基础信息
项目名称:Netflix/metaflow
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1757819936428400640/1757819936617144320
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Python 安全漏洞 | ReDoS | MPS-2022-57238 | CVE-2022-40897 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| setuptools | 39.2.0 | 65.5.1 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 39 | 低 |
| MIT | 34 | 低 |
| ISC | 26 | 低 |
| CC0-1.0 | 1 | 低 |
| Apache-2.0 | 1 | 低 |
| BSD-2-Clause | 2 | 低 |
| 自定义许可证 | 4 | 低 |
| 0BSD | 1 | 低 |
| GPL-3.0-only | 1 | 低 |
| Unlicense | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| Dict | 间接依赖 | pip | |
| vega-voronoi | 4.2.2 | 间接依赖 | npm |
| cli_check | 间接依赖 | pip | |
| _ext_debug | 间接依赖 | pip | |
| vega-transforms | 4.11.0 | 间接依赖 | npm |
| from_conf | 间接依赖 | pip | |
| emoji-regex | 8.0.0 | 间接依赖 | npm |
| color-name | 1.1.4 | 间接依赖 | npm |
| vega-schema-url-parser | 2.2.0 | 间接依赖 | npm |
| makedirs | 间接依赖 | pip | |
| client | 间接依赖 | pip | |
| FunctionType | 间接依赖 | pip | |
| vega-wordcloud | 4.1.4 | 间接依赖 | npm |
| vega-typings | 1.0.1 | 间接依赖 | npm |
| color-convert | 2.0.1 | 间接依赖 | npm |
| d3-hierarchy | 3.1.2 | 间接依赖 | npm |
| is-fullwidth-code-point | 3.0.0 | 间接依赖 | npm |
| metadata_check | 间接依赖 | pip | |
| d3-quadtree | 3.0.1 | 间接依赖 | npm |
| EXT_PKG | 间接依赖 | pip | |
| yargs | 17.7.2 | 间接依赖 | npm |
| vega-regression | 1.2.0 | 间接依赖 | npm |
| d3-shape | 3.2.0 | 间接依赖 | npm |
| defaultdict | 间接依赖 | pip | |
| vega-view-transforms | 4.5.9 | 间接依赖 | npm |
| vega-tooltip | 0.33.0 | 间接依赖 | npm |
| current | 间接依赖 | pip | |
| setuptools | 39.2.0 | 间接依赖 | pip |
| get_ec2_instance_metadata | 间接依赖 | pip | |
| Flow | 间接依赖 | pip | |
| whatwg-url | 5.0.0 | 间接依赖 | npm |
| get_modules | 间接依赖 | pip | |
| DataStoreStorage | 间接依赖 | pip | |
| MethodType | 间接依赖 | pip | |
| get_docker_registry | 间接依赖 | pip | |
| MetaflowCardComponent | 间接依赖 | pip | |
| vega-util | 1.17.2 | 间接依赖 | npm |
| fast-json-patch | 3.1.1 | 间接依赖 | npm |
| Popen | 间接依赖 | pip | |
| Callable | 间接依赖 | pip | |
| DATATOOLS_SUFFIX | 间接依赖 | pip | |
| d3-force | 3.0.0 | 间接依赖 | npm |
| SERVICE_NAME | 间接依赖 | pip | |
| json-stringify-pretty-compact | 3.0.0 | 间接依赖 | npm |
| decorators | 间接依赖 | pip | |
| escalade | 3.1.1 | 间接依赖 | npm |
| metaflow | 间接依赖 | pip | |
| d3-time-format | 4.1.0 | 间接依赖 | npm |
| yallist | 4.0.0 | 间接依赖 | npm |
| d3-dsv | 3.0.1 | 间接依赖 | npm |
| @iconify/types | 2.0.0 | 间接依赖 | npm |
| vega-time | 2.1.1 | 间接依赖 | npm |
| metaflow_test | 间接依赖 | pip | |
| get_validate_choice_fn | 间接依赖 | pip | |
| y18n | 5.0.8 | 间接依赖 | npm |
| Any | 间接依赖 | pip | |
| d3-array | 3.2.4 | 间接依赖 | npm |
| CommandException | 间接依赖 | pip | |
| @types/estree | 1.0.5 | 间接依赖 | npm |
| unquote | 间接依赖 | pip | |
| d3-geo-projection | 4.0.0 | 间接依赖 | npm |
| vega-crossfilter | 4.1.1 | 间接依赖 | npm |
| vega-scale | 7.3.1 | 间接依赖 | npm |
| vega-projection | 1.6.0 | 间接依赖 | npm |
| S3Client | 间接依赖 | pip | |
| yargs-parser | 21.1.1 | 间接依赖 | npm |
| cliui | 8.0.1 | 间接依赖 | npm |
| StepDecorator | 间接依赖 | pip | |
| vega-hierarchy | 4.1.1 | 间接依赖 | npm |
| BASH_SAVE_LOGS_ARGS | 间接依赖 | pip | |
| d3-time | 3.1.0 | 间接依赖 | npm |
| @iconify/svelte | 3.1.4 | 间接依赖 | npm |
| vega-force | 4.2.0 | 间接依赖 | npm |
| _type_vars | 间接依赖 | pip | |
| vega-dataflow | 5.7.5 | 间接依赖 | npm |
| Iterator | 间接依赖 | pip | |
| d3-timer | 3.0.1 | 间接依赖 | npm |
| webidl-conversions | 3.0.1 | 间接依赖 | npm |
| MetaflowUnknownUser | 间接依赖 | pip | |
| commander | 7.2.0 | 间接依赖 | npm |
| d3-interpolate | 3.0.1 | 间接依赖 | npm |
| MetaflowException | 间接依赖 | pip | |
| config | 间接依赖 | pip | |
| DataTransferer | 间接依赖 | pip | |
| CloseAfterUse | 间接依赖 | pip | |
| vega-event-selector | 3.0.1 | 间接依赖 | npm |
| rw | 1.3.3 | 间接依赖 | npm |
| List | 间接依赖 | pip | |
| @types/geojson | 7946.0.4 | 间接依赖 | npm |
| BufferedIOBase | 间接依赖 | pip | |
| Message | 间接依赖 | pip | |
| get-caller-file | 2.0.5 | 间接依赖 | npm |
| vega | 5.26.1 | 间接依赖 | npm |
| product | 间接依赖 | pip | |
| to_bytes | 间接依赖 | pip | |
| step | 间接依赖 | pip | |
| refine | 间接依赖 | pip | |
| vega-interpreter | 1.0.5 | 间接依赖 | npm |
| MetaflowInternalError | 间接依赖 | pip | |
| svelte-vega | 2.1.0 | 间接依赖 | npm |
| urlparse | 间接依赖 | pip | |
| vega-lite | 5.16.3 | 间接依赖 | npm |
| chain | 间接依赖 | pip | |
| dict_to_cli_options | 间接依赖 | pip | |
| d3-delaunay | 6.0.4 | 间接依赖 | npm |
| ProcessPoolExecutor | 间接依赖 | pip | |
| node-fetch | 2.7.0 | 间接依赖 | npm |
| vega-parser | 6.2.1 | 间接依赖 | npm |
| delaunator | 5.0.0 | 间接依赖 | npm |
| d3-dispatch | 3.0.1 | 间接依赖 | npm |
| tslib | 2.6.2 | 间接依赖 | npm |
| DATASTORE_SYSROOT_LOCAL | 间接依赖 | pip | |
| FlowDecorator | 间接依赖 | pip | |
| ansi-regex | 5.0.1 | 间接依赖 | npm |
| vega-expression | 5.1.0 | 间接依赖 | npm |
| JSONType | 间接依赖 | pip | |
| Generator | 间接依赖 | pip | |
| vega-runtime | 6.1.4 | 间接依赖 | npm |
| MetaflowTaggingError | 间接依赖 | pip | |
| ThreadPoolExecutor | 间接依赖 | pip | |
| to_unicode | 间接依赖 | pip | |
| vega-embed | 6.23.0 | 间接依赖 | npm |
| to_pascalcase | 间接依赖 | pip | |
| vega-format | 1.1.1 | 间接依赖 | npm |
| alias_submodules | 间接依赖 | pip | |
| DATATOOLS_LOCALROOT | 间接依赖 | pip | |
| safer-buffer | 2.1.2 | 间接依赖 | npm |
| d3-color | 3.1.0 | 间接依赖 | npm |
| a | 间接依赖 | pip | |
| JSONTypeClass | 间接依赖 | pip | |
| @types/marked | 5.0.2 | 间接依赖 | npm |
| svelte-markdown | 0.4.0 | 间接依赖 | npm |
| echo_always | 间接依赖 | pip | |
| Resource | 间接依赖 | pip | |
| MAGIC_FILE | 间接依赖 | pip | |
| DATASTORE_LOCAL_DIR | 间接依赖 | pip | |
| fast-deep-equal | 3.1.3 | 间接依赖 | npm |
| internmap | 2.0.3 | 间接依赖 | npm |
| iconv-lite | 0.6.3 | 间接依赖 | npm |
| package_mfext_all | 间接依赖 | pip | |
| get_namespace | 间接依赖 | pip | |
| S3 | 间接依赖 | pip | |
| vega-label | 1.2.1 | 间接依赖 | npm |
| string-width | 4.2.3 | 间接依赖 | npm |
| resolve_cmds | 间接依赖 | pip | |
| update_delay | 间接依赖 | pip | |
| root | 间接依赖 | pip | |
| vega-canvas | 1.2.7 | 间接依赖 | npm |
| _adapters | 间接依赖 | pip | |
| groupby | 间接依赖 | pip | |
| set_should_persist | 间接依赖 | pip | |
| util | 间接依赖 | pip | |
| vega-loader | 4.5.1 | 间接依赖 | npm |
| vega-selections | 5.4.2 | 间接依赖 | npm |
| vega-scenegraph | 4.11.1 | 间接依赖 | npm |
| strip-ansi | 6.0.1 | 间接依赖 | npm |
| semver | 7.5.4 | 间接依赖 | npm |
| vega-themes | 2.14.0 | 间接依赖 | npm |
| lru-cache | 6.0.0 | 间接依赖 | npm |
| commander | 2.20.3 | 间接依赖 | npm |
| PIPE | 间接依赖 | pip | |
| AirflowTask | 间接依赖 | pip | |
| multiload_globals | 间接依赖 | pip | |
| GenericMeta | 间接依赖 | pip | |
| MetaflowCard | 间接依赖 | pip | |
| OP_CALLFUNC | 间接依赖 | pip | |
| R | 间接依赖 | pip | |
| _datastore_packageroot | 间接依赖 | pip | |
| to_fileobj | 间接依赖 | pip | |
| starmap | 间接依赖 | pip | |
| FlowSpec | 间接依赖 | pip | |
| Run | 间接依赖 | pip | |
| RawIOBase | 间接依赖 | pip | |
| wrap-ansi | 7.0.0 | 间接依赖 | npm |
| ansi-styles | 4.3.0 | 间接依赖 | npm |
| d3-geo | 3.1.0 | 间接依赖 | npm |
| robust-predicates | 3.0.2 | 间接依赖 | npm |
| tr46 | 0.0.3 | 间接依赖 | npm |
| d3-scale | 4.0.2 | 间接依赖 | npm |
| vega-view | 5.11.1 | 间接依赖 | npm |
| id_creator | 间接依赖 | pip | |
| OrderedDict | 间接依赖 | pip | |
| vega-geo | 4.4.1 | 间接依赖 | npm |
| dropwhile | 间接依赖 | pip | |
| OP_GETVAL | 间接依赖 | pip | |
| timedelta | 间接依赖 | pip | |
| topojson-client | 3.1.0 | 间接依赖 | npm |
| MessageTypes | 间接依赖 | pip | |
| MetaflowExceptionWrapper | 间接依赖 | pip | |
| vega-functions | 5.14.0 | 间接依赖 | npm |
| vega-statistics | 1.9.0 | 间接依赖 | npm |
| d3-path | 3.1.0 | 间接依赖 | npm |
| d3-format | 3.1.0 | 间接依赖 | npm |
| require-directory | 2.1.1 | 间接依赖 | npm |
| process_cmds | 间接依赖 | pip | |
| marked | 5.1.2 | 间接依赖 | npm |
| vega-encode | 4.9.2 | 间接依赖 | npm |
| islice | 间接依赖 | pip | |
| _meta | 间接依赖 | pip | |
| ObjReference | 间接依赖 | pip |