microsoft/winget-cli 软件分析报告

基础信息

项目名称:microsoft/winget-cli

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1762444639815278592/1762444831062958080

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
LibYAML yaml_parser_scan_tag_uri 函数基于堆的缓冲区溢出漏洞 缓冲区溢出 MPS-2014-0666 CVE-2013-6393 中危
LibYAML yaml_parser_scan_uri_escapes 函数基于堆的缓冲区溢出漏洞 缓冲区溢出 MPS-2014-1502 CVE-2014-2525 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
libyaml 0.2.5 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
MIT 4
BSD-2-Clause 2
Zlib 1
BSD-3-Clause 1
JSON 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
api-ms-win-core-memory-l1-1-0.dll 间接依赖
api-ms-win-core-string-l1-1-0.dll 间接依赖
USER32.dll 间接依赖
api-ms-win-core-com-l1-1-0.dll 间接依赖
libyaml 0.2.5 间接依赖
Microsoft.Windows.ImplementationLibrary 1.0.200902.2 间接依赖 nuget
api-ms-win-core-localization-l1-2-0.dll 间接依赖
api-ms-win-core-debug-l1-1-0.dll 间接依赖
api-ms-win-core-localization-obsolete-l1-2-0.dll 间接依赖
Microsoft.Windows.ImplementationLibrary 1.0.231028.1 间接依赖 nuget
api-ms-win-core-errorhandling-l1-1-0.dll 间接依赖
api-ms-win-core-libraryloader-l1-2-1.dll 间接依赖
api-ms-win-core-registry-l1-1-1.dll 间接依赖
api-ms-win-shcore-scaling-l1-1-1.dll 间接依赖
api-ms-win-eventing-provider-l1-1-0.dll 间接依赖
api-ms-win-core-registry-l2-1-0.dll 间接依赖
api-ms-win-core-handle-l1-1-0.dll 间接依赖
api-ms-win-core-libraryloader-l1-2-0.dll 间接依赖
api-ms-win-core-delayload-l1-1-1.dll 间接依赖
Microsoft.Windows.CppWinRT 2.0.220331.4 间接依赖 nuget
api-ms-win-core-sysinfo-l1-1-0.dll 间接依赖
api-ms-win-core-processthreads-l1-1-0.dll 间接依赖
api-ms-win-core-registry-l1-1-0.dll 间接依赖
libyaml 间接依赖
api-ms-win-core-processthreads-l1-1-1.dll 间接依赖
api-ms-win-core-windowserrorreporting-l1-1-3.dll 间接依赖
api-ms-win-core-delayload-l1-1-0.dll 间接依赖
api-ms-win-core-synch-l1-1-0.dll 间接依赖
api-ms-win-crt-runtime-l1-1-0.dll 间接依赖
valijson 0.6 间接依赖
api-ms-win-core-interlocked-l1-1-0.dll 间接依赖
api-ms-win-core-string-obsolete-l1-1-0.dll 间接依赖
api-ms-win-core-heap-l1-1-0.dll 间接依赖
cpprestsdk 间接依赖
api-ms-win-core-datetime-l1-1-0.dll 间接依赖
zlib 间接依赖
directshowbaseclasses 260557 间接依赖
rapidjson 间接依赖
api-ms-win-crt-private-l1-1-0.dll 间接依赖
COMCTL32.dll 间接依赖
api-ms-win-core-file-l1-1-0.dll 间接依赖
Microsoft.Windows.ImplementationLibrary 1.0.220201.1 间接依赖 nuget
api-ms-win-crt-string-l1-1-0.dll 间接依赖
api-ms-win-core-winrt-string-l1-1-0.dll 间接依赖
api-ms-win-core-heap-obsolete-l1-1-0.dll 间接依赖
api-ms-win-core-threadpool-l1-2-0.dll 间接依赖
api-ms-win-core-heap-l2-1-0.dll 间接依赖
api-ms-win-core-profile-l1-1-0.dll 间接依赖
api-ms-win-core-largeinteger-l1-1-0.dll 间接依赖
api-ms-win-core-psapi-l1-1-0.dll 间接依赖
api-ms-win-core-processenvironment-l1-1-0.dll 间接依赖
Microsoft.Windows.CppWinRT 2.0.200117.5 间接依赖 nuget
Microsoft.Windows.CppWinRT 2.0.210503.1 间接依赖 nuget
api-ms-win-core-shlwapi-legacy-l1-1-0.dll 间接依赖
api-ms-win-core-winrt-error-l1-1-0.dll 间接依赖
valijson 间接依赖
api-ms-win-core-winrt-error-l1-1-1.dll 间接依赖
api-ms-win-core-rtlsupport-l1-1-0.dll 间接依赖
api-ms-win-security-base-l1-1-0.dll 间接依赖
Microsoft.Windows.CppWinRT 2.0.230706.1 间接依赖 nuget
api-ms-win-base-util-l1-1-0.dll 间接依赖
mscoree.dll 间接依赖
api-ms-win-shcore-obsolete-l1-1-0.dll 间接依赖
GDI32.dll 间接依赖
Microsoft.VCRTForwarders.140 1.0.5 间接依赖 nuget
api-ms-win-core-winrt-l1-1-0.dll 间接依赖
(0)
上一篇 2024年2月27日
下一篇 2024年2月27日

相关推荐

  • kishikawakatsumi/PEPhotoCropEditor 软件分析报告

    基础信息 项目名称:kishikawakatsumi/PEPhotoCropEditor 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1719480080094855168/1719480080182935552…

    软件分析 2023年11月1日
    0
  • ElemeFE/element-helper 软件分析报告

    基础信息 项目名称:ElemeFE/element-helper 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721160637299556352/1730877103287001088 此报告由Murphys…

    软件分析 2023年12月2日
    0
  • KillerCodeMonkey/ngx-quill 软件分析报告

    基础信息 项目名称:KillerCodeMonkey/ngx-quill 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1719462563163013120/1719462568540110848 此报告由Mur…

    软件分析 2023年11月1日
    0
  • cmusphinx/sphinx4 软件分析报告

    基础信息 项目名称:cmusphinx/sphinx4 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716754582704275456/1716754582750412800 此报告由Murphysec提供 …

    软件分析 2023年10月24日
    0
  • cdnbye/flutter-p2p-engine 软件分析报告

    基础信息 项目名称:cdnbye/flutter-p2p-engine 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721073696117882880/1721073696164020224 此报告由Murp…

    软件分析 2023年11月5日
    0