基础信息
项目名称:nccgroup/ScoutSuite
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1762535135346630656/1762535184730365952
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| grpc不加限制或调节的资源分配漏洞 | 过度迭代 | MPS-7ht6-lm4j | CVE-2023-33953 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| grpcio | 1.18.0 | 1.53.2 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 22 | 低 |
| Apache License 2.0 | 4 | 低 |
| MIT License | 10 | 低 |
| MIT | 8 | 低 |
| GPL-2.0 | 1 | 中 |
| BSD-2-Clause | 2 | 低 |
| 自定义许可证 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| get_actions_from_statement | 间接依赖 | pip | |
| google-cloud-container | 2.1.0 | 间接依赖 | pip |
| grpcio | 1.18.0 | 间接依赖 | pip |
| oci | 2.2.4 | 间接依赖 | pip |
| aliyun-python-sdk-sts | 3.0.1 | 间接依赖 | pip |
| print_warning | 间接依赖 | pip | |
| google-cloud-logging | 2.2.0 | 间接依赖 | pip |
| DEFAULT_REPORT_DIRECTORY | 间接依赖 | pip | |
| KubernetesCredentials | 间接依赖 | pip | |
| azure-mgmt-compute | 18.2.0 | 间接依赖 | pip |
| MagicMock | 间接依赖 | pip | |
| patch | 间接依赖 | pip | |
| aliyun-python-sdk-kms | 2.6.0 | 间接依赖 | pip |
| google-cloud-kms | 1.3.0 | 间接依赖 | pip |
| azure-mgmt-resource | 15.0.0 | 间接依赖 | pip |
| aliyunsdkrds | 间接依赖 | pip | |
| msgraph-core | 0.2.2 | 间接依赖 | pip |
| azure-mgmt-monitor | 2.0.0 | 间接依赖 | pip |
| aliyun-python-sdk-ecs | 4.16.10 | 间接依赖 | pip |
| _expand_wildcard_action | 间接依赖 | pip | |
| google-cloud-resource-manager | 0.28.3 | 间接依赖 | pip |
| azure-mgmt-storage | 16.0.0 | 间接依赖 | pip |
| azure-mgmt-rdbms | 8.0.0 | 间接依赖 | pip |
| google-cloud-core | 0.29.1 | 间接依赖 | pip |
| azure-mgmt-web | 1.0.0 | 间接依赖 | pip |
| azure-mgmt-keyvault | 8.0.0 | 间接依赖 | pip |
| get_and_set_concurrently | 间接依赖 | pip | |
| azure-mgmt-network | 17.1.0 | 间接依赖 | pip |
| google-api-python-client | 2.47.0 | 间接依赖 | pip |
| ScoutSuite | 间接依赖 | pip | |
| print_debug | 间接依赖 | pip | |
| map_concurrently | 间接依赖 | pip | |
| azure-identity | 1.5.0 | 间接依赖 | pip |
| run_concurrently | 间接依赖 | pip | |
| config | 间接依赖 | pip | |
| aliyun-python-sdk-vpc | 3.0.5 | 间接依赖 | pip |
| AuthenticationStrategy | 间接依赖 | pip | |
| sqlitedict | 1.6.0 | 间接依赖 | pip |
| AzureCliCredential | 间接依赖 | pip | |
| coloredlogs | 10.0 | 间接依赖 | pip |
| print_info | 间接依赖 | pip | |
| oauth2client | 4.1.3 | 间接依赖 | pip |
| netaddr | 0.8.0 | 间接依赖 | pip |
| google-cloud-monitoring | 1.1.0 | 间接依赖 | pip |
| ClusterProvider | 间接依赖 | pip | |
| prompt_overwrite | 间接依赖 | pip | |
| google-cloud-storage | 1.13.2 | 间接依赖 | pip |
| 间接依赖 | pip | ||
| azure-mgmt-sql | 1.0.0 | 间接依赖 | pip |
| aliyun-python-sdk-ocs | 0.0.4 | 间接依赖 | pip |
| UsernamePasswordCredential | 间接依赖 | pip | |
| aliyun-python-sdk-ram | 3.0.1 | 间接依赖 | pip |
| aliyun-python-sdk-actiontrail | 2.0.0 | 间接依赖 | pip |
| aliyun-python-sdk-core | 2.13.4 | 间接依赖 | pip |
| aliyunsdkkms | 间接依赖 | pip | |
| aliyunsdkecs | 间接依赖 | pip | |
| print_error | 间接依赖 | pip | |
| httplib2shim | 0.0.3 | 间接依赖 | pip |
| client | 间接依赖 | pip | |
| azure | 间接依赖 | pip | |
| print_exception | 间接依赖 | pip | |
| asyncio-throttle | 0.1.1 | 间接依赖 | pip |
| azure-mgmt-redis | 12.0.0 | 间接依赖 | pip |
| azure-mgmt-authorization | 3.0.0 | 间接依赖 | pip |
| cherrypy | 18.1.0 | 间接依赖 | pip |
| prompt | 间接依赖 | pip | |
| botocore | 1.20.21 | 间接依赖 | pip |
| boto3 | 1.9.210 | 间接依赖 | pip |
| cherrypy-cors | 1.6 | 间接依赖 | pip |
| DEFAULT_REPORT_RESULTS_DIRECTORY | 间接依赖 | pip | |
| policyuniverse | 1.3.2.0 | 间接依赖 | pip |
| msgraph | 间接依赖 | pip | |
| oss2 | 2.8.0 | 间接依赖 | pip |
| azure-mgmt-security | 1.0.0 | 间接依赖 | pip |
| aliyun-python-sdk-rds | 2.3.9 | 间接依赖 | pip |
| set_logger_configuration | 间接依赖 | pip | |
| google-cloud-iam | 0.1.0 | 间接依赖 | pip |
| AuthenticationException | 间接依赖 | pip |