基础信息
项目名称:frandiox/vitedge
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1717964049563303936/1717964049663967232
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| nanoid | 不正确的类型转换 | MPS-2021-19605 | CVE-2021-23566 | 中危 |
| lodash 拒绝服务漏洞 | 拒绝服务 | MPS-2021-2574 | CVE-2020-28500 | 中危 |
| lodash 命令注入漏洞 | 代码注入 | MPS-2021-2638 | CVE-2021-23337 | 高危 |
| prism 正则表达式拒绝服务漏洞 | ReDoS | MPS-2021-31844 | CVE-2021-3801 | 中危 |
| Markdown-It 正则表达式拒绝服务漏洞 | 拒绝服务 | MPS-2021-37028 | CVE-2022-21670 | 中危 |
| minimist 安全漏洞 | 原型污染 | MPS-2021-38405 | CVE-2021-44906 | 严重 |
| npm path-parse 安全漏洞 | 拒绝服务 | MPS-2021-6165 | CVE-2021-23343 | 高危 |
| glob-parent | 拒绝服务 | MPS-2021-7827 | CVE-2020-28469 | 高危 |
| prismjs | 拒绝服务 | MPS-2021-9058 | CVE-2021-32723 | 中危 |
| Prism 跨站脚本漏洞 | XSS | MPS-2022-2074 | CVE-2022-23647 | 中危 |
| vite | 路径遍历 | MPS-2022-44851 | CVE-2022-35204 | 高危 |
| loader-utils 安全漏洞 | 不正确的正则表达式 | MPS-2022-53512 | CVE-2022-37599 | 高危 |
| loader-utils 安全漏洞 | 不正确的正则表达式 | MPS-2022-53516 | CVE-2022-37603 | 高危 |
| Tauri 原型污染漏洞 | 原型污染 | MPS-2022-65568 | CVE-2022-46175 | 高危 |
| Vite 安全漏洞 | 使用不正确的解析名称或索引 | MPS-o473-85mg | CVE-2023-34092 | 高危 |
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| loader-utils | 1.4.0 | 1.4.2 | 间接依赖 | 建议修复 |
| json5 | 1.0.1 | 1.0.2 | 间接依赖 | 建议修复 |
| glob-parent | 5.1.1 | 5.1.2 | 间接依赖 | 建议修复 |
| minimist | 1.2.5 | 1.2.6 | 间接依赖 | 建议修复 |
| vite | 2.3.2 | 2.9.16 | 间接依赖 | 建议修复 |
| path-parse | 1.0.6 | 1.0.7 | 间接依赖 | 建议修复 |
| postcss | 8.2.15 | 8.4.31 | 间接依赖 | 可选修复 |
| prismjs | 1.23.0 | 1.27.0 | 间接依赖 | 可选修复 |
| nanoid | 3.1.23 | 3.1.31 | 间接依赖 | 可选修复 |
| markdown-it | 10.0.0 | 12.3.2 | 间接依赖 | 可选修复 |
| lodash | 4.17.20 | 4.17.21 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 174 | 低 |
| BSD-3-Clause | 3 | 低 |
| ISC | 13 | 低 |
| Unlicense | 1 | 低 |
| BSD-2-Clause | 2 | 低 |
| CC0-1.0 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| compressible | 2.0.18 | 间接依赖 | npm |
| prismjs | 1.23.0 | 间接依赖 | npm |
| @algolia/logger-console | 4.9.1 | 间接依赖 | npm |
| wcwidth | 1.0.1 | 间接依赖 | npm |
| markdown-it-table-of-contents | 0.4.4 | 间接依赖 | npm |
| color-convert | 2.0.1 | 间接依赖 | npm |
| @arr/every | 1.0.1 | 间接依赖 | npm |
| argparse | 1.0.10 | 间接依赖 | npm |
| consolidate | 0.16.0 | 间接依赖 | npm |
| sprintf-js | 1.0.3 | 间接依赖 | npm |
| @babel/parser | 7.14.2 | 间接依赖 | npm |
| big.js | 5.2.2 | 间接依赖 | npm |
| algoliasearch | 4.9.1 | 间接依赖 | npm |
| preact | 10.5.13 | 间接依赖 | npm |
| bl | 4.1.0 | 间接依赖 | npm |
| polka | 0.5.2 | 间接依赖 | npm |
| @vue/compiler-ssr | 3.0.11 | 间接依赖 | npm |
| chalk | 4.1.0 | 间接依赖 | npm |
| inherits | 2.0.4 | 间接依赖 | npm |
| markdown-it-anchor | 5.3.0 | 间接依赖 | npm |
| uniq | 1.0.1 | 间接依赖 | npm |
| ms | 2.0.0 | 间接依赖 | npm |
| fs-extra | 9.1.0 | 间接依赖 | npm |
| section-matter | 1.0.0 | 间接依赖 | npm |
| ansi-regex | 5.0.0 | 间接依赖 | npm |
| @babel/parser | 7.12.7 | 间接依赖 | npm |
| emojis-list | 3.0.0 | 间接依赖 | npm |
| yallist | 3.1.1 | 间接依赖 | npm |
| is-glob | 4.0.1 | 间接依赖 | npm |
| mimic-fn | 2.1.0 | 间接依赖 | npm |
| is-interactive | 1.0.0 | 间接依赖 | npm |
| debug | 4.3.1 | 间接依赖 | npm |
| yallist | 4.0.0 | 间接依赖 | npm |
| @algolia/requester-node-http | 4.9.1 | 间接依赖 | npm |
| lodash | 4.17.20 | 间接依赖 | npm |
| @docsearch/react | 1.0.0-alpha.28 | 间接依赖 | npm |
| @babel/types | 7.14.2 | 间接依赖 | npm |
| resolve | 1.20.0 | 间接依赖 | npm |
| postcss-modules | 4.0.0 | 间接依赖 | npm |
| indexes-of | 1.0.1 | 间接依赖 | npm |
| slash | 3.0.0 | 间接依赖 | npm |
| vue | 3.0.11 | 间接依赖 | npm |
| colorette | 1.2.2 | 间接依赖 | npm |
| strip-ansi | 6.0.0 | 间接依赖 | npm |
| fast-glob | 3.2.4 | 间接依赖 | npm |
| @algolia/requester-browser-xhr | 4.9.1 | 间接依赖 | npm |
| rollup | 2.48.0 | 间接依赖 | npm |
| hash-sum | 2.0.0 | 间接依赖 | npm |
| safe-buffer | 5.2.1 | 间接依赖 | npm |
| markdown-it-container | 2.0.0 | 间接依赖 | npm |
| @vue/compiler-dom | 3.0.11 | 间接依赖 | npm |
| run-parallel | 1.1.10 | 间接依赖 | npm |
| @vue/compiler-core | 3.0.11 | 间接依赖 | npm |
| trouter | 2.0.1 | 间接依赖 | npm |
| on-headers | 1.0.2 | 间接依赖 | npm |
| graceful-fs | 4.2.4 | 直接依赖 | npm |
| color-name | 1.1.4 | 间接依赖 | npm |
| @algolia/client-common | 4.9.1 | 间接依赖 | npm |
| vitepress | 0.13.2 | 直接依赖 | npm |
| @algolia/requester-common | 4.9.1 | 间接依赖 | npm |
| buffer | 5.7.1 | 间接依赖 | npm |
| magic-string | 0.25.7 | 间接依赖 | npm |
| ms | 2.1.2 | 间接依赖 | npm |
| base64-js | 1.5.1 | 间接依赖 | npm |
| array-union | 2.1.0 | 间接依赖 | npm |
| source-map | 0.6.1 | 间接依赖 | npm |
| path-parse | 1.0.6 | 间接依赖 | npm |
| lodash.camelcase | 4.3.0 | 间接依赖 | npm |
| kind-of | 6.0.3 | 间接依赖 | npm |
| @algolia/client-search | 4.9.1 | 间接依赖 | npm |
| bluebird | 3.7.2 | 间接依赖 | npm |
| merge2 | 1.4.1 | 间接依赖 | npm |
| @nodelib/fs.walk | 1.2.4 | 间接依赖 | npm |
| delegate | 3.2.0 | 间接依赖 | npm |
| @algolia/client-analytics | 4.9.1 | 间接依赖 | npm |
| totalist | 1.1.0 | 间接依赖 | npm |
| mime-db | 1.47.0 | 间接依赖 | npm |
| micromatch | 4.0.2 | 间接依赖 | npm |
| entities | 2.0.3 | 间接依赖 | npm |
| matchit | 1.1.0 | 间接依赖 | npm |
| postcss-value-parser | 4.1.0 | 间接依赖 | npm |
| @cloudflare/kv-asset-handler | 0.0.12 | 间接依赖 | npm |
| defaults | 1.0.3 | 间接依赖 | npm |
| postcss-modules-extract-imports | 3.0.0 | 间接依赖 | npm |
| @vitejs/plugin-vue | 1.2.2 | 间接依赖 | npm |
| accepts | 1.3.7 | 间接依赖 | npm |
| vitedge | file:../../src | 直接依赖 | npm |
| @francoischalifour/autocomplete-core | 1.0.0-alpha.28 | 间接依赖 | npm |
| merge-source-map | 1.1.0 | 间接依赖 | npm |
| postcss | 8.2.15 | 间接依赖 | npm |
| @docsearch/js | 1.0.0-alpha.28 | 间接依赖 | npm |
| estree-walker | 2.0.1 | 间接依赖 | npm |
| to-fast-properties | 2.0.0 | 间接依赖 | npm |
| ieee754 | 1.2.1 | 间接依赖 | npm |
| compression | 1.7.4 | 间接依赖 | npm |
| markdown-it-emoji | 1.4.0 | 间接依赖 | npm |
| @babel/helper-validator-identifier | 7.14.0 | 间接依赖 | npm |
| @algolia/logger-common | 4.9.1 | 间接依赖 | npm |
| @algolia/client-recommendation | 4.9.1 | 间接依赖 | npm |
| restore-cursor | 3.1.0 | 间接依赖 | npm |
| gray-matter | 4.0.2 | 间接依赖 | npm |
| @algolia/cache-in-memory | 4.9.1 | 间接依赖 | npm |
| tiny-emitter | 2.1.0 | 间接依赖 | npm |
| uc.micro | 1.0.6 | 间接依赖 | npm |
| json5 | 1.0.1 | 间接依赖 | npm |
| clone | 1.0.4 | 间接依赖 | npm |
| mime-db | 1.44.0 | 间接依赖 | npm |
| log-symbols | 4.1.0 | 间接依赖 | npm |
| ansi-styles | 4.3.0 | 间接依赖 | npm |
| @algolia/client-account | 4.9.1 | 间接依赖 | npm |
| @vue/runtime-core | 3.0.11 | 间接依赖 | npm |
| mime-types | 2.1.27 | 间接依赖 | npm |
| string_decoder | 1.3.0 | 间接依赖 | npm |
| postcss-modules-scope | 3.0.0 | 间接依赖 | npm |
| @docsearch/css | 1.0.0-alpha.28 | 间接依赖 | npm |
| fill-range | 7.0.1 | 间接依赖 | npm |
| icss-utils | 5.1.0 | 间接依赖 | npm |
| ignore | 5.1.8 | 间接依赖 | npm |
| postcss-modules-local-by-default | 4.0.0 | 间接依赖 | npm |
| linkify-it | 2.2.0 | 间接依赖 | npm |
| fsevents | 2.3.2 | 直接依赖 | npm |
| negotiator | 0.6.2 | 间接依赖 | npm |
| @polka/url | 1.0.0-next.12 | 间接依赖 | npm |
| icss-replace-symbols | 1.1.0 | 间接依赖 | npm |
| is-extglob | 2.1.1 | 间接依赖 | npm |
| esbuild | 0.11.23 | 间接依赖 | npm |
| js-yaml | 3.14.0 | 间接依赖 | npm |
| path-type | 4.0.0 | 间接依赖 | npm |
| vite | 2.3.2 | 间接依赖 | npm |
| @algolia/cache-common | 4.9.1 | 间接依赖 | npm |
| cli-cursor | 3.1.0 | 间接依赖 | npm |
| postcss-selector-parser | 6.0.4 | 间接依赖 | npm |
| mime | 2.4.6 | 间接依赖 | npm |
| sirv | 1.0.11 | 间接依赖 | npm |
| universalify | 2.0.0 | 间接依赖 | npm |
| reusify | 1.0.4 | 间接依赖 | npm |
| extend-shallow | 2.0.1 | 间接依赖 | npm |
| escape-html | 1.0.3 | 间接依赖 | npm |
| dir-glob | 3.0.1 | 间接依赖 | npm |
| @nodelib/fs.scandir | 2.1.3 | 间接依赖 | npm |
| readable-stream | 3.6.0 | 间接依赖 | npm |
| @polka/url | 0.5.0 | 间接依赖 | npm |
| mime | 2.5.2 | 间接依赖 | npm |
| function-bind | 1.1.1 | 间接依赖 | npm |
| lru-cache | 5.1.1 | 间接依赖 | npm |
| @algolia/transporter | 4.9.1 | 间接依赖 | npm |
| jsonfile | 6.1.0 | 间接依赖 | npm |
| is-extendable | 0.1.1 | 间接依赖 | npm |
| fastq | 1.9.0 | 间接依赖 | npm |
| debug | 2.6.9 | 间接依赖 | npm |
| at-least-node | 1.0.0 | 间接依赖 | npm |
| has-flag | 4.0.0 | 间接依赖 | npm |
| good-listener | 1.2.2 | 间接依赖 | npm |
| supports-color | 7.2.0 | 间接依赖 | npm |
| cssesc | 3.0.0 | 间接依赖 | npm |
| has | 1.0.3 | 间接依赖 | npm |
| is-unicode-supported | 0.1.0 | 间接依赖 | npm |
| glob-parent | 5.1.1 | 间接依赖 | npm |
| markdown-it | 10.0.0 | 间接依赖 | npm |
| is-core-module | 2.4.0 | 间接依赖 | npm |
| @babel/types | 7.12.7 | 间接依赖 | npm |
| loader-utils | 1.4.0 | 间接依赖 | npm |
| diacritics | 1.3.0 | 间接依赖 | npm |
| ora | 5.4.0 | 间接依赖 | npm |
| signal-exit | 3.0.3 | 间接依赖 | npm |
| clipboard | 2.0.6 | 直接依赖 | npm |
| lru-cache | 6.0.0 | 间接依赖 | npm |
| bytes | 3.0.0 | 间接依赖 | npm |
| @algolia/cache-browser-local-storage | 4.9.1 | 间接依赖 | npm |
| mdurl | 1.0.1 | 间接依赖 | npm |
| generic-names | 2.0.1 | 间接依赖 | npm |
| sourcemap-codec | 1.4.8 | 间接依赖 | npm |
| nanoid | 3.1.23 | 间接依赖 | npm |
| csstype | 2.6.14 | 间接依赖 | npm |
| string-hash | 1.1.3 | 间接依赖 | npm |
| @vue/runtime-dom | 3.0.11 | 间接依赖 | npm |
| @vue/reactivity | 3.0.11 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| braces | 3.0.2 | 间接依赖 | npm |
| onetime | 5.1.2 | 间接依赖 | npm |
| esprima | 4.0.1 | 间接依赖 | npm |
| @nodelib/fs.stat | 2.0.3 | 间接依赖 | npm |
| @cloudflare/workers-types | 2.1.0 | 间接依赖 | npm |
| strip-bom-string | 1.0.0 | 间接依赖 | npm |
| @vue/shared | 3.0.11 | 间接依赖 | npm |
| @francoischalifour/autocomplete-preset-algolia | 1.0.0-alpha.28 | 间接依赖 | npm |
| @types/mime | 2.0.3 | 间接依赖 | npm |
| @babel/helper-validator-identifier | 7.10.4 | 间接依赖 | npm |
| @vue/server-renderer | 3.0.11 | 间接依赖 | npm |
| @vue/compiler-sfc | 3.0.11 | 间接依赖 | npm |
| picomatch | 2.2.2 | 间接依赖 | npm |
| select | 1.1.2 | 间接依赖 | npm |
| postcss-modules-values | 4.0.0 | 间接依赖 | npm |
| safe-buffer | 5.1.2 | 间接依赖 | npm |
| cli-spinners | 2.6.0 | 间接依赖 | npm |
| minimist | 1.2.5 | 间接依赖 | npm |
| vary | 1.1.2 | 间接依赖 | npm |
| globby | 11.0.3 | 间接依赖 | npm |