pterodactyl/panel 软件分析报告

基础信息

项目名称:pterodactyl/panel

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1758460246373928960/1758460246420066304

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
Terrafrost phpseclib 安全漏洞 不可达退出条件的循环(无限循环) MPS-2023-6867 CVE-2023-27560 高危
PSR-7 Message Implementation 安全漏洞 解释冲突 MPS-2023-9403 CVE-2023-29197 高危
Laminas Project diactoros 拒绝服务漏洞 拒绝服务 MPS-2023-9897 CVE-2023-29530 中危
AWS SDK for PHP 路径遍历漏洞 路径遍历 MPS-bhjp-2mcq CVE-2023-51651 低危
Terrafrost phpseclib 安全漏洞 过度迭代 MPS-tkgd-wrz5 CVE-2023-49316 高危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
guzzlehttp/psr7 2.4.3 2.4.5 间接依赖 建议修复
phpseclib/phpseclib 3.0.18 3.0.34 间接依赖 建议修复
aws/aws-sdk-php 3.260.1 3.288.1 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
MIT 96
LGPL-2.0 1
Apache-2.0 2
BSD-3-Clause 7
BSD-4-Clause 3
GPL-2.0 1
GPL-3.0 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
symfony/polyfill-php80 v1.27.0 间接依赖 composer
symfony/routing v6.2.5 间接依赖 composer
doctrine/dbal 3.6.0 间接依赖 composer
phpseclib/phpseclib 3.0.18 间接依赖 composer
symfony/finder v6.2.5 间接依赖 composer
phpoption/phpoption 1.9.0 间接依赖 composer
spatie/fractalistic 2.9.5 间接依赖 composer
league/flysystem 3.12.3 间接依赖 composer
graham-campbell/result-type v1.1.0 间接依赖 composer
paragonie/constant_time_encoding v2.6.3 间接依赖 composer
laravel/ui v4.2.1 间接依赖 composer
psr/container 2.0.2 间接依赖 composer
symfony/service-contracts v3.2.0 间接依赖 composer
guzzlehttp/guzzle 7.5.0 间接依赖 composer
symfony/polyfill-php72 v1.27.0 间接依赖 composer
symfony/http-kernel v6.2.6 间接依赖 composer
symfony/yaml v6.2.5 间接依赖 composer
league/fractal 0.20.1 间接依赖 composer
spatie/laravel-fractal 6.0.3 间接依赖 composer
monolog/monolog 3.3.1 间接依赖 composer
dragonmantank/cron-expression v3.3.2 间接依赖 composer
psr/cache 3.0.0 间接依赖 composer
illuminate/filesystem 间接依赖 composer
pragmarx/google2fa v8.0.1 间接依赖 composer
symfony/string v6.2.5 间接依赖 composer
psr/simple-cache 3.0.0 间接依赖 composer
symfony/translation v6.2.5 间接依赖 composer
symfony/polyfill-intl-grapheme v1.27.0 间接依赖 composer
symfony/polyfill-intl-idn v1.27.0 间接依赖 composer
symfony/polyfill-intl-normalizer v1.27.0 间接依赖 composer
league/config v1.2.0 间接依赖 composer
psr/http-factory 1.0.1 间接依赖 composer
symfony/translation-contracts v3.2.0 间接依赖 composer
symfony/http-foundation v6.2.6 间接依赖 composer
dflydev/dot-access-data v3.0.2 间接依赖 composer
illuminate/validation 间接依赖 composer
symfony/postmark-mailer v6.2.5 间接依赖 composer
fruitcake/php-cors v1.2.0 间接依赖 composer
laracasts/utilities 3.2.2 间接依赖 composer
symfony/event-dispatcher v6.2.5 间接依赖 composer
symfony/mailer v6.2.5 间接依赖 composer
aws/aws-crt-php v1.0.4 间接依赖 composer
symfony/var-dumper v6.2.5 间接依赖 composer
ramsey/collection 2.0.0 间接依赖 composer
s1lentium/iptools v1.2.0 间接依赖 composer
lcobucci/jwt 4.3.0 间接依赖 composer
symfony/event-dispatcher-contracts v3.2.0 间接依赖 composer
symfony/mailgun-mailer v6.2.5 间接依赖 composer
symfony/polyfill-mbstring v1.27.0 间接依赖 composer
composer-runtime-api 间接依赖 composer
psr/log 3.0.0 间接依赖 composer
laravel/tinker v2.8.1 间接依赖 composer
psr/event-dispatcher 1.0.0 间接依赖 composer
symfony/process v6.2.5 间接依赖 composer
psr/clock 1.0.0 间接依赖 composer
webmozart/assert 1.11.0 间接依赖 composer
prologue/alerts 1.1.0 间接依赖 composer
brick/math 0.10.2 间接依赖 composer
aws/aws-sdk-php 3.260.1 间接依赖 composer
guzzlehttp/uri-template v1.0.1 间接依赖 composer
symfony/polyfill-uuid v1.27.0 间接依赖 composer
psr/http-message 1.0.1 间接依赖 composer
guzzlehttp/psr7 2.4.3 间接依赖 composer
laravel/serializable-closure v1.3.0 间接依赖 composer
symfony/http-client v6.2.6 间接依赖 composer
nunomaduro/termwind v1.15.1 间接依赖 composer
league/flysystem-memory 3.10.3 间接依赖 composer
tijsverkoyen/css-to-inline-styles 2.2.6 间接依赖 composer
illuminate/support 间接依赖 composer
guzzlehttp/promises 1.5.2 间接依赖 composer
nette/schema v1.2.3 间接依赖 composer
league/commonmark 2.3.9 间接依赖 composer
symfony/deprecation-contracts v3.2.0 间接依赖 composer
lcobucci/clock 3.0.0 间接依赖 composer
illuminate/session 间接依赖 composer
illuminate/config 间接依赖 composer
doctrine/event-manager 2.0.0 间接依赖 composer
laravel/helpers v1.6.0 间接依赖 composer
staudenmeir/belongs-to-through v2.13 间接依赖 composer
symfony/uid v6.2.5 间接依赖 composer
laravel/framework v10.1.4 间接依赖 composer
nesbot/carbon 2.66.0 间接依赖 composer
symfony/error-handler v6.2.5 间接依赖 composer
league/flysystem-aws-s3-v3 3.12.2 间接依赖 composer
doctrine/inflector 2.0.6 间接依赖 composer
egulias/email-validator 4.0.1 间接依赖 composer
symfony/mime v6.2.5 间接依赖 composer
spatie/laravel-query-builder 5.1.2 间接依赖 composer
illuminate/database 间接依赖 composer
ramsey/uuid 4.7.3 间接依赖 composer
voku/portable-ascii 2.0.1 间接依赖 composer
predis/predis v2.1.1 间接依赖 composer
symfony/console v6.2.5 间接依赖 composer
spatie/laravel-package-tools 1.14.1 间接依赖 composer
paragonie/random_compat v9.99.100 间接依赖 composer
psy/psysh v0.11.12 间接依赖 composer
laravel/sanctum v3.2.1 间接依赖 composer
symfony/http-client-contracts v3.2.0 间接依赖 composer
symfony/polyfill-ctype v1.27.0 间接依赖 composer
hashids/hashids 5.0.2 间接依赖 composer
vlucas/phpdotenv v5.5.0 间接依赖 composer
doctrine/lexer 3.0.0 间接依赖 composer
nikic/php-parser v4.15.3 间接依赖 composer
illuminate/console 间接依赖 composer
psr/http-client 1.0.1 间接依赖 composer
doctrine/cache 2.2.0 间接依赖 composer
matriphe/iso-639 1.2 间接依赖 composer
illuminate/http 间接依赖 composer
symfony/css-selector v6.2.5 间接依赖 composer
league/mime-type-detection 1.11.0 间接依赖 composer
doctrine/deprecations v1.0.0 间接依赖 composer
ralouphie/getallheaders 3.0.3 间接依赖 composer
mtdowling/jmespath.php 2.6.1 间接依赖 composer
illuminate/contracts 间接依赖 composer
(0)
上一篇 2024年2月16日
下一篇 2024年2月16日

相关推荐

  • elceef/dnstwist 软件分析报告

    基础信息 项目名称:elceef/dnstwist 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1717419126007922688/1717419126041477120 此报告由Murphysec提供 漏洞…

    软件分析 2023年10月26日
    0
  • gocolly/colly 软件分析报告

    基础信息 项目名称:gocolly/colly 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721229818321768448/1723554592074977280 此报告由Murphysec提供 漏洞列表…

    软件分析 2023年11月12日
    0
  • openzipkin/brave 软件分析报告

    基础信息 项目名称:openzipkin/brave 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1762886980521914368/1762886998607753216 此报告由Murphysec提供 漏…

    软件分析 2024年2月29日
    0
  • YadiraF/PRNet 软件分析报告

    基础信息 项目名称:YadiraF/PRNet 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1729911856317292544/1729911856694779904 此报告由Murphysec提供 漏洞列表…

    软件分析 2023年11月30日
    0
  • garronej/ts-ci 软件分析报告

    基础信息 项目名称:garronej/ts-ci 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718036392709849088/1718036392915369984 此报告由Murphysec提供 漏洞列…

    软件分析 2023年10月28日
    0