基础信息
项目名称:eritislami/evobot
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1717505297894653952/1717505298066620416
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| html-to-text 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-13762 | 高危 | |
| undici 信息泄露漏洞 | MPS-g6am-4ry2 | CVE-2023-45143 | 低危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| html-to-text | 5.1.1 | 6.0.0 | 间接依赖 | 建议修复 |
| undici | 5.22.1 | 5.26.2 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 59 | 低 |
| BSD-2-Clause | 9 | 低 |
| Unicode-DFS-2016 | 1 | 低 |
| ISC | 4 | 低 |
| Apache-2.0 | 8 | 低 |
| GPL-3.0 | 3 | 中 |
| GPL-3.0-or-later | 1 | 低 |
| 0BSD | 1 | 低 |
| BSD-3-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| @messageformat/number-skeleton | 1.2.0 | 间接依赖 | npm |
| domelementtype | 1.3.1 | 间接依赖 | npm |
| htmlparser2 | 3.10.1 | 间接依赖 | npm |
| make-plural | 7.3.0 | 间接依赖 | npm |
| inherits | 2.0.4 | 间接依赖 | npm |
| sax | 1.2.4 | 间接依赖 | npm |
| axios | 0.21.4 | 间接依赖 | npm |
| he | 1.2.0 | 间接依赖 | npm |
| @discordjs/collection | 1.5.3 | 间接依赖 | npm |
| env-paths | 2.2.1 | 间接依赖 | npm |
| dotenv | 16.3.1 | 间接依赖 | npm |
| magic-bytes.js | 1.0.17 | 间接依赖 | npm |
| @messageformat/runtime | 3.0.1 | 间接依赖 | npm |
| @vladfrangu/async_event_emitter | 2.2.2 | 间接依赖 | npm |
| ts-mixer | 6.0.3 | 间接依赖 | npm |
| node-fetch | 2.7.0 | 间接依赖 | npm |
| @babel/runtime | 7.22.15 | 间接依赖 | npm |
| ms | 2.1.2 | 间接依赖 | npm |
| i18n | 0.15.1 | 间接依赖 | npm |
| math-interval-parser | 2.0.1 | 间接依赖 | npm |
| discord-api-types | 0.37.56 | 间接依赖 | npm |
| soundcloud-key-fetch | 1.0.13 | 间接依赖 | npm |
| @discordjs/voice | 0.16.0 | 间接依赖 | npm |
| soundcloud-downloader | 0.2.4 | 间接依赖 | npm |
| m3u8stream | 0.8.6 | 间接依赖 | npm |
| @messageformat/parser | 5.1.0 | 间接依赖 | npm |
| tr46 | 0.0.3 | 间接依赖 | npm |
| play-audio | 0.5.2 | 间接依赖 | npm |
| miniget | 4.2.3 | 间接依赖 | npm |
| follow-redirects | 1.15.2 | 间接依赖 | npm |
| https-proxy-agent | 5.0.1 | 间接依赖 | npm |
| readable-stream | 3.6.2 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| regenerator-runtime | 0.14.0 | 间接依赖 | npm |
| discord-api-types | 0.37.50 | 间接依赖 | npm |
| safe-identifier | 0.4.2 | 间接依赖 | npm |
| string_decoder | 1.3.0 | 间接依赖 | npm |
| @sapphire/shapeshift | 3.9.2 | 间接依赖 | npm |
| boolean | 3.2.0 | 间接依赖 | npm |
| buffer-from | 1.1.2 | 间接依赖 | npm |
| agent-base | 6.0.2 | 间接依赖 | npm |
| safer-buffer | 2.1.2 | 间接依赖 | npm |
| play-dl | 1.9.7 | 间接依赖 | npm |
| @discordjs/util | 1.0.1 | 间接依赖 | npm |
| lodash.snakecase | 4.1.1 | 间接依赖 | npm |
| @discordjs/rest | 2.0.1 | 间接依赖 | npm |
| concat-stream | 2.0.0 | 间接依赖 | npm |
| html-to-text | 5.1.1 | 间接依赖 | npm |
| progress | 2.0.3 | 间接依赖 | npm |
| caseless | 0.12.0 | 间接依赖 | npm |
| @messageformat/date-skeleton | 1.0.1 | 间接依赖 | npm |
| domelementtype | 2.3.0 | 间接依赖 | npm |
| discord.js | 14.13.0 | 间接依赖 | npm |
| whatwg-url | 5.0.0 | 间接依赖 | npm |
| dom-serializer | 0.2.2 | 间接依赖 | npm |
| @types/node | 10.17.60 | 间接依赖 | npm |
| fast-deep-equal | 3.1.3 | 间接依赖 | npm |
| domutils | 1.7.0 | 间接依赖 | npm |
| webidl-conversions | 3.0.1 | 间接依赖 | npm |
| streamsearch | 1.1.0 | 间接依赖 | npm |
| lodash | 4.17.21 | 间接依赖 | npm |
| domhandler | 2.4.2 | 间接依赖 | npm |
| dotenv | 8.6.0 | 间接依赖 | npm |
| array-move | 3.0.1 | 间接依赖 | npm |
| ffmpeg-static | 4.4.1 | 间接依赖 | npm |
| @discordjs/builders | 1.6.5 | 间接依赖 | npm |
| minimist | 1.2.7 | 间接依赖 | npm |
| @discordjs/formatters | 0.3.2 | 间接依赖 | npm |
| @types/node | 20.7.1 | 间接依赖 | npm |
| http-response-object | 3.0.2 | 间接依赖 | npm |
| tslib | 2.6.2 | 间接依赖 | npm |
| entities | 2.2.0 | 间接依赖 | npm |
| prism-media | 1.3.5 | 间接依赖 | npm |
| lyrics-finder | 21.7.0 | 间接依赖 | npm |
| entities | 1.1.2 | 间接依赖 | npm |
| mustache | 4.2.0 | 间接依赖 | npm |
| @sapphire/async-queue | 1.5.0 | 间接依赖 | npm |
| busboy | 1.6.0 | 间接依赖 | npm |
| string-progressbar | 1.0.4 | 间接依赖 | npm |
| @messageformat/core | 3.2.0 | 间接依赖 | npm |
| encoding | 0.1.13 | 间接依赖 | npm |
| typedarray | 0.0.6 | 间接依赖 | npm |
| fast-printf | 1.6.9 | 间接依赖 | npm |
| @discordjs/ws | 1.0.1 | 间接依赖 | npm |
| @derhuerst/http-basic | 8.2.4 | 间接依赖 | npm |
| @sapphire/snowflake | 3.5.1 | 间接依赖 | npm |
| moo | 0.5.2 | 间接依赖 | npm |
| @types/ws | 8.5.5 | 间接依赖 | npm |
| debug | 4.3.4 | 间接依赖 | npm |
| ws | 8.14.1 | 间接依赖 | npm |
| undici | 5.22.1 | 间接依赖 | npm |
| youtube-sr | 4.3.4 | 间接依赖 | npm |
| parse-cache-control | 1.0.1 | 间接依赖 | npm |
| safe-buffer | 5.2.1 | 间接依赖 | npm |
| iconv-lite | 0.6.3 | 间接依赖 | npm |