基础信息
项目名称:AlexanderArima/XCYN
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1715629927038582784/1715629927705477120
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Bootstrap 跨站脚本漏洞 | XSS | MPS-2018-9640 | CVE-2018-14040 | 中危 |
| Bootstrap 跨站脚本漏洞 | XSS | MPS-2018-9642 | CVE-2018-14042 | 中危 |
| Bootstrap跨站脚本漏洞 | XSS | MPS-2019-0181 | CVE-2018-20676 | 中危 |
| Bootstrap跨站脚本漏洞 | XSS | MPS-2019-0182 | CVE-2018-20677 | 中危 |
| Bootstrap 存在跨站脚本漏洞 | XSS | MPS-2019-1791 | CVE-2019-8331 | 中危 |
| Google Chrome V8 安全漏洞 | 使用不兼容类型访问资源(类型混淆) | MPS-2020-2990 | CVE-2020-6418 | 高危 |
| Apache log4net 代码问题漏洞 | XXE | MPS-2020-7280 | CVE-2018-1285 | 严重 |
| Google protobuf 空指针漏洞 | 空指针取消引用 | MPS-2021-19067 | CVE-2021-22570 | 中危 |
| MongoDB .NET/C# 驱动存在反序列化漏洞 | 反序列化 | MPS-2023-2678 | CVE-2022-48282 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| bootstrap | 3.3.7 | 4.3.1 | 间接依赖 | 建议修复 |
| bootstrap | 3.0.0 | 4.3.1 | 间接依赖 | 建议修复 |
| log4net | 2.0.3 | 2.0.10 | 间接依赖 | 建议修复 |
| bootstrap | 4.1.3 | 4.3.1 | 间接依赖 | 建议修复 |
| cef.redist.x86 | 3.2623.1396 | 81.3.2 | 间接依赖 | 建议修复 |
| log4net | 2.0.8 | 2.0.10 | 间接依赖 | 建议修复 |
| cef.redist.x64 | 3.2623.1396 | 81.3.2 | 间接依赖 | 建议修复 |
| MongoDB.Driver | 2.7.0 | 2.19.0 | 间接依赖 | 可选修复 |
| Google.Protobuf | 3.5.1 | 3.15.0 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| non-standard | 7 | 低 |
| MIT | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| MongoDB.Driver.GridFS | 2.7.0 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.SystemWeb | 2.1.2 | 间接依赖 | nuget |
| Microsoft.AspNet.TelemetryCorrelation | 1.0.4 | 间接依赖 | nuget |
| NPOI | 2.3.0 | 间接依赖 | nuget |
| Microsoft.AspNet.Providers.Core | 2.0.0 | 间接依赖 | nuget |
| DnsClient | 1.0.7 | 间接依赖 | nuget |
| ole32.dll | 间接依赖 | ||
| bootstrap | 3.3.7 | 间接依赖 | nuget |
| Dapper | 1.50.4 | 间接依赖 | nuget |
| WINSPOOL.DRV | 间接依赖 | ||
| HtmlAgilityPack | 1.7.0 | 间接依赖 | nuget |
| MouseKeyHook | 5.6.0 | 间接依赖 | nuget |
| jQuery | 3.3.1 | 间接依赖 | nuget |
| Swashbuckle | 5.6.0 | 间接依赖 | nuget |
| dbghelp.dll | 间接依赖 | ||
| Microsoft.ApplicationInsights.WindowsServer | 2.8.0 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.Client | 2.2.2 | 间接依赖 | nuget |
| log4net | 2.0.3 | 间接依赖 | nuget |
| VCRUNTIME140D.dll | 间接依赖 | ||
| System.Numerics.Vectors | 4.4.0 | 间接依赖 | nuget |
| Microsoft.AspNet.Web.Optimization | 1.1.3 | 间接依赖 | nuget |
| Microsoft.Owin.Host.SystemWeb | 3.0.1 | 间接依赖 | nuget |
| WebGrease | 1.5.2 | 间接依赖 | nuget |
| Microsoft.Office.Interop.Excel | 15.0.4795.1000 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.WebHost | 5.2.4 | 间接依赖 | nuget |
| Microsoft.Owin.Security.Cookies | 3.0.1 | 间接依赖 | nuget |
| robloach/component-installer | * | 间接依赖 | composer |
| System.Memory | 4.5.1 | 间接依赖 | nuget |
| TxFileManager | 1.5.0.1 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.Core.zh-Hans | 2.2.2 | 间接依赖 | nuget |
| Antlr | 3.4.1.9004 | 间接依赖 | nuget |
| Microsoft.AspNet.FriendlyUrls.Core.zh-Hans | 1.0.2 | 间接依赖 | nuget |
| Microsoft.Owin.Host.HttpListener | 3.1.0 | 间接依赖 | nuget |
| Swagger.Net.UI | 1.1.0 | 间接依赖 | nuget |
| Common.Logging | 3.3.1 | 间接依赖 | nuget |
| Quartz | 2.6.2 | 间接依赖 | nuget |
| MongoDB.Bson | 2.7.0 | 间接依赖 | nuget |
| Microsoft.ApplicationInsights.DependencyCollector | 2.8.0 | 间接依赖 | nuget |
| popper.js | 1.14.0 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.SystemWeb.zh-Hans | 2.1.2 | 间接依赖 | nuget |
| Microsoft.AspNet.Mvc | 5.2.4 | 间接依赖 | nuget |
| Ninject.Web.Common | 3.3.1 | 间接依赖 | nuget |
| Microsoft.CodeDom.Providers.DotNetCompilerPlatform | 1.0.0 | 间接依赖 | nuget |
| Microsoft.ApplicationInsights.PerfCounterCollector | 2.8.0 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi | 5.2.4 | 间接依赖 | nuget |
| StackExchange.Redis.StrongName | 1.1.608 | 间接依赖 | nuget |
| Ninject.MVC | 3.2.1 | 间接依赖 | nuget |
| Microsoft.Owin.Security | 3.0.1 | 间接依赖 | nuget |
| Microsoft.AspNet.Razor | 3.2.4 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.Core | 2.2.2 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.SqlServer | 2.2.2 | 间接依赖 | nuget |
| cef.redist.x86 | 3.2623.1396 | 间接依赖 | nuget |
| Microsoft.Owin.zh-Hans | 3.1.0 | 间接依赖 | nuget |
| Microsoft.AspNet.ScriptManager.MSAjax | 5.0.0 | 间接依赖 | nuget |
| System.Diagnostics.DiagnosticSource | 4.5.0 | 间接依赖 | nuget |
| System.Runtime.InteropServices.RuntimeInformation | 4.0.0 | 间接依赖 | nuget |
| Microsoft.AspNet.Razor.zh-Hans | 3.2.3 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.Client | 5.2.3 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.Core | 5.2.6 | 间接依赖 | nuget |
| Newtonsoft.Json | 12.0.1 | 间接依赖 | nuget |
| WebActivatorEx | 2.0 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.SelfHost | 5.2.3 | 间接依赖 | nuget |
| System.Runtime.CompilerServices.Unsafe | 4.5.0 | 间接依赖 | nuget |
| Microsoft.AspNet.Identity.Core | 2.2.1 | 间接依赖 | nuget |
| Microsoft.AspNet.Mvc.zh-Hans | 5.2.3 | 间接依赖 | nuget |
| Microsoft.AspNet.Identity.Core.zh-Hans | 2.2.1 | 间接依赖 | nuget |
| Microsoft.Owin.Security.OAuth | 3.0.1 | 间接依赖 | nuget |
| Swashbuckle.Core | 5.6.0 | 间接依赖 | nuget |
| EntityFramework | 6.1.3 | 间接依赖 | nuget |
| Respond | 1.2.0 | 间接依赖 | nuget |
| Microsoft.AspNet.Identity.Owin | 2.2.1 | 间接依赖 | nuget |
| System.Buffers | 4.4.0 | 间接依赖 | nuget |
| cskin | 16.1.14.3 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.Core.zh-Hans | 5.2.6 | 间接依赖 | nuget |
| Microsoft.AspNet.WebPages | 3.2.6 | 间接依赖 | nuget |
| COMDLG32.dll | 间接依赖 | ||
| Microsoft.Owin.Security.Twitter | 3.0.1 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.WebHost.zh-Hans | 5.2.4 | 间接依赖 | nuget |
| Microsoft.Owin.Security.Google | 3.0.1 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.HelpPage | 5.2.4 | 间接依赖 | nuget |
| System.Threading.Channels | 4.5.0 | 间接依赖 | nuget |
| mscoree.dll | 间接依赖 | ||
| Microsoft.Owin.Security.Facebook | 3.0.1 | 间接依赖 | nuget |
| Microsoft.AspNet.Identity.EntityFramework | 2.2.1 | 间接依赖 | nuget |
| Ninject | 3.3.4 | 间接依赖 | nuget |
| Owin | 1.0 | 间接依赖 | nuget |
| WebActivator | 1.5.1 | 间接依赖 | nuget |
| Microsoft.AspNet.Web.Optimization.zh-Hans | 1.1.3 | 间接依赖 | nuget |
| log4net | 2.0.8 | 间接依赖 | nuget |
| Microsoft.AspNet.Providers.Core.zh-Hans | 2.0.0 | 间接依赖 | nuget |
| Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel | 2.8.0 | 间接依赖 | nuget |
| SHLWAPI.dll | 间接依赖 | ||
| Microsoft.AspNet.Razor | 3.2.3 | 间接依赖 | nuget |
| Microsoft.AspNet.FriendlyUrls | 1.0.2 | 间接依赖 | nuget |
| MongoDB.Driver | 2.7.0 | 间接依赖 | nuget |
| Microsoft.AspNet.Cors | 5.2.6 | 间接依赖 | nuget |
| StackExchange.Redis.StrongName | 1.2.6 | 间接依赖 | nuget |
| Microsoft.AspNet.Identity.EntityFramework.zh-Hans | 2.2.1 | 间接依赖 | nuget |
| EntityFramework | 6.2.0 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.Client.zh-Hans | 5.2.6 | 间接依赖 | nuget |
| System.Threading.Tasks.Extensions | 4.5.1 | 间接依赖 | nuget |
| VERSION.dll | 间接依赖 | ||
| Swagger.Net | 0.5.5 | 间接依赖 | nuget |
| Microsoft.Owin.Security | 2.1.0 | 间接依赖 | nuget |
| AspNet.ScriptManager.jQuery | 1.10.2 | 间接依赖 | nuget |
| Microsoft.Web.Infrastructure | 1.0.0.0 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.Cors | 5.2.6 | 间接依赖 | nuget |
| jQuery | 3.0.0 | 间接依赖 | nuget |
| bootstrap | 3.0.0 | 间接依赖 | nuget |
| bootstrap | 4.1.3 | 间接依赖 | nuget |
| Microsoft.AspNet.WebPages | 3.2.4 | 间接依赖 | nuget |
| Microsoft.Owin.Security.Google.zh-Hans | 3.0.1 | 间接依赖 | nuget |
| Microsoft.Owin.Security.Twitter.zh-Hans | 3.0.1 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.zh-Hans | 2.1.2 | 间接依赖 | nuget |
| Microsoft.AspNet.WebPages | 3.2.3 | 间接依赖 | nuget |
| NPOI | 2.4.1 | 间接依赖 | nuget |
| Microsoft.ApplicationInsights.Web | 2.8.0 | 间接依赖 | nuget |
| Microsoft.AspNet.WebPages.zh-Hans | 3.2.4 | 间接依赖 | nuget |
| COMCTL32.dll | 间接依赖 | ||
| Microsoft.AspNet.WebApi.Core | 5.2.3 | 间接依赖 | nuget |
| Modernizr | 2.8.3 | 间接依赖 | nuget |
| WINMM.dll | 间接依赖 | ||
| Microsoft.Owin.Security.Facebook.zh-Hans | 3.0.1 | 间接依赖 | nuget |
| System.ValueTuple | 4.4.0 | 间接依赖 | nuget |
| System.Threading.Tasks.Extensions | 4.3.0 | 间接依赖 | nuget |
| StackExchange.Redis | 2.0.513 | 间接依赖 | nuget |
| Modernizr | 2.6.2 | 间接依赖 | nuget |
| Microsoft.Owin.Security.MicrosoftAccount.zh-Hans | 3.0.1 | 间接依赖 | nuget |
| System.Diagnostics.PerformanceCounter | 4.5.0 | 间接依赖 | nuget |
| SharpZipLib | 0.86.0 | 间接依赖 | nuget |
| Microsoft.Owin.Hosting | 3.1.0 | 间接依赖 | nuget |
| CefSharp.WinForms | 49.0.0 | 间接依赖 | nuget |
| System.IO.Pipelines | 4.5.1 | 间接依赖 | nuget |
| cef.redist.x64 | 3.2623.1396 | 间接依赖 | nuget |
| ucrtbased.dll | 间接依赖 | ||
| Microsoft.Web.RedisSessionStateProvider | 3.0.2 | 间接依赖 | nuget |
| Pipelines.Sockets.Unofficial | 1.0.7 | 间接依赖 | nuget |
| Microsoft.AspNet.Razor.zh-Hans | 3.2.4 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.Client | 5.2.6 | 间接依赖 | nuget |
| GDI32.dll | 间接依赖 | ||
| ADVAPI32.dll | 间接依赖 | ||
| Google.Protobuf | 3.5.1 | 间接依赖 | nuget |
| Microsoft.ApplicationInsights | 2.8.0 | 间接依赖 | nuget |
| urlmon.dll | 间接依赖 | ||
| Microsoft.AspNet.WebPages.zh-Hans | 3.2.3 | 间接依赖 | nuget |
| Microsoft.AspNet.Mvc.zh-Hans | 5.2.4 | 间接依赖 | nuget |
| RabbitMQ.Client | 5.0.1 | 间接依赖 | nuget |
| Microsoft.Owin | 3.1.0 | 间接依赖 | nuget |
| Microsoft.Owin.Security.zh-Hans | 3.0.1 | 间接依赖 | nuget |
| FreeSpire.Doc | 10.2.0 | 间接依赖 | nuget |
| Microsoft.ApplicationInsights.Agent.Intercept | 2.4.0 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR | 2.1.2 | 间接依赖 | nuget |
| SHELL32.dll | 间接依赖 | ||
| oledlg.dll | 间接依赖 | ||
| Moq | 4.9.0 | 间接依赖 | nuget |
| Antlr | 3.5.0.2 | 间接依赖 | nuget |
| Common.Logging.Core | 3.3.1 | 间接依赖 | nuget |
| OpenCvSharp3-AnyCPU | 4.0.0.20181129 | 间接依赖 | nuget |
| Microsoft.AspNet.Web.Optimization.WebForms | 1.1.3 | 间接依赖 | nuget |
| Fleck | 1.2.0 | 间接依赖 | nuget |
| Microsoft.CodeDom.Providers.DotNetCompilerPlatform | 1.0.8 | 间接依赖 | nuget |
| Microsoft.Owin.Host.SystemWeb.zh-Hans | 3.0.1 | 间接依赖 | nuget |
| CefSharp.Common | 49.0.0 | 间接依赖 | nuget |
| Microsoft.AspNet.FriendlyUrls.Core | 1.0.2 | 间接依赖 | nuget |
| Castle.Core | 4.3.1 | 间接依赖 | nuget |
| Microsoft.Owin.Security.MicrosoftAccount | 3.0.1 | 间接依赖 | nuget |
| Microsoft.Diagnostics.Tracing.EventSource.Redist | 1.1.28 | 间接依赖 | nuget |
| Microsoft.AspNet.ScriptManager.WebForms | 5.0.0 | 间接依赖 | nuget |
| MySql.Data | 8.0.12 | 间接依赖 | nuget |
| Microsoft.Owin.Cors | 3.1.0 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.JS | 2.1.2 | 间接依赖 | nuget |
| Microsoft.AspNet.Identity.Owin.zh-Hans | 2.2.1 | 间接依赖 | nuget |
| Microsoft.AspNet.Mvc | 5.2.3 | 间接依赖 | nuget |
| SharpZipLib | 1.0.0 | 间接依赖 | nuget |
| WebGrease | 1.6.0 | 间接依赖 | nuget |
| MongoDB.Driver.Core | 2.7.0 | 间接依赖 | nuget |
| Microsoft.AspNet.Razor | 3.2.6 | 间接依赖 | nuget |
| jQuery | 1.10.2 | 间接依赖 | nuget |
| Microsoft.AspNet.Cors | 5.0.0 | 间接依赖 | nuget |
| AspNet.ScriptManager.bootstrap | 3.0.0 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.Redis | 2.2.2 | 间接依赖 | nuget |
| USER32.dll | 间接依赖 | ||
| KERNEL32.dll | 间接依赖 | ||
| EntityFramework.zh-Hans | 6.1.3 | 间接依赖 | nuget |