基础信息
项目名称:hyahatiph-labs/mass
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1718729284876288000/1718729284930813952
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| 低危 | ||||
| Spring Framework | 反序列化 | MPS-2020-0057 | CVE-2016-1000027 | 严重 |
| Spring Framework | 日志输出的转义处理不恰当 | MPS-2021-18854 | CVE-2021-22060 | 中危 |
| Pivotal Spring Framework 日志注入漏洞 | 日志输出的转义处理不恰当 | MPS-2021-18890 | CVE-2021-22096 | 中危 |
| com.h2database:h2 | XXE | MPS-2021-19502 | CVE-2021-23463 | 严重 |
| Netty Bzip2Decoder 存在资源穷尽漏洞 | 拒绝服务 | MPS-2021-28116 | CVE-2021-37136 | 高危 |
| Netty 存在资源穷尽漏洞 | 拒绝服务 | MPS-2021-28117 | CVE-2021-37137 | 高危 |
| H2数据库存在JNDI注入漏洞 | 反序列化 | MPS-2021-33243 | CVE-2021-42392 | 严重 |
| Quality Open Software logback JNDI注入漏洞 | 反序列化 | MPS-2021-33911 | CVE-2021-42550 | 中危 |
| Netty | HTTP请求走私 | MPS-2021-36922 | CVE-2021-43797 | 中危 |
| Apache Tomcat 条件竞争漏洞 | 竞争条件 | MPS-2021-37218 | CVE-2021-43980 | 低危 |
| Vmware Spring Framework 安全漏洞 | 不加限制或调节的资源分配 | MPS-2022-1080 | CVE-2022-22950 | 中危 |
| Pivotal Spring Framework 安全限制绕过漏洞 | 大小写敏感处理不恰当 | MPS-2022-1098 | CVE-2022-22968 | 中危 |
| Spring Framework spring-beans 存在拒绝服务漏洞 | 不加限制或调节的资源分配 | MPS-2022-1101 | CVE-2022-22970 | 中危 |
| io.netty:netty-handler 存在证书验证不恰当漏洞 | 证书验证不恰当 | MPS-2022-12067 | 中危 | |
| Logback SSL证书校验不当漏洞 | 中间人攻击 | MPS-2022-12411 | 中危 | |
| FasterXML Jackson-databind 拒绝服务漏洞 | 拒绝服务 | MPS-2022-12500 | 中危 | |
| Apache Tomcat 本地权限提升漏洞 | 检查时间与使用时间(TOCTOU)的竞争条件 | MPS-2022-1351 | CVE-2022-23181 | 高危 |
| H2 Console 代码注入漏洞 | 代码注入 | MPS-2022-1435 | CVE-2022-23221 | 严重 |
| Netty 存在信息泄露漏洞 | 将资源暴露给错误范围 | MPS-2022-3790 | CVE-2022-24823 | 中危 |
| snakeYAML | 拒绝服务 | MPS-2022-5144 | CVE-2022-25857 | 高危 |
| snakeYAML | 栈缓冲区溢出 | MPS-2022-56040 | CVE-2022-38751 | 中危 |
| snakeYAML | 栈缓冲区溢出 | MPS-2022-56041 | CVE-2022-38752 | 低危 |
| snakeYAML | 栈缓冲区溢出 | MPS-2022-56051 | CVE-2022-38750 | 中危 |
| snakeYAML | 拒绝服务 | MPS-2022-56081 | CVE-2022-38749 | 中危 |
| SnakeYAML | 栈缓冲区溢出 | MPS-2022-58478 | CVE-2022-41854 | 中危 |
| Netty | 解释冲突 | MPS-2022-58552 | CVE-2022-41915 | 中危 |
| FasterXML jackson-databind 小于2.14.0-rc1拒绝服务漏洞 | 拒绝服务 | MPS-2022-58653 | CVE-2022-42003 | 中危 |
| FasterXML jackson-databind 小于2.13.4拒绝服务漏洞 | 拒绝服务 | MPS-2022-58654 | CVE-2022-42004 | 中危 |
| FasterXML jackson-databind 拒绝服务漏洞 | 越界写入 | MPS-2022-6242 | CVE-2020-36518 | 高危 |
| Spring Security通配符路由绕过漏洞 | 关键资源权限分配不当 | MPS-2022-62832 | CVE-2023-20860 | 高危 |
| Spring 处理 SpEL 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-62833 | CVE-2023-20861 | 中危 |
| Spring Expression 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-62835 | CVE-2023-20863 | 高危 |
| Spring Boot 欢迎页功能拒绝服务风险 | 拒绝服务 | MPS-2022-62855 | CVE-2023-20883 | 高危 |
| H2 数据库明文密码问题 | 未授权敏感信息泄露 | MPS-2022-65204 | CVE-2022-45868 | 高危 |
| spring-beans 远程代码执行漏洞(Spring4Shell) | 表达式语言注入 | MPS-2022-6820 | CVE-2022-22965 | 严重 |
| snakeYAML | 反序列化 | MPS-2022-9425 | CVE-2022-1471 | 高危 |
| netplex json-smart 安全漏洞 | 未经控制的递归 | MPS-2023-7760 | CVE-2023-1370 | 高危 |
| jackson-databind 拒绝服务漏洞 | 拒绝服务 | MPS-2023-8438 | CVE-2021-46877 | 中危 |
| Netty 资源管理错误漏洞 | 拒绝服务 | MPS-9u07-bna1 | CVE-2023-34462 | 中危 |
| Apache Tomcat http请求走私漏洞 | 输入验证不恰当 | MPS-b5of-dwyh | CVE-2023-45648 | 中危 |
| Hot Rod 安全漏洞 | 证书验证不恰当 | MPS-b7oj-adm3 | CVE-2023-4586 | 高危 |
| Apache Tomcat 安全漏洞 | 清理环节不完整 | MPS-hz9y-jtfe | CVE-2023-42795 | 中危 |
| Bouncy Castle 信任管理问题漏洞 | 证书验证不恰当 | MPS-i6w7-d48e | CVE-2023-33201 | 中危 |
| Guava | 创建拥有不安全权限的临时文件 | MPS-mfku-xzh3 | CVE-2023-2976 | 中危 |
| Apache Tomcat FORM 重定向漏洞 | 跨站重定向 | MPS-uy56-j8e4 | CVE-2023-41080 | 低危 |
| 【存在争议】FasterXML jackson-databind 代码问题漏洞 | 不加限制或调节的资源分配 | MPS-z1bx-p8y2 | CVE-2023-35116 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| com.fasterxml.jackson.core:jackson-databind | 2.12.3 | 间接依赖 | 建议修复 | |
| org.yaml:snakeyaml | 1.28 | 2.0 | 间接依赖 | 建议修复 |
| ch.qos.logback:logback-core | 1.2.3 | 1.2.8 | 间接依赖 | 建议修复 |
| io.netty:netty-handler | 4.1.65.Final | 间接依赖 | 建议修复 | |
| com.h2database:h2 | 1.4.200 | 直接依赖 | 建议修复 | |
| io.netty:netty-codec | 4.1.65.Final | 4.1.68.Final | 间接依赖 | 建议修复 |
| net.minidev:json-smart | 2.4.7 | 2.4.9 | 间接依赖 | 建议修复 |
| org.springframework:spring-context | 5.3.8 | 5.3.19 | 间接依赖 | 建议修复 |
| org.apache.tomcat.embed:tomcat-embed-core | 9.0.48 | 9.0.81 | 间接依赖 | 建议修复 |
| org.springframework:spring-web | 5.3.8 | 6.0.0 | 间接依赖 | 建议修复 |
| org.springframework:spring-webmvc | 5.3.8 | 5.3.26 | 间接依赖 | 建议修复 |
| org.springframework:spring-beans | 5.3.8 | 5.3.20 | 间接依赖 | 建议修复 |
| io.netty:netty-common | 4.1.65.Final | 4.1.77.Final | 间接依赖 | 可选修复 |
| org.springframework.boot:spring-boot-autoconfigure | 2.5.2 | 2.5.15 | 间接依赖 | 可选修复 |
| org.springframework:spring-core | 5.3.8 | 5.3.26 | 间接依赖 | 可选修复 |
| com.google.guava:guava | 30.1.1-jre | 32.0.0-jre | 直接依赖 | 可选修复 |
| org.bouncycastle:bcprov-jdk15on | 1.70 | 直接依赖 | 可选修复 | |
| org.springframework:spring-expression | 5.3.8 | 5.3.27 | 间接依赖 | 可选修复 |
| org.dom4j:dom4j | 2.1.3 | 间接依赖 | 可选修复 | |
| io.netty:netty-codec-http | 4.1.65.Final | 4.1.86.final | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 116 | 低 |
| Apache-2.0 | 85 | 低 |
| 自定义许可证 | 10 | 低 |
| BSD-2-Clause | 1 | 低 |
| ISC | 5 | 低 |
| BSD-3-Clause | 4 | 低 |
| EPL-1.0 | 4 | 低 |
| EPL-2.0 | 3 | 低 |
| LGPL-2.1 | 1 | 中 |
| MPL-1.1 | 1 | 低 |
| 0BSD | 1 | 低 |
| LGPL-2.1-or-later | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| @material-ui/core | 4.12.3 | 直接依赖 | npm |
| string-width | 4.2.2 | 间接依赖 | npm |
| css-vendor | 2.0.8 | 间接依赖 | npm |
| micromatch | 4.0.4 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-webflux | 2.7.5 | 直接依赖 | maven |
| human-signals | 2.1.0 | 间接依赖 | npm |
| io.netty:netty-resolver-dns | 4.1.65.Final | 间接依赖 | maven |
| org.glassfish.jaxb:txw2 | 2.3.4 | 间接依赖 | maven |
| net.minidev:accessors-smart | 2.4.7 | 间接依赖 | maven |
| strip-final-newline | 2.0.0 | 间接依赖 | npm |
| @babel/runtime | 7.15.4 | 间接依赖 | npm |
| is-unicode-supported | 0.1.0 | 间接依赖 | npm |
| cli-cursor | 3.1.0 | 间接依赖 | npm |
| io.netty:netty-transport-native-epoll | 4.1.65.Final | 间接依赖 | maven |
| io.netty:netty-resolver-dns-native-macos | 4.1.65.Final | 间接依赖 | maven |
| ms | 2.1.2 | 间接依赖 | npm |
| org.springframework:spring-jdbc | 5.3.8 | 间接依赖 | maven |
| jss-plugin-vendor-prefixer | 10.7.1 | 间接依赖 | npm |
| prettier-plugin-java | 1.4.0 | 直接依赖 | npm |
| com.google.guava:listenablefuture | 9999.0-empty-to-avoid-conflict-with-guava | 间接依赖 | maven |
| json-parse-even-better-errors | 2.3.1 | 间接依赖 | npm |
| path-key | 3.1.1 | 间接依赖 | npm |
| husky | 7.0.2 | 直接依赖 | npm |
| @types/scheduler | 0.16.2 | 间接依赖 | npm |
| @babel/helper-validator-identifier | 7.14.9 | 间接依赖 | npm |
| io.netty:netty-handler | 4.1.65.Final | 间接依赖 | maven |
| lines-and-columns | 1.1.6 | 间接依赖 | npm |
| org.springframework:spring-orm | 5.3.8 | 间接依赖 | maven |
| org.springframework.boot:spring-boot-starter-logging | 2.5.2 | 间接依赖 | maven |
| stringify-object | 3.3.0 | 间接依赖 | npm |
| org.xmlunit:xmlunit-core | 2.8.2 | 间接依赖 | maven |
| onetime | 5.1.2 | 间接依赖 | npm |
| org.apache.logging.log4j:log4j-api | 2.14.1 | 间接依赖 | maven |
| isexe | 2.0.0 | 间接依赖 | npm |
| org.ow2.asm:asm | 9.1 | 间接依赖 | maven |
| @types/prop-types | 15.7.4 | 间接依赖 | npm |
| ansi-colors | 4.1.1 | 间接依赖 | npm |
| hyphenate-style-name | 1.0.4 | 间接依赖 | npm |
| yaml | 1.10.2 | 间接依赖 | npm |
| log-update | 4.0.0 | 间接依赖 | npm |
| @types/uuid | 8.3.1 | 直接依赖 | npm |
| prettier | 2.3.1 | 间接依赖 | npm |
| ansi-escapes | 4.3.2 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter | 2.5.2 | 间接依赖 | maven |
| ch.qos.logback:logback-core | 1.2.3 | 间接依赖 | maven |
| org.springframework.boot:spring-boot-test | 2.5.2 | 间接依赖 | maven |
| import-fresh | 3.3.0 | 间接依赖 | npm |
| through | 2.3.8 | 间接依赖 | npm |
| parse-json | 5.2.0 | 间接依赖 | npm |
| org.yaml:snakeyaml | 1.28 | 间接依赖 | maven |
| org.apache.tomcat.embed:tomcat-embed-websocket | 9.0.48 | 间接依赖 | maven |
| com.google.errorprone:error_prone_annotations | 2.5.1 | 间接依赖 | maven |
| org.checkerframework:checker-qual | 3.8.0 | 间接依赖 | maven |
| error-ex | 1.3.2 | 间接依赖 | npm |
| execa | 5.1.1 | 间接依赖 | npm |
| io.netty:netty-codec-socks | 4.1.65.Final | 间接依赖 | maven |
| org.springframework.boot:spring-boot-starter-json | 2.5.2 | 间接依赖 | maven |
| is-regexp | 1.0.0 | 间接依赖 | npm |
| color-convert | 2.0.1 | 间接依赖 | npm |
| jss-plugin-global | 10.7.1 | 间接依赖 | npm |
| type-fest | 0.21.3 | 间接依赖 | npm |
| antlr:antlr | 2.7.7 | 间接依赖 | maven |
| clean-stack | 2.2.0 | 间接依赖 | npm |
| org.glassfish.jaxb:jaxb-runtime | 2.3.4 | 间接依赖 | maven |
| org.springframework.boot:spring-boot-starter-aop | 2.5.2 | 间接依赖 | maven |
| io.netty:netty-codec-http | 4.1.65.Final | 间接依赖 | maven |
| org.assertj:assertj-core | 3.19.0 | 间接依赖 | maven |
| org.hamcrest:hamcrest | 2.2 | 间接依赖 | maven |
| which | 2.0.2 | 间接依赖 | npm |
| lint-staged | 11.1.2 | 直接依赖 | npm |
| enquirer | 2.3.6 | 间接依赖 | npm |
| org.slf4j:slf4j-api | 1.7.31 | 间接依赖 | maven |
| cli-truncate | 2.1.0 | 间接依赖 | npm |
| clsx | 1.1.1 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-test | 2.5.2 | 直接依赖 | maven |
| com.fasterxml.jackson.datatype:jackson-datatype-jsr310 | 2.12.3 | 间接依赖 | maven |
| jakarta.activation:jakarta.activation-api | 1.2.2 | 间接依赖 | maven |
| com.sun.istack:istack-commons-runtime | 3.0.12 | 间接依赖 | maven |
| @types/react | 17.0.21 | 间接依赖 | npm |
| @material-ui/utils | 4.11.2 | 间接依赖 | npm |
| org.springframework:spring-webflux | 5.3.8 | 间接依赖 | maven |
| jss-plugin-rule-value-function | 10.7.1 | 间接依赖 | npm |
| is-arrayish | 0.2.1 | 间接依赖 | npm |
| jakarta.transaction:jakarta.transaction-api | 1.3.3 | 间接依赖 | maven |
| @babel/highlight | 7.14.5 | 间接依赖 | npm |
| merge-stream | 2.0.0 | 间接依赖 | npm |
| com.google.guava:failureaccess | 1.0.1 | 间接依赖 | maven |
| org.javassist:javassist | 3.27.0-GA | 间接依赖 | maven |
| lodash | 4.17.21 | 间接依赖 | npm |
| get-stream | 6.0.1 | 间接依赖 | npm |
| commons-codec:commons-codec | 1.15 | 直接依赖 | maven |
| io.netty:netty-codec | 4.1.65.Final | 间接依赖 | maven |
| com.google.j2objc:j2objc-annotations | 1.3 | 间接依赖 | maven |
| org.springframework.boot:spring-boot-starter-data-jpa | 2.5.2 | 直接依赖 | maven |
| jakarta.annotation:jakarta.annotation-api | 1.3.5 | 间接依赖 | maven |
| debug | 4.3.2 | 间接依赖 | npm |
| is-fullwidth-code-point | 3.0.0 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| com.fasterxml.jackson.datatype:jackson-datatype-jdk8 | 2.12.3 | 间接依赖 | maven |
| org.springframework.boot:spring-boot-devtools | 2.5.2 | 直接依赖 | maven |
| tslib | 1.14.1 | 间接依赖 | npm |
| emoji-regex | 8.0.0 | 间接依赖 | npm |
| com.vaadin.external.google:android-json | 0.0.20131108.vaadin1 | 间接依赖 | maven |
| org.springframework:spring-test | 5.3.8 | 间接依赖 | maven |
| org.springframework.boot:spring-boot | 2.5.2 | 间接依赖 | maven |
| slice-ansi | 3.0.0 | 间接依赖 | npm |
| org.springframework:spring-beans | 5.3.8 | 间接依赖 | maven |
| please-upgrade-node | 3.2.0 | 间接依赖 | npm |
| @material-ui/styles | 4.11.4 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-test-autoconfigure | 2.5.2 | 间接依赖 | maven |
| org.springframework:spring-tx | 5.3.8 | 间接依赖 | maven |
| normalize-path | 3.0.0 | 间接依赖 | npm |
| signal-exit | 3.0.4 | 间接依赖 | npm |
| shebang-regex | 3.0.0 | 间接依赖 | npm |
| aggregate-error | 3.1.0 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-web | 2.5.2 | 直接依赖 | maven |
| org.slf4j:jul-to-slf4j | 1.7.31 | 间接依赖 | maven |
| indent-string | 4.0.0 | 间接依赖 | npm |
| @material-ui/types | 5.1.0 | 间接依赖 | npm |
| listr2 | 3.12.1 | 间接依赖 | npm |
| popper.js | 1.16.1-lts | 间接依赖 | npm |
| com.google.code.findbugs:jsr305 | 3.0.2 | 间接依赖 | maven |
| chalk | 4.1.2 | 间接依赖 | npm |
| scheduler | 0.20.2 | 间接依赖 | npm |
| jss | 10.7.1 | 间接依赖 | npm |
| org.dom4j:dom4j | 2.1.3 | 间接依赖 | maven |
| has-flag | 4.0.0 | 间接依赖 | npm |
| jss-plugin-props-sort | 10.7.1 | 间接依赖 | npm |
| p-map | 4.0.0 | 间接依赖 | npm |
| ansi-styles | 4.3.0 | 间接依赖 | npm |
| io.projectreactor.netty:reactor-netty-http | 1.0.8 | 间接依赖 | maven |
| io.netty:netty-transport-native-unix-common | 4.1.65.Final | 间接依赖 | maven |
| org.springframework:spring-expression | 5.3.8 | 间接依赖 | maven |
| to-regex-range | 5.0.1 | 间接依赖 | npm |
| hoist-non-react-statics | 3.3.2 | 间接依赖 | npm |
| cross-spawn | 7.0.3 | 间接依赖 | npm |
| org.apache.tomcat.embed:tomcat-embed-core | 9.0.48 | 间接依赖 | maven |
| mimic-fn | 2.1.0 | 间接依赖 | npm |
| com.zaxxer:HikariCP | 4.0.3 | 间接依赖 | maven |
| org.springframework.data:spring-data-commons | 2.5.2 | 间接依赖 | maven |
| com.fasterxml.jackson.module:jackson-module-parameter-names | 2.12.3 | 间接依赖 | maven |
| io.netty:netty-buffer | 4.1.65.Final | 间接依赖 | maven |
| org.springframework.boot:spring-boot-autoconfigure | 2.5.2 | 间接依赖 | maven |
| ch.qos.logback:logback-classic | 1.2.3 | 间接依赖 | maven |
| regexp-to-ast | 0.4.0 | 间接依赖 | npm |
| @babel/code-frame | 7.14.5 | 间接依赖 | npm |
| picomatch | 2.3.0 | 间接依赖 | npm |
| com.jayway.jsonpath:json-path | 2.5.0 | 间接依赖 | maven |
| org.springframework.data:spring-data-jpa | 2.5.2 | 间接依赖 | maven |
| object-assign | 4.1.1 | 间接依赖 | npm |
| org.jboss:jandex | 2.2.3.Final | 间接依赖 | maven |
| io.projectreactor.netty:reactor-netty-core | 1.0.8 | 间接依赖 | maven |
| cosmiconfig | 7.0.1 | 间接依赖 | npm |
| io.netty:netty-handler-proxy | 4.1.65.Final | 间接依赖 | maven |
| color-name | 1.1.4 | 间接依赖 | npm |
| io.netty:netty-codec-dns | 4.1.65.Final | 间接依赖 | maven |
| java-parser | 1.4.0 | 间接依赖 | npm |
| react | 17.0.2 | 直接依赖 | npm |
| @types/parse-json | 4.0.0 | 间接依赖 | npm |
| semver-compare | 1.0.0 | 间接依赖 | npm |
| get-own-enumerable-property-symbols | 3.0.2 | 间接依赖 | npm |
| csstype | 2.6.18 | 间接依赖 | npm |
| jss-plugin-nested | 10.7.1 | 间接依赖 | npm |
| parent-module | 1.0.1 | 间接依赖 | npm |
| prop-types | 15.7.2 | 间接依赖 | npm |
| org.springframework:spring-context | 5.3.8 | 间接依赖 | maven |
| org.apache.logging.log4j:log4j-to-slf4j | 2.14.1 | 间接依赖 | maven |
| net.minidev:json-smart | 2.4.7 | 间接依赖 | maven |
| org.hibernate:hibernate-core | 5.4.32.Final | 间接依赖 | maven |
| @material-ui/system | 4.12.1 | 间接依赖 | npm |
| io.netty:netty-common | 4.1.65.Final | 间接依赖 | maven |
| com.fasterxml:classmate | 1.5.1 | 间接依赖 | maven |
| astral-regex | 2.0.0 | 间接依赖 | npm |
| path-type | 4.0.0 | 间接依赖 | npm |
| npm-run-path | 4.0.1 | 间接依赖 | npm |
| rxjs | 6.6.7 | 间接依赖 | npm |
| org.aspectj:aspectjweaver | 1.9.6 | 间接依赖 | maven |
| io.netty:netty-transport | 4.1.65.Final | 间接依赖 | maven |
| org.apache.tomcat.embed:tomcat-embed-el | 9.0.48 | 间接依赖 | maven |
| @emotion/hash | 0.8.0 | 间接依赖 | npm |
| braces | 3.0.2 | 间接依赖 | npm |
| react-dom | 17.0.2 | 直接依赖 | npm |
| com.h2database:h2 | 1.4.200 | 直接依赖 | maven |
| chevrotain | 6.5.0 | 间接依赖 | npm |
| io.netty:netty-codec-http2 | 4.1.65.Final | 间接依赖 | maven |
| jakarta.xml.bind:jakarta.xml.bind-api | 2.3.3 | 间接依赖 | maven |
| com.sun.activation:jakarta.activation | 1.2.2 | 间接依赖 | maven |
| io.netty:netty-resolver | 4.1.65.Final | 间接依赖 | maven |
| ansi-regex | 5.0.1 | 间接依赖 | npm |
| wrap-ansi | 7.0.0 | 间接依赖 | npm |
| colorette | 1.4.0 | 间接依赖 | npm |
| strip-ansi | 6.0.0 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-tomcat | 2.5.2 | 间接依赖 | maven |
| tiny-warning | 1.0.3 | 间接依赖 | npm |
| jakarta.persistence:jakarta.persistence-api | 2.2.3 | 间接依赖 | maven |
| @types/react-transition-group | 4.4.3 | 间接依赖 | npm |
| com.google.guava:guava | 30.1.1-jre | 直接依赖 | maven |
| org.skyscreamer:jsonassert | 1.5.0 | 间接依赖 | maven |
| is-number | 7.0.0 | 间接依赖 | npm |
| org.bouncycastle:bcprov-jdk15on | 1.70 | 直接依赖 | maven |
| org.springframework.boot:spring-boot-starter-jdbc | 2.5.2 | 间接依赖 | maven |
| com.fasterxml.jackson.core:jackson-core | 2.12.3 | 间接依赖 | maven |
| callsites | 3.1.0 | 间接依赖 | npm |
| commander | 7.2.0 | 间接依赖 | npm |
| supports-color | 7.2.0 | 间接依赖 | npm |
| is-in-browser | 1.1.3 | 间接依赖 | npm |
| react-transition-group | 4.4.2 | 间接依赖 | npm |
| org.jboss.logging:jboss-logging | 3.4.2.Final | 间接依赖 | maven |
| fill-range | 7.0.1 | 间接依赖 | npm |
| org.springframework:spring-web | 5.3.8 | 间接依赖 | maven |
| jss-plugin-default-unit | 10.7.1 | 间接依赖 | npm |
| javax.persistence:javax.persistence-api | 2.2 | 直接依赖 | maven |
| org.springframework.boot:spring-boot-starter-reactor-netty | 2.5.2 | 间接依赖 | maven |
| string-argv | 0.3.1 | 间接依赖 | npm |
| loose-envify | 1.4.0 | 间接依赖 | npm |
| escape-string-regexp | 1.0.5 | 直接依赖 | npm |
| org.springframework:spring-aop | 5.3.8 | 间接依赖 | maven |
| org.springframework:spring-aspects | 5.3.8 | 间接依赖 | maven |
| org.springframework:spring-core | 5.3.8 | 间接依赖 | maven |
| jss-plugin-camel-case | 10.7.1 | 间接依赖 | npm |
| org.springframework:spring-jcl | 5.3.8 | 间接依赖 | maven |
| shebang-command | 2.0.0 | 间接依赖 | npm |
| react-is | 17.0.2 | 间接依赖 | npm |
| resolve-from | 4.0.0 | 间接依赖 | npm |
| org.hibernate.common:hibernate-commons-annotations | 5.1.2.Final | 间接依赖 | maven |
| is-stream | 2.0.1 | 间接依赖 | npm |
| org.projectlombok:lombok | 1.18.20 | 直接依赖 | maven |
| is-obj | 1.0.1 | 间接依赖 | npm |
| regenerator-runtime | 0.13.9 | 间接依赖 | npm |
| restore-cursor | 3.1.0 | 间接依赖 | npm |
| dom-helpers | 5.2.1 | 间接依赖 | npm |
| log-symbols | 4.1.0 | 间接依赖 | npm |
| org.springframework:spring-webmvc | 5.3.8 | 间接依赖 | maven |
| com.fasterxml.jackson.core:jackson-databind | 2.12.3 | 间接依赖 | maven |
| com.fasterxml.jackson.core:jackson-annotations | 2.12.3 | 间接依赖 | maven |
| uuid | 8.3.2 | 直接依赖 | npm |