基础信息
项目名称:appserver-io/appserver
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1715993472330760192/1715993472620167168
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Sensio Labs Symfony 跨站脚本漏洞 | XSS | MPS-2018-10117 | CVE-2017-18343 | 中危 |
| doctrine/orm 存在SQL注入漏洞 | SQL注入 | MPS-2022-14191 | 中危 | |
| monolog/monolog 存在注入漏洞 | 注入 | MPS-2022-14366 | 中危 | |
| zendframework/zend-diactoros 存在信息暴露漏洞 | 未授权敏感信息泄露 | MPS-2022-14664 | 高危 | |
| zendframework/zend-diactoros 存在跨站重定向漏洞 | 跨站重定向 | MPS-2022-14665 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| zendframework/zend-diactoros | 1.4.1 | 1.8.4 | 间接依赖 | 建议修复 |
| doctrine/orm | v2.5.14 | 2.8.4 | 间接依赖 | 可选修复 |
| monolog/monolog | 1.10.0 | 1.12.0 | 间接依赖 | 可选修复 |
| symfony/debug | v3.0.9 | 3.3.6 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 55 | 低 |
| LGPL-2.0 | 3 | 中 |
| Apache-2.0 | 1 | 低 |
| BSD-3-Clause | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| appserver-io-psr/auth | 2.0.1 | 间接依赖 | composer |
| evenement/evenement | v2.1.0 | 间接依赖 | composer |
| appserver-io-psr/context | 1.0.0 | 间接依赖 | composer |
| appserver-io/rmi | 3.2.2 | 间接依赖 | composer |
| appserver-io-psr/deployment | 2.0.0 | 间接依赖 | composer |
| symfony/polyfill-util | v1.19.0 | 间接依赖 | composer |
| symfony/event-dispatcher | v2.8.52 | 间接依赖 | composer |
| react/promise | v2.8.0 | 间接依赖 | composer |
| appserver-io-psr/application-server | 2.0.0 | 间接依赖 | composer |
| consolidation/self-update | 1.2.0 | 间接依赖 | composer |
| symfony/ldap | v3.4.7 | 间接依赖 | composer |
| symfony/var-dumper | v3.4.7 | 间接依赖 | composer |
| psr/http-message | 1.0.1 | 间接依赖 | composer |
| appserver-io/storage | 2.0.0 | 间接依赖 | composer |
| doctrine/common | v2.7.3 | 间接依赖 | composer |
| react/cache | v0.4.2 | 间接依赖 | composer |
| ircmaxell/password-compat | v1.0.4 | 间接依赖 | composer |
| appserver-io-psr/pms | 2.0.0 | 间接依赖 | composer |
| symfony/filesystem | v3.0.9 | 间接依赖 | composer |
| doctrine/dbal | v2.5.13 | 间接依赖 | composer |
| appserver-io/lang | 3.0.0 | 间接依赖 | composer |
| appserver-io-psr/mop | 2.0.0 | 间接依赖 | composer |
| guzzle/guzzle | v3.9.3 | 间接依赖 | composer |
| symfony/finder | v2.8.52 | 间接依赖 | composer |
| react/dns | v0.4.4 | 间接依赖 | composer |
| appserver-io/routlt-project | 1.2.1 | 间接依赖 | composer |
| rhumsaa/uuid | 2.8.2 | 间接依赖 | composer |
| symfony/process | v2.8.52 | 间接依赖 | composer |
| appserver-io/http | 2.2.1 | 间接依赖 | composer |
| herrera-io/annotations | 1.0.1 | 间接依赖 | composer |
| appserver-io-psr/servlet | 4.1.1 | 间接依赖 | composer |
| appserver-io/provisioning | 2.0.0 | 间接依赖 | composer |
| symfony/options-resolver | v3.4.47 | 间接依赖 | composer |
| appserver-io-psr/epb | 7.0.0 | 间接依赖 | composer |
| appserver-io/messaging | 4.0.1 | 间接依赖 | composer |
| appserver-io/doppelgaenger | 1.7.3 | 间接依赖 | composer |
| appserver-io/robo-tasks | 0.2.0 | 间接依赖 | composer |
| nikic/phlexy | v0.1 | 间接依赖 | composer |
| henrikbjorn/lurker | 1.2.0 | 间接依赖 | composer |
| grasmash/expander | 1.0.0 | 间接依赖 | composer |
| symfony/console | v2.8.52 | 间接依赖 | composer |
| appserver-io-psr/socket | 1.0.0 | 间接依赖 | composer |
| consolidation/log | 1.1.1 | 间接依赖 | composer |
| psr/container | 1.0.0 | 间接依赖 | composer |
| react/socket-client | v0.5.0 | 间接依赖 | composer |
| consolidation/annotated-command | 2.12.1 | 间接依赖 | composer |
| react/event-loop | v0.4.3 | 间接依赖 | composer |
| appserver-io/webserver | 5.1.5 | 间接依赖 | composer |
| consolidation/robo | 1.4.13 | 间接依赖 | composer |
| mtdowling/cron-expression | v1.2.3 | 间接依赖 | composer |
| appserver-io-psr/naming | 1.1.1 | 间接依赖 | composer |
| appserver-io/configuration | 3.0.0 | 间接依赖 | composer |
| symfony/config | v2.8.52 | 间接依赖 | composer |
| appserver-io-psr/security | 1.5.0 | 间接依赖 | composer |
| zendframework/zend-diactoros | 1.4.1 | 间接依赖 | composer |
| psr/log | 1.1.4 | 间接依赖 | composer |
| appserver-io-psr/di | 3.0.0 | 间接依赖 | composer |
| doctrine/orm | v2.5.14 | 间接依赖 | composer |
| doctrine/collections | v1.4.0 | 间接依赖 | composer |
| appserver-io-psr/http-message | 1.4.1 | 间接依赖 | composer |
| grasmash/yaml-expander | 1.4.0 | 间接依赖 | composer |
| symfony/polyfill-ctype | v1.19.0 | 间接依赖 | composer |
| symfony/polyfill-php56 | v1.19.0 | 间接依赖 | composer |
| appserver-io/fastcgi | v2.0.0 | 间接依赖 | composer |
| appserver-io/authenticator | 3.0.0 | 间接依赖 | composer |
| symfony/polyfill-mbstring | v1.19.0 | 间接依赖 | composer |
| appserver-io/single-app | 3.0.0 | 间接依赖 | composer |
| appserver-io/microcron | 1.0.0 | 间接依赖 | composer |
| appserver-io-psr/application | 1.5.0 | 间接依赖 | composer |
| appserver-io/server | 10.0.1 | 间接依赖 | composer |
| appserver-io/description | 13.0.1 | 间接依赖 | composer |
| symfony/yaml | v3.3.18 | 间接依赖 | composer |
| appserver-io/dnsserver | 2.0.6 | 间接依赖 | composer |
| appserver-io-psr/cli | 2.0.0 | 间接依赖 | composer |
| appserver-io/concurrency | 0.3.0 | 间接依赖 | composer |
| container-interop/container-interop | 1.2.0 | 间接依赖 | composer |
| league/container | 2.5.0 | 间接依赖 | composer |
| doctrine/instantiator | 1.0.5 | 间接依赖 | composer |
| league/event | 2.1.2 | 间接依赖 | composer |
| doctrine/lexer | 1.0.2 | 间接依赖 | composer |
| doctrine/cache | v1.6.2 | 间接依赖 | composer |
| react/stream | v0.4.6 | 间接依赖 | composer |
| symfony/debug | v3.0.9 | 间接依赖 | composer |
| monolog/monolog | 1.10.0 | 间接依赖 | composer |
| appserver-io/ldap | 3.0.0 | 间接依赖 | composer |
| doctrine/annotations | v1.4.0 | 间接依赖 | composer |
| dflydev/dot-access-data | v1.1.0 | 间接依赖 | composer |
| appserver-io/collections | 1.1.0 | 间接依赖 | composer |
| appserver-io/properties | 2.1.1 | 间接依赖 | composer |
| consolidation/config | 1.2.1 | 间接依赖 | composer |
| consolidation/output-formatters | 3.5.1 | 间接依赖 | composer |
| appserver-io/logger | 2.0.0 | 间接依赖 | composer |
| react/socket | v0.4.6 | 间接依赖 | composer |
| doctrine/inflector | v1.1.0 | 间接依赖 | composer |