基础信息
项目名称:denysdovhan/bash-handbook
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1717122046475501568/1717122049965162496
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| debug 模块拒绝服务漏洞 | 拒绝服务 | MPS-2018-7210 | CVE-2017-16137 | 中危 |
| extend module [*, 2.0.2)、[3.0.0, 3.0.2) 原型污染漏洞 | 注入 | MPS-2019-1232 | CVE-2018-16492 | 严重 |
| trim | 拒绝服务 | MPS-2020-14926 | CVE-2020-7753 | 高危 |
| org.webjars.bower:underscore 代码注入漏洞 | 代码注入 | MPS-2021-3658 | CVE-2021-23358 | 高危 |
| debug 安全漏洞 | ReDoS | MPS-2023-0646 | CVE-2017-20165 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| trim | 0.0.1 | 0.0.3 | 直接依赖 | 建议修复 |
| debug | 2.6.8 | 2.6.9 | 直接依赖 | 建议修复 |
| extend | 3.0.1 | 3.0.2 | 直接依赖 | 建议修复 |
| underscore | 1.8.3 | 1.12.1 | 直接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| ISC | 18 | 低 |
| Apache-2.0 | 2 | 低 |
| MIT | 133 | 低 |
| BSD-2-Clause | 6 | 低 |
| CC0-1.0 | 1 | 低 |
| BSD-3-Clause | 1 | 低 |
| BSD-like | 1 | 低 |
| CC-BY-3.0 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| hosted-git-info | https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.1.4.tgz | 直接依赖 | npm |
| spdx-correct | https://registry.npmjs.org/spdx-correct/-/spdx-correct-1.0.2.tgz | 直接依赖 | npm |
| lowercase-keys | https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.0.tgz | 直接依赖 | npm |
| signal-exit | https://registry.npmjs.org/signal-exit/-/signal-exit-2.1.2.tgz | 直接依赖 | npm |
| indent-string | https://registry.npmjs.org/indent-string/-/indent-string-2.1.0.tgz | 直接依赖 | npm |
| strip-eof | 1.0.0 | 直接依赖 | npm |
| table-header | https://registry.npmjs.org/table-header/-/table-header-0.2.2.tgz | 直接依赖 | npm |
| debug | 2.6.8 | 直接依赖 | npm |
| unherit | 1.1.0 | 直接依赖 | npm |
| string_decoder | https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz | 直接依赖 | npm |
| anchor-markdown-header | 0.5.7 | 直接依赖 | npm |
| wrappy | 1.0.2 | 直接依赖 | npm |
| execa | 0.4.0 | 直接依赖 | npm |
| imurmurhash | https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz | 直接依赖 | npm |
| update-section | 0.3.3 | 直接依赖 | npm |
| remark | 5.1.0 | 直接依赖 | npm |
| inherits | https://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz | 直接依赖 | npm |
| pinkie | https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz | 直接依赖 | npm |
| isexe | 2.0.0 | 直接依赖 | npm |
| find-up | https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz | 直接依赖 | npm |
| core-util-is | https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz | 直接依赖 | npm |
| is-stream | https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz | 直接依赖 | npm |
| string-width | https://registry.npmjs.org/string-width/-/string-width-1.0.1.tgz | 直接依赖 | npm |
| camelcase-keys | https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-2.1.0.tgz | 直接依赖 | npm |
| normalize-package-data | https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.3.5.tgz | 直接依赖 | npm |
| meow | https://registry.npmjs.org/meow/-/meow-3.7.0.tgz | 直接依赖 | npm |
| is-decimal | 1.0.0 | 直接依赖 | npm |
| text-table | https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz | 直接依赖 | npm |
| markdown-to-ast | 3.4.0 | 直接依赖 | npm |
| update-notifier | 2.2.0 | 直接依赖 | npm |
| escape-string-regexp | https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz | 直接依赖 | npm |
| has-ansi | https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz | 直接依赖 | npm |
| path-key | 1.0.0 | 直接依赖 | npm |
| unique-string | 1.0.0 | 直接依赖 | npm |
| deep-extend | https://registry.npmjs.org/deep-extend/-/deep-extend-0.4.1.tgz | 直接依赖 | npm |
| dom-serializer | 0.1.0 | 直接依赖 | npm |
| read-pkg-up | https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-1.0.1.tgz | 直接依赖 | npm |
| map-obj | https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz | 直接依赖 | npm |
| htmlparser2 | 3.9.2 | 直接依赖 | npm |
| which | 1.2.14 | 直接依赖 | npm |
| read-pkg | https://registry.npmjs.org/read-pkg/-/read-pkg-1.1.0.tgz | 直接依赖 | npm |
| collapse-white-space | 1.0.2 | 直接依赖 | npm |
| pseudomap | 1.0.2 | 直接依赖 | npm |
| parse-entities | 1.1.1 | 直接依赖 | npm |
| is-hexadecimal | 1.0.0 | 直接依赖 | npm |
| marked | https://registry.npmjs.org/marked/-/marked-0.3.5.tgz | 直接依赖 | npm |
| safe-buffer | 5.1.1 | 直接依赖 | npm |
| repeat-string | https://registry.npmjs.org/repeat-string/-/repeat-string-1.5.4.tgz | 直接依赖 | npm |
| is-redirect | https://registry.npmjs.org/is-redirect/-/is-redirect-1.0.0.tgz | 直接依赖 | npm |
| prepend-http | https://registry.npmjs.org/prepend-http/-/prepend-http-1.0.4.tgz | 直接依赖 | npm |
| bail | 1.0.1 | 直接依赖 | npm |
| once | 1.4.0 | 直接依赖 | npm |
| validate-npm-package-license | https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.1.tgz | 直接依赖 | npm |
| semver | https://registry.npmjs.org/semver/-/semver-5.1.0.tgz | 直接依赖 | npm |
| varsize-string | https://registry.npmjs.org/varsize-string/-/varsize-string-2.2.2.tgz | 直接依赖 | npm |
| character-entities | 1.2.0 | 直接依赖 | npm |
| trim | 0.0.1 | 直接依赖 | npm |
| readable-stream | https://registry.npmjs.org/readable-stream/-/readable-stream-2.0.6.tgz | 直接依赖 | npm |
| lru-cache | 4.1.1 | 直接依赖 | npm |
| array-find-index | https://registry.npmjs.org/array-find-index/-/array-find-index-1.0.1.tgz | 直接依赖 | npm |
| pinkie-promise | https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz | 直接依赖 | npm |
| through2 | 2.0.3 | 直接依赖 | npm |
| is-npm | https://registry.npmjs.org/is-npm/-/is-npm-1.0.0.tgz | 直接依赖 | npm |
| is-finite | https://registry.npmjs.org/is-finite/-/is-finite-1.0.1.tgz | 直接依赖 | npm |
| msee | 0.3.3 | 直接依赖 | npm |
| default-pager | https://registry.npmjs.org/default-pager/-/default-pager-1.1.0.tgz | 直接依赖 | npm |
| widest-line | https://registry.npmjs.org/widest-line/-/widest-line-1.0.0.tgz | 直接依赖 | npm |
| slide | https://registry.npmjs.org/slide/-/slide-1.1.6.tgz | 直接依赖 | npm |
| parse-json | https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz | 直接依赖 | npm |
| abbrev | https://registry.npmjs.org/abbrev/-/abbrev-1.0.9.tgz | 直接依赖 | npm |
| url-parse-lax | https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-1.0.0.tgz | 直接依赖 | npm |
| redeyed | https://registry.npmjs.org/redeyed/-/redeyed-0.6.0.tgz | 直接依赖 | npm |
| traverse | 0.6.6 | 直接依赖 | npm |
| rc | https://registry.npmjs.org/rc/-/rc-1.1.6.tgz | 直接依赖 | npm |
| util-deprecate | https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz | 直接依赖 | npm |
| markdown-table | 0.4.0 | 直接依赖 | npm |
| make-dir | 1.0.0 | 直接依赖 | npm |
| decamelize | https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz | 直接依赖 | npm |
| remark-stringify | 1.1.0 | 直接依赖 | npm |
| doctoc | 1.3.0 | 直接依赖 | npm |
| emoji-regex | 6.1.3 | 直接依赖 | npm |
| spdx-expression-parse | https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-1.0.2.tgz | 直接依赖 | npm |
| path-exists | https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz | 直接依赖 | npm |
| ansicolors | https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz | 直接依赖 | npm |
| trim-trailing-lines | 1.1.0 | 直接依赖 | npm |
| is-builtin-module | https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-1.0.0.tgz | 直接依赖 | npm |
| import-lazy | 2.1.0 | 直接依赖 | npm |
| number-is-nan | https://registry.npmjs.org/number-is-nan/-/number-is-nan-1.0.0.tgz | 直接依赖 | npm |
| is-alphabetical | 1.0.0 | 直接依赖 | npm |
| camelcase | https://registry.npmjs.org/camelcase/-/camelcase-2.1.1.tgz | 直接依赖 | npm |
| domutils | 1.6.2 | 直接依赖 | npm |
| get-stream | 3.0.0 | 直接依赖 | npm |
| structured-source | 3.0.2 | 直接依赖 | npm |
| vfile | 1.4.0 | 直接依赖 | npm |
| vfile-location | 2.0.1 | 直接依赖 | npm |
| boundary | 1.0.1 | 直接依赖 | npm |
| process-nextick-args | https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-1.0.7.tgz | 直接依赖 | npm |
| delayed-stream | 1.0.0 | 直接依赖 | npm |
| combined-stream-wait-for-it | 1.1.0 | 直接依赖 | npm |
| graceful-fs | https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.4.tgz | 直接依赖 | npm |
| strip-json-comments | https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-1.0.4.tgz | 直接依赖 | npm |
| underscore | 1.8.3 | 直接依赖 | npm |
| supports-color | https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz | 直接依赖 | npm |
| nopt | https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz | 直接依赖 | npm |
| minimist | https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz | 直接依赖 | npm |
| redent | https://registry.npmjs.org/redent/-/redent-1.0.0.tgz | 直接依赖 | npm |
| ini | https://registry.npmjs.org/ini/-/ini-1.3.4.tgz | 直接依赖 | npm |
| cardinal | https://registry.npmjs.org/cardinal/-/cardinal-0.7.1.tgz | 直接依赖 | npm |
| function-bind | 1.1.0 | 直接依赖 | npm |
| strip-ansi | https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz | 直接依赖 | npm |
| xtend | https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz | 直接依赖 | npm |
| wcstring | https://registry.npmjs.org/wcstring/-/wcstring-2.1.1.tgz | 直接依赖 | npm |
| get-stdin | https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz | 直接依赖 | npm |
| ccount | 1.0.1 | 直接依赖 | npm |
| ansi-regex | https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.0.0.tgz | 直接依赖 | npm |
| builtin-modules | https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz | 直接依赖 | npm |
| spdx-license-ids | https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-1.2.1.tgz | 直接依赖 | npm |
| cross-spawn-async | 2.2.5 | 直接依赖 | npm |
| path-type | https://registry.npmjs.org/path-type/-/path-type-1.1.0.tgz | 直接依赖 | npm |
| is-retry-allowed | https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.0.0.tgz | 直接依赖 | npm |
| duplexer3 | 0.1.4 | 直接依赖 | npm |
| longest-streak | 1.0.0 | 直接依赖 | npm |
| trough | 1.0.0 | 直接依赖 | npm |
| yallist | 2.1.2 | 直接依赖 | npm |
| character-entities-legacy | 1.1.0 | 直接依赖 | npm |
| npm-run-path | 1.0.0 | 直接依赖 | npm |
| is-utf8 | https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz | 直接依赖 | npm |
| term-size | 0.1.1 | 直接依赖 | npm |
| strip-indent | https://registry.npmjs.org/strip-indent/-/strip-indent-1.0.1.tgz | 直接依赖 | npm |
| repeating | https://registry.npmjs.org/repeating/-/repeating-2.0.1.tgz | 直接依赖 | npm |
| ansi-styles | https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz | 直接依赖 | npm |
| wcsize | https://registry.npmjs.org/wcsize/-/wcsize-1.0.0.tgz | 直接依赖 | npm |
| extend | 3.0.1 | 直接依赖 | npm |
| has | 1.0.1 | 直接依赖 | npm |
| ms | 2.0.0 | 直接依赖 | npm |
| unist-util-remove-position | 1.1.1 | 直接依赖 | npm |
| remark-parse | 1.1.0 | 直接依赖 | npm |
| pify | https://registry.npmjs.org/pify/-/pify-2.3.0.tgz | 直接依赖 | npm |
| registry-url | https://registry.npmjs.org/registry-url/-/registry-url-3.1.0.tgz | 直接依赖 | npm |
| domelementtype | 1.3.0 | 直接依赖 | npm |
| is-arrayish | https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz | 直接依赖 | npm |
| entities | 1.1.1 | 直接依赖 | npm |
| stringify-entities | 1.3.1 | 直接依赖 | npm |
| load-json-file | https://registry.npmjs.org/load-json-file/-/load-json-file-1.1.0.tgz | 直接依赖 | npm |
| registry-auth-token | 3.3.1 | 直接依赖 | npm |
| unist-util-visit | 1.1.3 | 直接依赖 | npm |
| is-alphanumerical | 1.0.0 | 直接依赖 | npm |
| create-error-class | https://registry.npmjs.org/create-error-class/-/create-error-class-3.0.2.tgz | 直接依赖 | npm |
| esprima | https://registry.npmjs.org/esprima/-/esprima-2.7.2.tgz | 直接依赖 | npm |
| unified | 4.2.1 | 直接依赖 | npm |
| strip-bom | https://registry.npmjs.org/strip-bom/-/strip-bom-2.0.0.tgz | 直接依赖 | npm |
| crypto-random-string | 1.0.0 | 直接依赖 | npm |
| capture-stack-trace | https://registry.npmjs.org/capture-stack-trace/-/capture-stack-trace-1.0.0.tgz | 直接依赖 | npm |
| trim-newlines | https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz | 直接依赖 | npm |
| character-reference-invalid | 1.1.0 | 直接依赖 | npm |
| cli-boxes | https://registry.npmjs.org/cli-boxes/-/cli-boxes-1.0.0.tgz | 直接依赖 | npm |
| is-obj | https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz | 直接依赖 | npm |
| object-assign | https://registry.npmjs.org/object-assign/-/object-assign-4.1.0.tgz | 直接依赖 | npm |
| domhandler | 2.4.1 | 直接依赖 | npm |
| loud-rejection | https://registry.npmjs.org/loud-rejection/-/loud-rejection-1.3.0.tgz | 直接依赖 | npm |
| error-ex | https://registry.npmjs.org/error-ex/-/error-ex-1.3.0.tgz | 直接依赖 | npm |
| boxen | 1.1.0 | 直接依赖 | npm |
| is-fullwidth-code-point | https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz | 直接依赖 | npm |
| chalk | https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz | 直接依赖 | npm |
| spdx-exceptions | https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-1.0.4.tgz | 直接依赖 | npm |
| semver-diff | https://registry.npmjs.org/semver-diff/-/semver-diff-2.1.0.tgz | 直接依赖 | npm |
| isarray | https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz | 直接依赖 | npm |
| character-entities-html4 | 1.1.0 | 直接依赖 | npm |
| code-point-at | https://registry.npmjs.org/code-point-at/-/code-point-at-1.0.0.tgz | 直接依赖 | npm |