OpenCV 缓冲区错误漏洞 | 越界写入 | MPS-2017-8488 | CVE-2017-12603 | 高危 |
| OpenCV 安全漏洞 | 越界写入 | MPS-2017-8489 | CVE-2017-12604 | 高危 |
| OpenCV 安全漏洞 | 越界写入 | MPS-2017-8490 | CVE-2017-12605 | 高危 |
| OpenCV 安全漏洞 | 越界写入 | MPS-2017-8491 | CVE-2017-12606 | 高危 |
| OpenCV 安全漏洞 | 越界写入 | MPS-2017-9146 | CVE-2017-12862 | 高危 |
| OpenCV 数字错误漏洞 | 整数溢出或环绕 | MPS-2017-9147 | CVE-2017-12863 | 高危 |
| OpenCV 数字错误漏洞 | 整数溢出或环绕 | MPS-2017-9148 | CVE-2017-12864 | 高危 |
| OpenCV 安全漏洞 | 越界写入 | MPS-2017-9891 | CVE-2017-14136 | 中危 |
| OpenCV 缓冲区错误漏洞 | 越界读取 | MPS-2018-0005 | CVE-2017-18009 | 高危 |
| Opencv 数字错误漏洞 | 整数溢出或环绕 | MPS-2018-0025 | CVE-2017-1000450 | 高危 |
| OpenCV 缓冲区错误漏洞 | 越界写入 | MPS-2018-0212 | CVE-2018-5268 | 中危 |
| OpenCV 安全漏洞 | 可达断言 | MPS-2018-0213 | CVE-2018-5269 | 中危 |
| Lua 资源管理错误漏洞 | UAF | MPS-2019-0958 | CVE-2019-6706 | 高危 |
| OpenCV 数字错误漏洞 | 除零错误 | MPS-2019-11014 | CVE-2019-15939 | 中危 |
| OpenCV 缓冲区错误漏洞 | 越界读取 | MPS-2019-11421 | CVE-2019-16249 | 中危 |
| OpenCV 缓冲区错误漏洞 | 越界读取 | MPS-2019-15873 | CVE-2019-19624 | 中危 |
| node-opencv 操作系统命令注入漏洞 | OS命令注入 | MPS-2019-2986 | CVE-2019-10061 | 严重 |
| OpenCV 缓冲区错误漏洞 | 越界读取 | MPS-2019-9066 | CVE-2019-14491 | 高危 |
| OpenCV 缓冲区错误漏洞 | 越界写入 | MPS-2019-9067 | CVE-2019-14492 | 高危 |
| OpenCV 代码问题漏洞 | 空指针取消引用 | MPS-2019-9068 | CVE-2019-14493 | 高危 |
| OpenCV 缓冲区错误漏洞 | 越界写入 | MPS-2020-0084 | CVE-2019-5063 | 高危 |
| OpenCV 缓冲区错误漏洞 | 越界写入 | MPS-2020-0085 | CVE-2019-5064 | 高危 |
| Lua 资源管理错误漏洞 | 越界写入 | MPS-2020-10733 | CVE-2020-15888 | 高危 |
| Lua 缓冲区错误漏洞 | 越界读取 | MPS-2020-10734 | CVE-2020-15889 | 严重 |
| Lua 安全漏洞 | MPS-2020-10861 | CVE-2020-15945 | 中危 | |
| Lua 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2020-11559 | CVE-2020-24342 | 高危 |
| Lua 代码问题漏洞 | 空指针取消引用 | MPS-2020-11623 | CVE-2020-24369 | 高危 |
| Lua 数字错误漏洞 | 超界折返 | MPS-2020-11624 | CVE-2020-24370 | 中危 |
| Lua 安全漏洞 | 对无效指针或索引的释放 | MPS-2020-11625 | CVE-2020-24371 | 中危 |
| Lua 缓冲区错误漏洞 | 未经控制的递归 | MPS-2021-35333 | CVE-2021-43519 | 中危 |
| Lua 安全漏洞 | UAF | MPS-2021-38463 | CVE-2021-44964 | 中危 |
| Lua 缓冲区错误漏洞 | 越界写入 | MPS-2022-0033 | CVE-2021-45985 | 高危 |
| Lua 安全漏洞 | 越界写入 | MPS-2022-18230 | CVE-2022-33099 | 高危 |
| Lua 缓冲区错误漏洞 | 越界读取 | MPS-2022-7875 | CVE-2022-28805 | 严重 |
| OpenCV 代码问题漏洞 | 空指针取消引用 | MPS-r2m7-x6z0 | CVE-2023-2617 | 高危 |
| OpenCV 安全漏洞 | 内存泄漏 | MPS-t7yp-ev9j | CVE-2023-2618 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| lua | 5.3.5 | 间接依赖 | 建议修复 | |
| opencv | 2.4.13.7 | 间接依赖 | 建议修复 | |
| pigz | 2.3 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 50 | 低 |
| Zlib | 3 | 低 |
| Apache-2.0 | 10 | 低 |
| CC0-1.0 | 1 | 低 |
| BSD-3-Clause | 9 | 低 |
| ISC | 4 | 低 |
| zlib | 1 | 低 |
| BSD-2-Clause | 4 | 低 |
| GPLv2 | 2 | 中 |
| GPLv2+ | 1 | 中 |
| LGPLv2+ | 1 | 中 |
| Public Domain | 1 | 低 |
| BSD with advertising | 1 | 低 |
| GPL-3.0-or-later | 1 | 低 |
| LGPL-3.0-only | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| @nodelib/fs.stat | 2.0.5 | 间接依赖 | npm |
| api-ms-win-core-handle-l1-1-0.dll | 间接依赖 | ||
| github.com/wailsapp/go-webview2 | v1.0.8 | 间接依赖 | go |
| fast-glob | 3.2.11 | 直接依赖 | npm |
| zlib-ng | 2.0.2 | 间接依赖 | |
| github.com/valyala/fasttemplate | v1.2.2 | 间接依赖 | go |
| api-ms-win-core-synch-l1-2-0.dll | 间接依赖 | ||
| github.com/tkrajina/go-reflector | v0.5.6 | 间接依赖 | go |
| api-ms-win-core-processenvironment-l1-1-0.dll | 间接依赖 | ||
| github.com/rodrigocfd/windigo | v0.0.0-20230809154420-8faa606d9f5f | 直接依赖 | go |
| parg | 1.0.2 | 间接依赖 | |
| github.com/mattn/go-isatty | v0.0.19 | 间接依赖 | go |
| api-ms-win-crt-runtime-l1-1-0.dll | 间接依赖 | ||
| VCRUNTIME140.dll | 间接依赖 | ||
| is-number | 7.0.0 | 间接依赖 | npm |
| to-regex-range | 5.0.1 | 间接依赖 | npm |
| github.com/leaanthony/gosod | v1.0.3 | 间接依赖 | go |
| github.com/dustin/go-humanize | v1.0.1 | 间接依赖 | go |
| github.com/mattn/go-colorable | v0.1.13 | 间接依赖 | go |
| api-ms-win-crt-heap-l1-1-0.dll | 间接依赖 | ||
| gopkg.in/ini.v1 | v1.67.0 | 间接依赖 | go |
| OpenDDS | 间接依赖 | ||
| CRYPT32.dll | 间接依赖 | ||
| github.com/mitchellh/go-homedir | v1.1.0 | 间接依赖 | go |
| api-ms-win-core-winrt-string-l1-1-0.dll | 间接依赖 | ||
| golang.org/x/crypto | v0.17.0 | 间接依赖 | go |
| github.com/samber/lo | v1.38.1 | 间接依赖 | go |
| github.com/wailsapp/mimetype | v1.4.1 | 间接依赖 | go |
| api-ms-win-core-file-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-registry-l1-1-0.dll | 间接依赖 | ||
| github.com/kjk/u | v0.0.0-20220410204605-ce4a95db4475 | 直接依赖 | go |
| run-parallel | 1.2.0 | 间接依赖 | npm |
| lua | 5.3.5 | 间接依赖 | |
| api-ms-win-core-errorhandling-l1-1-0.dll | 间接依赖 | ||
| @nodelib/fs.scandir | 2.1.5 | 间接依赖 | npm |
| MSVCRT.dll | 间接依赖 | ||
| github.com/minio/minio-go/v6 | v6.0.57 | 间接依赖 | go |
| github.com/jchv/go-winloader | v0.0.0-20210711035445-715c2860da7e | 间接依赖 | go |
| github.com/wailsapp/wails/v2 | v2.6.0 | 直接依赖 | go |
| USER32.dll | 间接依赖 | ||
| ole32.dll | 间接依赖 | ||
| msvcrt.dll | 间接依赖 | ||
| github.com/klauspost/cpuid/v2 | v2.2.5 | 间接依赖 | go |
| github.com/minio/minio-go/v7 | v7.0.63 | 间接依赖 | go |
| golang.org/x/exp | v0.0.0-20231006140011-7918f672742d | 直接依赖 | go |
| api-ms-win-core-localization-l1-2-0.dll | 间接依赖 | ||
| github.com/sirupsen/logrus | v1.9.3 | 间接依赖 | go |
| github.com/kjk/common | v0.0.0-20231002223317-7760ee96eb8e | 直接依赖 | go |
| braces | 3.0.2 | 间接依赖 | npm |
| github.com/rivo/uniseg | v0.4.4 | 间接依赖 | go |
| github.com/leaanthony/slicer | v1.6.0 | 间接依赖 | go |
| api-ms-win-core-libraryloader-l1-2-0.dll | 间接依赖 | ||
| zlib | 间接依赖 | ||
| api-ms-win-crt-string-l1-1-0.dll | 间接依赖 | ||
| github.com/kjk/minioutil | v0.0.0-20230422073834-96945ac7e481 | 直接依赖 | go |
| github.com/json-iterator/go | v1.1.12 | 间接依赖 | go |
| readthedocs-sphinx-search | 0.3.2 | 间接依赖 | pip |
| sphinx | 5.3.0 | 间接依赖 | pip |
| github.com/go-ole/go-ole | v1.3.0 | 间接依赖 | go |
| is-glob | 4.0.3 | 间接依赖 | npm |
| golang.org/x/text | v0.14.0 | 间接依赖 | go |
| fastq | 1.13.0 | 间接依赖 | npm |
| furo | 2023.03.27 | 间接依赖 | pip |
| queue-microtask | 1.2.3 | 间接依赖 | npm |
| pigz | 2.3 | 间接依赖 | |
| github.com/pkg/errors | v0.9.1 | 间接依赖 | go |
| api-ms-win-core-winrt-error-l1-1-0.dll | 间接依赖 | ||
| micromatch | 4.0.4 | 间接依赖 | npm |
| api-ms-win-shcore-stream-winrt-l1-1-0.dll | 间接依赖 | ||
| busybox | 间接依赖 | ||
| api-ms-win-core-synch-l1-1-0.dll | 间接依赖 | ||
| sphinx_rtd_theme | 1.1.1 | 间接依赖 | pip |
| mscoree.dll | 间接依赖 | ||
| github.com/leaanthony/go-ansi-parser | v1.6.1 | 间接依赖 | go |
| util-linux | 间接依赖 | ||
| github.com/rs/xid | v1.5.0 | 间接依赖 | go |
| github.com/rodrigocfd/windigo | v0.0.0-20230404011343-49bfda936fb0 | 间接依赖 | go |
| pdfjs-dist | 2.13.216 | 直接依赖 | npm |
| VCRUNTIME140_1.dll | 间接依赖 | ||
| golang.org/x/sys | v0.15.0 | 间接依赖 | go |
| dav1d | 间接依赖 | ||
| @nodelib/fs.walk | 1.2.8 | 间接依赖 | npm |
| api-ms-win-core-util-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-debug-l1-1-0.dll | 间接依赖 | ||
| github.com/klauspost/compress | v1.17.0 | 间接依赖 | go |
| merge2 | 1.4.1 | 间接依赖 | npm |
| api-ms-win-core-com-l1-1-0.dll | 间接依赖 | ||
| reusify | 1.0.4 | 间接依赖 | npm |
| fill-range | 7.0.1 | 间接依赖 | npm |
| KERNEL32.dll | 间接依赖 | ||
| api-ms-win-core-libraryloader-l1-2-1.dll | 间接依赖 | ||
| github.com/labstack/gommon | v0.4.0 | 间接依赖 | go |
| github.com/bep/debounce | v1.2.1 | 间接依赖 | go |
| WS2_32.dll | 间接依赖 | ||
| github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | 间接依赖 | go |
| VERSION.dll | 间接依赖 | ||
| github.com/google/uuid | v1.3.1 | 间接依赖 | go |
| sdl_ttf | 间接依赖 | ||
| api-ms-win-crt-stdio-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-interlocked-l1-1-0.dll | 间接依赖 | ||
| cimg | 间接依赖 | ||
| is-extglob | 2.1.1 | 间接依赖 | npm |
| github.com/minio/md5-simd | v1.1.2 | 间接依赖 | go |
| api-ms-win-core-string-l1-1-0.dll | 间接依赖 | ||
| github.com/modern-go/reflect2 | v1.0.2 | 间接依赖 | go |
| lcms | 间接依赖 | ||
| github.com/kjk/atomicfile | v0.0.0-20220410204726-989ae30d2b66 | 间接依赖 | go |
| web-streams-polyfill | 3.2.0 | 间接依赖 | npm |
| api-ms-win-core-heap-l1-1-0.dll | 间接依赖 | ||
| github.com/andybalholm/brotli | v1.0.5 | 间接依赖 | go |
| libheif | 间接依赖 | ||
| github.com/pkg/browser | v0.0.0-20210911075715-681adbf594b8 | 间接依赖 | go |
| github.com/labstack/echo/v4 | v4.11.2 | 间接依赖 | go |
| ADVAPI32.dll | 间接依赖 | ||
| api-ms-win-core-processthreads-l1-1-0.dll | 间接依赖 | ||
| picomatch | 2.3.1 | 间接依赖 | npm |
| glob-parent | 5.1.2 | 间接依赖 | npm |
| golang.org/x/net | v0.17.0 | 间接依赖 | go |
| github.com/minio/sha256-simd | v1.0.1 | 间接依赖 | go |
| opencv | 2.4.13.7 | 间接依赖 | |
| github.com/valyala/bytebufferpool | v1.0.0 | 间接依赖 | go |
| api-ms-win-crt-convert-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-errorhandling-l1-1-2.dll | 间接依赖 | ||
| MSVCP140.dll | 间接依赖 |