基础信息
项目名称:microsoft/winget-cli
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1762444639815278592/1762444831062958080
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| LibYAML yaml_parser_scan_tag_uri 函数基于堆的缓冲区溢出漏洞 | 缓冲区溢出 | MPS-2014-0666 | CVE-2013-6393 | 中危 |
| LibYAML yaml_parser_scan_uri_escapes 函数基于堆的缓冲区溢出漏洞 | 缓冲区溢出 | MPS-2014-1502 | CVE-2014-2525 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| libyaml | 0.2.5 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 4 | 低 |
| BSD-2-Clause | 2 | 低 |
| Zlib | 1 | 低 |
| BSD-3-Clause | 1 | 低 |
| JSON | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| api-ms-win-core-memory-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-string-l1-1-0.dll | 间接依赖 | ||
| USER32.dll | 间接依赖 | ||
| api-ms-win-core-com-l1-1-0.dll | 间接依赖 | ||
| libyaml | 0.2.5 | 间接依赖 | |
| Microsoft.Windows.ImplementationLibrary | 1.0.200902.2 | 间接依赖 | nuget |
| api-ms-win-core-localization-l1-2-0.dll | 间接依赖 | ||
| api-ms-win-core-debug-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-localization-obsolete-l1-2-0.dll | 间接依赖 | ||
| Microsoft.Windows.ImplementationLibrary | 1.0.231028.1 | 间接依赖 | nuget |
| api-ms-win-core-errorhandling-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-libraryloader-l1-2-1.dll | 间接依赖 | ||
| api-ms-win-core-registry-l1-1-1.dll | 间接依赖 | ||
| api-ms-win-shcore-scaling-l1-1-1.dll | 间接依赖 | ||
| api-ms-win-eventing-provider-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-registry-l2-1-0.dll | 间接依赖 | ||
| api-ms-win-core-handle-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-libraryloader-l1-2-0.dll | 间接依赖 | ||
| api-ms-win-core-delayload-l1-1-1.dll | 间接依赖 | ||
| Microsoft.Windows.CppWinRT | 2.0.220331.4 | 间接依赖 | nuget |
| api-ms-win-core-sysinfo-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-processthreads-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-registry-l1-1-0.dll | 间接依赖 | ||
| libyaml | 间接依赖 | ||
| api-ms-win-core-processthreads-l1-1-1.dll | 间接依赖 | ||
| api-ms-win-core-windowserrorreporting-l1-1-3.dll | 间接依赖 | ||
| api-ms-win-core-delayload-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-synch-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-crt-runtime-l1-1-0.dll | 间接依赖 | ||
| valijson | 0.6 | 间接依赖 | |
| api-ms-win-core-interlocked-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-string-obsolete-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-heap-l1-1-0.dll | 间接依赖 | ||
| cpprestsdk | 间接依赖 | ||
| api-ms-win-core-datetime-l1-1-0.dll | 间接依赖 | ||
| zlib | 间接依赖 | ||
| directshowbaseclasses | 260557 | 间接依赖 | |
| rapidjson | 间接依赖 | ||
| api-ms-win-crt-private-l1-1-0.dll | 间接依赖 | ||
| COMCTL32.dll | 间接依赖 | ||
| api-ms-win-core-file-l1-1-0.dll | 间接依赖 | ||
| Microsoft.Windows.ImplementationLibrary | 1.0.220201.1 | 间接依赖 | nuget |
| api-ms-win-crt-string-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-winrt-string-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-heap-obsolete-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-threadpool-l1-2-0.dll | 间接依赖 | ||
| api-ms-win-core-heap-l2-1-0.dll | 间接依赖 | ||
| api-ms-win-core-profile-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-largeinteger-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-psapi-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-processenvironment-l1-1-0.dll | 间接依赖 | ||
| Microsoft.Windows.CppWinRT | 2.0.200117.5 | 间接依赖 | nuget |
| Microsoft.Windows.CppWinRT | 2.0.210503.1 | 间接依赖 | nuget |
| api-ms-win-core-shlwapi-legacy-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-core-winrt-error-l1-1-0.dll | 间接依赖 | ||
| valijson | 间接依赖 | ||
| api-ms-win-core-winrt-error-l1-1-1.dll | 间接依赖 | ||
| api-ms-win-core-rtlsupport-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-security-base-l1-1-0.dll | 间接依赖 | ||
| Microsoft.Windows.CppWinRT | 2.0.230706.1 | 间接依赖 | nuget |
| api-ms-win-base-util-l1-1-0.dll | 间接依赖 | ||
| mscoree.dll | 间接依赖 | ||
| api-ms-win-shcore-obsolete-l1-1-0.dll | 间接依赖 | ||
| GDI32.dll | 间接依赖 | ||
| Microsoft.VCRTForwarders.140 | 1.0.5 | 间接依赖 | nuget |
| api-ms-win-core-winrt-l1-1-0.dll | 间接依赖 |