基础信息
项目名称:wazuh/wazuh
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1757245789465255936/1757245789586890752
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| NumPy 代码问题漏洞 | 空指针取消引用 | MPS-2021-32278 | CVE-2021-41495 | 中危 |
| OpenSSL 拒绝服务漏洞 | 对因果或异常条件的不恰当检查 | MPS-7ch0-so2p | CVE-2023-5678 | 中危 |
| aiohttp 路径遍历漏洞 | 路径遍历 | MPS-rxvm-9042 | CVE-2024-23334 | 高危 |
| python-cryptography 安全漏洞 | 通过时间差异性导致的信息暴露 | MPS-tf9k-xu02 | CVE-2023-50782 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| cryptography | 41.0.7 | 间接依赖 | 可选修复 | |
| numpy | 1.26.0 | 间接依赖 | 可选修复 | |
| aiohttp | 3.9.1 | 3.9.2 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 33 | 低 |
| MIT License | 3 | 低 |
| Apache-2.0 | 30 | 低 |
| BSD-3-Clause | 9 | 低 |
| MPL-2.0 | 2 | 低 |
| Apache License 2.0 | 5 | 低 |
| 自定义许可证 | 6 | 低 |
| BSD-2-Clause | 4 | 低 |
| Apache-2.0 OR MIT | 1 | 低 |
| Public Domain | 1 | 低 |
| LGPL-2.1-only | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| mypy-extensions | 0.4.3 | 间接依赖 | pip |
| uvloop | 0.17.0 | 间接依赖 | pip |
| PyJWT | 2.8.0 | 间接依赖 | pip |
| cffi | 1.15.1 | 间接依赖 | pip |
| aiosignal | 1.2.0 | 间接依赖 | pip |
| importlib-metadata | 3.10.1 | 间接依赖 | pip |
| MarkupSafe | 2.1.2 | 间接依赖 | pip |
| certifi | 2023.7.22 | 间接依赖 | pip |
| charset-normalizer | 2.0.4 | 间接依赖 | pip |
| get_api_health | 间接依赖 | pip | |
| jmespath | 0.9.5 | 间接依赖 | pip |
| s3transfer | 0.4.2 | 间接依赖 | pip |
| python-dateutil | 2.8.1 | 间接依赖 | pip |
| packaging | 20.9 | 间接依赖 | pip |
| pyparsing | 2.4.7 | 间接依赖 | pip |
| google-cloud-storage | 1.39.0 | 间接依赖 | pip |
| docker | 6.0.0 | 间接依赖 | pip |
| jsonschema | 4.17.3 | 间接依赖 | pip |
| aiohttp-jinja2 | 1.5.1 | 间接依赖 | pip |
| requests | 2.31.0 | 间接依赖 | pip |
| google-api-core | 1.30.0 | 间接依赖 | pip |
| six | 1.16.0 | 间接依赖 | pip |
| aiohttp-cache | 2.2.0 | 间接依赖 | pip |
| flatbuffers | 23.5.26 | 间接依赖 | pip |
| py | 1.11.0 | 间接依赖 | pip |
| more-itertools | 8.2.0 | 间接依赖 | pip |
| libcst | 0.3.20 | 间接依赖 | pip |
| pyasn1 | 0.4.8 | 间接依赖 | pip |
| google-cloud-pubsub | 2.7.1 | 间接依赖 | pip |
| KERNEL32.dll | 间接依赖 | ||
| azure-storage-blob | 2.1.0 | 间接依赖 | pip |
| Werkzeug | 2.2.3 | 间接依赖 | pip |
| asn1crypto | 1.3.0 | 间接依赖 | pip |
| google-cloud-core | 1.7.1 | 间接依赖 | pip |
| numpy | 1.26.0 | 间接依赖 | pip |
| python-json-logger | 2.0.2 | 间接依赖 | pip |
| pytest | 7.2.2 | 间接依赖 | pip |
| SQLAlchemy | 2.0.23 | 间接依赖 | pip |
| remove_file | 间接依赖 | pip | |
| protobuf | 3.19.6 | 间接依赖 | pip |
| Cython | 0.29.21 | 间接依赖 | pip |
| proto-plus | 1.19.0 | 间接依赖 | pip |
| botocore | 1.20.85 | 间接依赖 | pip |
| connexion | 2.14.2 | 间接依赖 | pip |
| get_agent_health_base | 间接依赖 | pip | |
| pytest-asyncio | 0.18.1 | 间接依赖 | pip |
| greenlet | 2.0.2 | 间接依赖 | pip |
| pytest-aiohttp | 1.0.4 | 间接依赖 | pip |
| urllib3 | 1.26.18 | 间接依赖 | pip |
| xmltodict | 0.12.0 | 间接依赖 | pip |
| psutil | 5.9.0 | 间接依赖 | pip |
| defusedxml | 0.6.0 | 间接依赖 | pip |
| inflection | 0.3.1 | 间接依赖 | pip |
| google-auth | 1.28.0 | 间接依赖 | pip |
| async-timeout | 4.0.2 | 间接依赖 | pip |
| Jinja2 | 3.1.3 | 间接依赖 | pip |
| check | 间接依赖 | pip | |
| pytest-trio | 0.7.0 | 间接依赖 | pip |
| freezegun | 0.3.15 | 间接依赖 | pip |
| pathlib | 1.0.1 | 间接依赖 | pip |
| pyasn1-modules | 0.2.8 | 间接依赖 | pip |
| googleapis-common-protos | 1.51.0 | 间接依赖 | pip |
| google-crc32c | 1.1.2 | 间接依赖 | pip |
| websocket-client | 0.57.0 | 间接依赖 | pip |
| cachetools | 4.1.0 | 间接依赖 | pip |
| attrs | 20.3.0 | 间接依赖 | pip |
| clickclick | 20.10.2 | 间接依赖 | pip |
| secure | 0.2.1 | 间接依赖 | pip |
| typing-inspect | 0.7.1 | 间接依赖 | pip |
| wget | 3.2 | 间接依赖 | pip |
| pycparser | 2.21 | 间接依赖 | pip |
| jsonschema | 2.6.0 | 间接依赖 | pip |
| click | 8.1.3 | 间接依赖 | pip |
| idna | 2.9 | 间接依赖 | pip |
| grpcio | 1.58.0 | 间接依赖 | pip |
| future | 0.18.3 | 间接依赖 | pip |
| tabulate | 0.8.9 | 间接依赖 | pip |
| envparse | 0.2.0 | 间接依赖 | pip |
| grpc-google-iam-v1 | 0.12.3 | 间接依赖 | pip |
| aioredis | 1.3.1 | 间接依赖 | pip |
| pytest-html | 2.1.1 | 间接依赖 | pip |
| AsyncMock | 间接依赖 | pip | |
| typing-extensions | 4.5.0 | 间接依赖 | pip |
| rsa | 4.7.2 | 间接依赖 | pip |
| docker-pycreds | 0.4.0 | 间接依赖 | pip |
| itsdangerous | 2.0.0 | 间接依赖 | pip |
| yarl | 1.7.0 | 间接依赖 | pip |
| PyYAML | 5.4.1 | 间接依赖 | pip |
| azure-common | 1.1.25 | 间接依赖 | pip |
| tavern | 1.23.5 | 间接依赖 | pip |
| wazuh | 间接依赖 | pip | |
| busybox | 间接依赖 | ||
| azure-storage-common | 2.1.0 | 间接依赖 | pip |
| boto3 | 1.17.85 | 间接依赖 | pip |
| get_manager_health_base | 间接依赖 | pip | |
| zipp | 3.3.2 | 间接依赖 | pip |
| aiohttp-cors | 0.7.0 | 间接依赖 | pip |
| patch | 间接依赖 | pip | |
| multidict | 5.2.0 | 间接依赖 | pip |
| frozenlist | 1.2.0 | 间接依赖 | pip |
| chardet | 3.0.4 | 间接依赖 | pip |
| pytz | 2020.1 | 间接依赖 | pip |
| aiohttp | 3.9.1 | 间接依赖 | pip |
| docutils | 0.15.2 | 间接依赖 | pip |
| Flask | 2.2.5 | 间接依赖 | pip |
| openapi-spec-validator | 0.2.6 | 间接依赖 | pip |
| google-resumable-media | 1.3.1 | 间接依赖 | pip |
| pyarrow | 14.0.1 | 间接依赖 | pip |
| hiredis | 2.2.3 | 间接依赖 | pip |
| cryptography | 41.0.7 | 间接依赖 | pip |
| pytest | 7.3.1 | 间接依赖 | pip |