joomla/joomla-cms 软件分析报告

基础信息

项目名称:joomla/joomla-cms

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1719254201543737344/1719254205050175488

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
低危
Joomla 路径遍历漏洞 路径遍历 MPS-2021-2536 CVE-2021-26028 中危
TinyMCE 安全漏洞 XSS MPS-eotc-m5x4 CVE-2023-45818 中危
Tiny Technologies TinyMCE 安全漏洞 XSS MPS-gpyx-i472 CVE-2023-45819 中危
PostCSS 安全漏洞 注入 MPS-y3tx-jzms CVE-2023-44270 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
joomla/archive 3.0.0 3.9.25 间接依赖 可选修复
tinymce 6.7.0 6.7.1 间接依赖 可选修复
postcss 8.4.30 8.4.31 间接依赖 可选修复
enshrined/svg-sanitize 0.15.4 0.16.0 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
MIT 141
BSD-3-Clause 9
Apache-2.0 2
ISC 4
GPL-2.0-or-later 2
W3C 1
CC0-1.0 1
0BSD 1
BSD 1
BSD-2-Clause 1
LGPL-2.1 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
@lezer/lr 1.3.10 间接依赖 npm
symfony/ldap v6.3.0 间接依赖 composer
mark.js 8.11.1 间接依赖 npm
laminas/laminas-diactoros 2.25.2 间接依赖 composer
dom-walk 0.1.2 间接依赖 npm
joomla/console 3.0.0 间接依赖 composer
joomla/database 3.0.0 间接依赖 composer
@codemirror/view 6.17.1 间接依赖 npm
fuse.js 3.6.1 间接依赖 npm
diff 5.1.0 间接依赖 npm
@lezer/php 1.0.1 间接依赖 npm
jquery-migrate 3.4.1 间接依赖 npm
jakeasmith/http_build_url 1.0.1 间接依赖 composer
voku/portable-ascii 2.0.1 间接依赖 composer
punycode 2.3.0 间接依赖 npm
jquery 3.7.1 间接依赖 npm
doctrine/inflector 1.4.4 间接依赖 composer
vue-focus-lock 2.0.5 间接依赖 npm
@codemirror/search 6.5.2 间接依赖 npm
psr/event-dispatcher 1.0.0 间接依赖 composer
joomla/input 3.0.0 间接依赖 composer
joomla/uri 3.0.0 间接依赖 composer
joomla/application 3.0.0 间接依赖 composer
web-token/signature-pack 3.2.8 间接依赖 composer
web-token/jwt-signature-algorithm-hmac 3.2.8 间接依赖 composer
joomla/oauth2 3.0.0 间接依赖 composer
maximebf/debugbar v1.19.0 间接依赖 composer
joomla/filter 3.0.0 间接依赖 composer
psr/link 1.1.1 间接依赖 composer
jfcherng/php-mb-string 2.0.1 间接依赖 composer
symfony/console v6.3.4 间接依赖 composer
vue-demi 0.13.11 间接依赖 npm
joomla/event 3.0.0 间接依赖 composer
joomla/archive 3.0.0 间接依赖 composer
@lezer/markdown 1.1.0 间接依赖 npm
joomla/session 3.0.0 间接依赖 composer
voku/portable-utf8 6.0.13 间接依赖 composer
joomla-ui-custom-elements 0.2.0 间接依赖 npm
wamania/php-stemmer v3.0.1 间接依赖 composer
joomla/utilities 3.0.0 间接依赖 composer
focus-lock 0.11.6 间接依赖 npm
psr/container 1.1.2 间接依赖 composer
source-map-js 1.0.2 间接依赖 npm
bootstrap 5.3.2 间接依赖 npm
lcobucci/clock 3.0.0 间接依赖 composer
joomla/router 3.0.0 间接依赖 composer
focus-visible 5.2.0 间接依赖 npm
MSVCRT.dll 间接依赖
@lezer/json 1.0.1 间接依赖 npm
brick/math 0.11.0 间接依赖 composer
@lezer/xml 1.0.2 间接依赖 npm
joomla/filesystem 3.0.0 间接依赖 composer
paragonie/sodium_compat v1.20.0 间接依赖 composer
tippy.js 6.3.7 间接依赖 npm
phpseclib/phpseclib 3.0.23 间接依赖 composer
symfony/service-contracts v2.5.2 间接依赖 composer
web-auth/metadata-service 4.5.2 间接依赖 composer
flatted 3.2.7 间接依赖 npm
joomla/data 3.0.0 间接依赖 composer
symfony/polyfill-php72 间接依赖 composer
defuse/php-encryption v2.4.0 间接依赖 composer
@babel/runtime 7.22.15 间接依赖 npm
enshrined/svg-sanitize 0.15.4 间接依赖 composer
psr/http-factory 1.0.2 间接依赖 composer
regenerator-runtime 0.14.0 间接依赖 npm
symfony/web-link v6.3.0 间接依赖 composer
crelt 1.0.6 间接依赖 npm
@lezer/html 1.3.6 间接依赖 npm
@webcomponents/webcomponentsjs 2.8.0 间接依赖 npm
web-auth/cose-lib 4.2.3 间接依赖 composer
dragula 3.7.3 间接依赖 npm
estree-walker 2.0.2 间接依赖 npm
paragonie/random_compat 间接依赖 composer
@lezer/common 1.0.4 间接依赖 npm
fig/link-util 1.2.0 间接依赖 composer
tobscure/json-api dev-joomla-backports 间接依赖 composer
@codemirror/language 6.9.0 间接依赖 npm
@claviska/jquery-minicolors 2.3.6 间接依赖 npm
symfony/polyfill-intl-grapheme v1.28.0 间接依赖 composer
symfony/uid v6.3.0 间接依赖 composer
symfony/error-handler v6.3.2 间接依赖 composer
atoa 1.0.0 间接依赖 npm
global 4.4.0 间接依赖 npm
vuex-persist 3.1.3 间接依赖 npm
@codemirror/lang-css 6.2.1 间接依赖 npm
redux 4.2.1 间接依赖 npm
spomky-labs/pki-framework 1.1.0 间接依赖 composer
algo26-matthias/idna-convert v3.1.0 间接依赖 composer
typo3/phar-stream-wrapper v3.1.7 间接依赖 composer
@codemirror/lang-html 6.4.6 间接依赖 npm
magic-string 0.25.9 间接依赖 npm
composer/ca-bundle 1.3.7 间接依赖 composer
symfony/string v6.3.2 间接依赖 composer
@codemirror/lang-php 6.0.1 间接依赖 npm
short-and-sweet 1.0.4 间接依赖 npm
web-token/jwt-signature-algorithm-experimental 3.2.8 间接依赖 composer
@codemirror/lang-markdown 6.2.0 间接依赖 npm
@vue/compiler-dom 3.2.45 间接依赖 npm
svg4everybody 2.1.9 间接依赖 npm
tslib 2.6.2 间接依赖 npm
joomla/language 3.0.0 间接依赖 composer
choices.js 9.1.0 间接依赖 npm
KERNEL32.dll 间接依赖
@codemirror/commands 6.2.5 间接依赖 npm
process 0.11.10 间接依赖 npm
@lezer/highlight 1.1.6 间接依赖 npm
joomla/http 3.0.0 间接依赖 composer
style-mod 4.1.0 间接依赖 npm
w3c-keyname 2.2.8 间接依赖 npm
sourcemap-codec 1.4.8 间接依赖 npm
vuex 4.1.0 间接依赖 npm
accessibility 3.0.17 间接依赖 npm
@popperjs/core 2.11.8 间接依赖 npm
spomky-labs/cbor-php 3.0.2 间接依赖 composer
@codemirror/autocomplete 6.9.0 间接依赖 npm
web-token/jwt-signature 3.2.8 间接依赖 composer
min-document 2.19.0 间接依赖 npm
custom-event 1.0.1 间接依赖 npm
joomla/authentication 3.0.0 间接依赖 composer
joomla/crypt 3.0.0 间接依赖 composer
@floating-ui/dom 1.5.1 间接依赖 npm
jfcherng/php-color-output 3.0.0 间接依赖 composer
@lezer/javascript 1.4.7 间接依赖 npm
contra 1.9.4 间接依赖 npm
@codemirror/lang-javascript 6.2.1 间接依赖 npm
source-map 0.6.1 间接依赖 npm
joomla/oauth1 3.0.0 间接依赖 composer
postcss 8.4.30 间接依赖 npm
@vue/devtools-api 6.5.0 间接依赖 npm
ticky 1.0.1 间接依赖 npm
@codemirror/lang-xml 6.0.2 间接依赖 npm
psr/http-message 1.1 间接依赖 composer
@floating-ui/core 1.4.1 间接依赖 npm
hotkeys-js 3.12.0 间接依赖 npm
joomla/di 3.0.0 间接依赖 composer
@babel/parser 7.22.16 间接依赖 npm
@vue/runtime-dom 3.2.45 间接依赖 npm
phpseclib/bcmath_compat 2.0.1 间接依赖 composer
willdurand/negotiation 3.1.0 间接依赖 composer
web-token/jwt-signature-algorithm-rsa 3.2.8 间接依赖 composer
nanoid 3.3.6 间接依赖 npm
@floating-ui/utils 0.1.1 间接依赖 npm
psr/http-client 1.0.3 间接依赖 composer
@lezer/css 1.1.3 间接依赖 npm
web-auth/webauthn-lib 4.5.2 间接依赖 composer
skipto 4.1.7 间接依赖 npm
cropperjs 1.6.1 间接依赖 npm
dragonmantank/cron-expression v3.3.3 间接依赖 composer
dotenv 16.3.1 间接依赖 npm
tinymce 6.7.0 间接依赖 npm
roboto-fontface 0.10.0 间接依赖 npm
metismenujs 1.4.0 间接依赖 npm
symfony/polyfill-intl-normalizer v1.28.0 间接依赖 composer
webmozart/assert 1.11.0 间接依赖 composer
chosen-js 1.8.7 间接依赖 npm
psr/log 3.0.0 间接依赖 composer
@vue/server-renderer 3.2.45 间接依赖 npm
symfony/polyfill-ctype v1.28.0 间接依赖 composer
symfony/yaml v6.3.3 间接依赖 composer
@fortawesome/fontawesome-free 6.4.2 间接依赖 npm
shepherd.js 11.2.0 间接依赖 npm
@codemirror/state 6.2.1 间接依赖 npm
jfcherng/php-sequence-matcher 4.0.3 间接依赖 composer
qrcode-generator 1.4.4 间接依赖 npm
joomla/registry 3.0.0 间接依赖 composer
jfcherng/php-diff 6.15.3 间接依赖 composer
web-token/jwt-core 3.2.8 间接依赖 composer
symfony/polyfill-uuid v1.28.0 间接依赖 composer
csstype 2.6.21 间接依赖 npm
symfony/polyfill-iconv v1.28.0 间接依赖 composer
web-token/jwt-signature-algorithm-ecdsa 3.2.8 间接依赖 composer
@vue/runtime-core 3.2.45 间接依赖 npm
@vue/reactivity 3.2.45 间接依赖 npm
google/recaptcha 1.3.0 间接依赖 composer
@vue/shared 3.2.45 间接依赖 npm
mediaelement 5.1.1 间接依赖 npm
phpmailer/phpmailer v6.8.1 间接依赖 composer
psr/clock 1.0.0 间接依赖 composer
symfony/deprecation-contracts v3.3.0 间接依赖 composer
@vue/compiler-ssr 3.2.45 间接依赖 npm
web-token/jwt-signature-algorithm-none 3.2.8 间接依赖 composer
web-token/jwt-signature-algorithm-eddsa 3.2.8 间接依赖 composer
es-module-shims 1.8.0 间接依赖 npm
vue 3.2.45 间接依赖 npm
paragonie/constant_time_encoding v2.6.3 间接依赖 composer
@vue/compiler-sfc 3.2.45 间接依赖 npm
symfony/polyfill-mbstring v1.28.0 间接依赖 composer
deepmerge 4.3.1 间接依赖 npm
awesomplete 1.1.5 间接依赖 npm
@joomla/joomla-a11y-checker 1.0.0 间接依赖 npm
php5ts.dll 间接依赖
picocolors 1.0.0 间接依赖 npm
symfony/var-dumper v6.3.4 间接依赖 composer
@codemirror/lint 6.4.1 间接依赖 npm
symfony/options-resolver v6.3.0 间接依赖 composer
crossvent 1.5.5 间接依赖 npm
@codemirror/lang-json 6.0.1 间接依赖 npm
lcobucci/jwt 4.3.0 间接依赖 composer
joomla/string 3.0.0 间接依赖 composer
(0)
上一篇 2023年10月31日
下一篇 2023年10月31日

相关推荐

  • bjnortier/shapesmith 软件分析报告

    基础信息 项目名称:bjnortier/shapesmith 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716362710710272000/1716362710756409344 此报告由Murphysec…

    软件分析 2023年10月23日
    0
  • jojowwbb/PenEditor 软件分析报告

    基础信息 项目名称:jojowwbb/PenEditor 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1719236734084579328/1719236734294294528 此报告由Murphysec提供…

    软件分析 2023年10月31日
    0
  • kwbock/KBTextField 软件分析报告

    基础信息 项目名称:kwbock/KBTextField 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721352513696649216/1730563159498383360 此报告由Murphysec提供…

    软件分析 2023年12月1日
    0
  • bibryam/docker-maven-plugin 软件分析报告

    基础信息 项目名称:bibryam/docker-maven-plugin 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716316704866959360/1716316709493276672 此报告由Mu…

    软件分析 2023年10月23日
    0
  • dwalker39/DWBubbleMenuButton 软件分析报告

    基础信息 项目名称:dwalker39/DWBubbleMenuButton 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721152242031001600/1725856399801933824 此报告由M…

    软件分析 2023年11月18日
    0