基础信息
项目名称:jspm/jspm-cli
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1719300930888581120/1719300930972467200
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| node-semver 安全漏洞 | ReDoS | MPS-2022-5166 | CVE-2022-25883 | 高危 |
| Babel 插件任意代码执行漏洞漏洞【Poc公开】 | 不完整的黑名单 | MPS-avb9-j50z | CVE-2023-45133 | 严重 |
| undici 信息泄露漏洞 | MPS-g6am-4ry2 | CVE-2023-45143 | 低危 | |
| protobuf.js 安全漏洞 | 原型污染 | MPS-ql7z-axpv | CVE-2023-36665 | 严重 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| protobufjs | 7.2.3 | 7.2.4 | 间接依赖 | 建议修复 |
| @babel/traverse | 7.21.4 | 7.23.2 | 间接依赖 | 建议修复 |
| semver | 6.3.0 | 7.5.2 | 间接依赖 | 可选修复 |
| semver | 7.4.0 | 7.5.2 | 间接依赖 | 可选修复 |
| undici | 5.21.2 | 5.26.2 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| ISC | 45 | 低 |
| MIT | 172 | 低 |
| BSD-3-Clause | 12 | 低 |
| BSD-2-Clause | 2 | 低 |
| Apache-2.0 | 5 | 低 |
| CC-BY-4.0 | 1 | 低 |
| 0BSD | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| it-first | 2.0.1 | 间接依赖 | npm |
| whatwg-url | 5.0.0 | 间接依赖 | npm |
| wrappy | 1.0.2 | 间接依赖 | npm |
| debug | 4.3.4 | 间接依赖 | npm |
| smart-buffer | 4.2.0 | 间接依赖 | npm |
| @protobufjs/aspromise | 1.1.2 | 间接依赖 | npm |
| color-convert | 1.9.3 | 间接依赖 | npm |
| retry | 0.12.0 | 间接依赖 | npm |
| safer-buffer | 2.1.2 | 间接依赖 | npm |
| parse-duration | 1.0.3 | 间接依赖 | npm |
| webidl-conversions | 3.0.1 | 间接依赖 | npm |
| has-flag | 3.0.0 | 间接依赖 | npm |
| minipass-pipeline | 1.2.4 | 间接依赖 | npm |
| @libp2p/interface-peer-id | 1.1.2 | 间接依赖 | npm |
| @babel/helper-annotate-as-pure | 7.18.6 | 间接依赖 | npm |
| it-stream-types | 1.0.5 | 间接依赖 | npm |
| chownr | 2.0.0 | 间接依赖 | npm |
| streamsearch | 1.1.0 | 间接依赖 | npm |
| uint8arraylist | 2.4.3 | 间接依赖 | npm |
| change-case | 4.1.2 | 间接依赖 | npm |
| @jridgewell/set-array | 1.1.2 | 间接依赖 | npm |
| electron-fetch | 1.9.1 | 间接依赖 | npm |
| @protobufjs/eventemitter | 1.1.0 | 间接依赖 | npm |
| @multiformats/multiaddr-to-uri | 9.0.4 | 间接依赖 | npm |
| minipass-collect | 1.0.2 | 间接依赖 | npm |
| is-plain-obj | 2.1.0 | 间接依赖 | npm |
| @babel/helper-replace-supers | 7.20.7 | 间接依赖 | npm |
| unique-filename | 1.1.1 | 间接依赖 | npm |
| minipass-fetch | 1.4.1 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| @protobufjs/base64 | 1.1.2 | 间接依赖 | npm |
| aggregate-error | 3.1.0 | 间接依赖 | npm |
| @babel/compat-data | 7.21.4 | 间接依赖 | npm |
| dag-jose | 3.0.1 | 间接依赖 | npm |
| @babel/helper-simple-access | 7.20.2 | 间接依赖 | npm |
| wcwidth | 1.0.1 | 间接依赖 | npm |
| multiformats | 10.0.3 | 间接依赖 | npm |
| @protobufjs/utf8 | 1.1.0 | 间接依赖 | npm |
| ipfs-http-client | 59.0.0 | 间接依赖 | npm |
| electron-to-chromium | 1.4.365 | 间接依赖 | npm |
| concat-map | 0.0.1 | 间接依赖 | npm |
| globals | 11.12.0 | 间接依赖 | npm |
| minipass-sized | 1.0.3 | 间接依赖 | npm |
| mimic-fn | 2.1.0 | 间接依赖 | npm |
| @multiformats/multiaddr | 11.6.1 | 间接依赖 | npm |
| it-map | 2.0.1 | 间接依赖 | npm |
| sver | 1.8.4 | 间接依赖 | npm |
| header-case | 2.0.4 | 间接依赖 | npm |
| @protobufjs/path | 1.1.2 | 间接依赖 | npm |
| ws | 8.13.0 | 间接依赖 | npm |
| browser-headers | 0.4.1 | 间接依赖 | npm |
| http-cache-semantics | 4.1.1 | 间接依赖 | npm |
| @babel/helper-optimise-call-expression | 7.18.6 | 间接依赖 | npm |
| promise-retry | 2.0.1 | 间接依赖 | npm |
| depd | 2.0.0 | 间接依赖 | npm |
| varint | 6.0.0 | 间接依赖 | npm |
| @protobufjs/fetch | 1.1.0 | 间接依赖 | npm |
| get-iterator | 1.0.2 | 间接依赖 | npm |
| @babel/helper-split-export-declaration | 7.18.6 | 间接依赖 | npm |
| @jridgewell/resolve-uri | 3.1.0 | 间接依赖 | npm |
| rollup | 3.29.2 | 间接依赖 | npm |
| it-pushable | 3.1.2 | 间接依赖 | npm |
| path-case | 3.0.4 | 间接依赖 | npm |
| minipass | 3.3.6 | 间接依赖 | npm |
| ora | 6.3.0 | 间接依赖 | npm |
| @multiformats/multiaddr | 12.1.2 | 间接依赖 | npm |
| inherits | 2.0.4 | 间接依赖 | npm |
| err-code | 2.0.3 | 间接依赖 | npm |
| caniuse-lite | 1.0.30001480 | 间接依赖 | npm |
| @babel/template | 7.20.7 | 间接依赖 | npm |
| to-fast-properties | 2.0.0 | 间接依赖 | npm |
| browser-readablestream-to-it | 1.0.3 | 间接依赖 | npm |
| https-proxy-agent | 5.0.1 | 间接依赖 | npm |
| @babel/parser | 7.21.4 | 间接依赖 | npm |
| @libp2p/interface-peer-info | 1.0.9 | 间接依赖 | npm |
| once | 1.4.0 | 间接依赖 | npm |
| ipfs-core-utils | 0.17.0 | 间接依赖 | npm |
| it-glob | 1.0.2 | 间接依赖 | npm |
| infer-owner | 1.0.4 | 间接依赖 | npm |
| multiformats | 11.0.2 | 间接依赖 | npm |
| @babel/helpers | 7.21.0 | 间接依赖 | npm |
| is-unicode-supported | 1.3.0 | 间接依赖 | npm |
| is-electron | 2.2.2 | 间接依赖 | npm |
| @libp2p/peer-id | 1.1.18 | 间接依赖 | npm |
| @gar/promisify | 1.1.3 | 间接依赖 | npm |
| native-fetch | 3.0.0 | 间接依赖 | npm |
| busboy | 1.6.0 | 间接依赖 | npm |
| glob | 9.3.5 | 间接依赖 | npm |
| color-name | 1.1.3 | 间接依赖 | npm |
| @protobufjs/inquire | 1.1.0 | 间接依赖 | npm |
| ipfs-utils | 9.0.14 | 间接依赖 | npm |
| @babel/preset-typescript | 7.21.4 | 间接依赖 | npm |
| ieee754 | 1.2.1 | 间接依赖 | npm |
| @babel/helper-validator-option | 7.21.0 | 间接依赖 | npm |
| interface-store | 5.1.0 | 间接依赖 | npm |
| it-all | 2.0.1 | 间接依赖 | npm |
| cacache | 15.3.0 | 间接依赖 | npm |
| iconv-lite | 0.6.3 | 间接依赖 | npm |
| browser-readablestream-to-it | 2.0.2 | 间接依赖 | npm |
| readable-stream | 3.6.2 | 间接依赖 | npm |
| @babel/generator | 7.21.4 | 间接依赖 | npm |
| ansi-styles | 3.2.1 | 间接依赖 | npm |
| onetime | 5.1.2 | 间接依赖 | npm |
| @babel/helper-hoist-variables | 7.18.6 | 间接依赖 | npm |
| yallist | 4.0.0 | 间接依赖 | npm |
| update-browserslist-db | 1.0.11 | 间接依赖 | npm |
| @protobufjs/float | 1.0.2 | 间接依赖 | npm |
| rimraf | 3.0.2 | 间接依赖 | npm |
| cli-cursor | 4.0.0 | 间接依赖 | npm |
| brace-expansion | 1.1.11 | 间接依赖 | npm |
| abort-controller | 3.0.0 | 间接依赖 | npm |
| event-target-shim | 5.0.1 | 间接依赖 | npm |
| @babel/code-frame | 7.21.4 | 间接依赖 | npm |
| receptacle | 1.3.2 | 间接依赖 | npm |
| tslib | 2.5.0 | 间接依赖 | npm |
| undici | 5.21.2 | 间接依赖 | npm |
| is-interactive | 2.0.0 | 间接依赖 | npm |
| restore-cursor | 4.0.0 | 间接依赖 | npm |
| @jspm/import-map | 1.0.7 | 间接依赖 | npm |
| semver | 6.3.0 | 间接依赖 | npm |
| @babel/plugin-syntax-typescript | 7.21.4 | 间接依赖 | npm |
| sentence-case | 3.0.4 | 间接依赖 | npm |
| rimraf | 4.4.1 | 间接依赖 | npm |
| interface-datastore | 8.2.0 | 间接依赖 | npm |
| uint8arrays | 4.0.3 | 间接依赖 | npm |
| iso-url | 1.2.1 | 间接依赖 | npm |
| yallist | 3.1.1 | 间接依赖 | npm |
| @protobufjs/pool | 1.1.0 | 间接依赖 | npm |
| jsesc | 2.5.2 | 间接依赖 | npm |
| protobufjs | 7.2.3 | 间接依赖 | npm |
| @jridgewell/sourcemap-codec | 1.4.14 | 间接依赖 | npm |
| @jspm/generator | 1.1.12 | 间接依赖 | npm |
| @babel/helper-compilation-targets | 7.21.4 | 间接依赖 | npm |
| timeout-abort-controller | 3.0.0 | 间接依赖 | npm |
| @babel/helper-plugin-utils | 7.20.2 | 间接依赖 | npm |
| p-fifo | 1.0.0 | 间接依赖 | npm |
| @babel/plugin-syntax-import-assertions | 7.20.0 | 间接依赖 | npm |
| escape-string-regexp | 1.0.5 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| imurmurhash | 0.1.4 | 间接依赖 | npm |
| react-native-fetch-api | 3.0.0 | 间接依赖 | npm |
| @libp2p/interface-keychain | 1.0.8 | 间接依赖 | npm |
| unique-slug | 2.0.2 | 间接依赖 | npm |
| @jridgewell/trace-mapping | 0.3.18 | 间接依赖 | npm |
| strip-ansi | 7.0.1 | 间接依赖 | npm |
| p-defer | 4.0.0 | 间接依赖 | npm |
| @libp2p/interface-peer-id | 2.0.1 | 间接依赖 | npm |
| minipass | 4.2.8 | 间接依赖 | npm |
| @protobufjs/codegen | 2.0.4 | 间接依赖 | npm |
| blob-to-it | 2.0.2 | 间接依赖 | npm |
| @babel/helper-function-name | 7.21.0 | 间接依赖 | npm |
| @babel/helper-create-class-features-plugin | 7.21.4 | 间接依赖 | npm |
| @babel/plugin-syntax-jsx | 7.21.4 | 间接依赖 | npm |
| base64-js | 1.5.1 | 间接依赖 | npm |
| @jridgewell/gen-mapping | 0.3.3 | 间接依赖 | npm |
| interface-datastore | 7.0.4 | 间接依赖 | npm |
| is-lambda | 1.0.1 | 间接依赖 | npm |
| @babel/helper-string-parser | 7.19.4 | 间接依赖 | npm |
| @babel/helper-validator-identifier | 7.19.1 | 间接依赖 | npm |
| err-code | 3.0.1 | 间接依赖 | npm |
| clone | 1.0.4 | 间接依赖 | npm |
| @ampproject/remapping | 2.2.1 | 间接依赖 | npm |
| chalk | 5.2.0 | 间接依赖 | npm |
| minipass-flush | 1.0.5 | 间接依赖 | npm |
| ssri | 8.0.1 | 间接依赖 | npm |
| balanced-match | 1.0.2 | 间接依赖 | npm |
| minimatch | 3.1.2 | 间接依赖 | npm |
| @libp2p/interface-pubsub | 3.0.7 | 间接依赖 | npm |
| no-case | 3.0.4 | 间接依赖 | npm |
| dot-case | 3.0.4 | 间接依赖 | npm |
| camel-case | 4.1.2 | 间接依赖 | npm |
| @babel/highlight | 7.18.6 | 间接依赖 | npm |
| lower-case | 2.0.2 | 间接依赖 | npm |
| @npmcli/move-file | 1.1.2 | 间接依赖 | npm |
| humanize-ms | 1.2.1 | 间接依赖 | npm |
| @babel/plugin-transform-typescript | 7.21.3 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| @babel/types | 7.21.4 | 间接依赖 | npm |
| constant-case | 3.0.4 | 间接依赖 | npm |
| agent-base | 6.0.2 | 间接依赖 | npm |
| @libp2p/interface-connection | 4.0.0 | 间接依赖 | npm |
| param-case | 3.0.4 | 间接依赖 | npm |
| upper-case | 2.0.2 | 间接依赖 | npm |
| @tootallnate/once | 1.1.2 | 间接依赖 | npm |
| minizlib | 2.1.2 | 间接依赖 | npm |
| ipfs-client | 0.9.2 | 间接依赖 | npm |
| @babel/plugin-transform-modules-commonjs | 7.21.2 | 间接依赖 | npm |
| ms | 2.1.2 | 间接依赖 | npm |
| socks-proxy-agent | 5.0.1 | 间接依赖 | npm |
| fs-minipass | 2.1.0 | 间接依赖 | npm |
| lru-cache | 9.0.3 | 间接依赖 | npm |
| string_decoder | 1.3.0 | 间接依赖 | npm |
| safe-buffer | 5.2.1 | 间接依赖 | npm |
| @babel/helper-environment-visitor | 7.18.9 | 间接依赖 | npm |
| @jridgewell/sourcemap-codec | 1.4.15 | 间接依赖 | npm |
| @babel/traverse | 7.21.4 | 间接依赖 | npm |
| cac | 6.7.14 | 间接依赖 | npm |
| @npmcli/fs | 1.1.1 | 间接依赖 | npm |
| minipass | 5.0.0 | 间接依赖 | npm |
| @chainsafe/netmask | 2.0.0 | 间接依赖 | npm |
| bl | 5.1.0 | 间接依赖 | npm |
| cborg | 1.10.1 | 间接依赖 | npm |
| merge-options | 3.0.4 | 间接依赖 | npm |
| encoding | 0.1.13 | 间接依赖 | npm |
| retimer | 3.0.0 | 间接依赖 | npm |
| inflight | 1.0.6 | 间接依赖 | npm |
| @babel/helper-module-imports | 7.21.4 | 间接依赖 | npm |
| mkdirp | 1.0.4 | 间接依赖 | npm |
| @ipld/dag-pb | 3.0.2 | 间接依赖 | npm |
| @babel/helper-skip-transparent-expression-wrappers | 7.20.0 | 间接依赖 | npm |
| native-fetch | 4.0.2 | 间接依赖 | npm |
| @types/minimatch | 3.0.5 | 间接依赖 | npm |
| wherearewe | 2.0.1 | 间接依赖 | npm |
| p-map | 4.0.0 | 间接依赖 | npm |
| it-last | 2.0.1 | 间接依赖 | npm |
| long | 5.2.3 | 间接依赖 | npm |
| escalade | 3.1.1 | 间接依赖 | npm |
| socks | 2.7.1 | 间接依赖 | npm |
| lru-cache | 5.1.1 | 间接依赖 | npm |
| @ipld/dag-json | 9.1.1 | 间接依赖 | npm |
| ipfs-unixfs | 8.0.0 | 间接依赖 | npm |
| indent-string | 4.0.0 | 间接依赖 | npm |
| es-module-lexer | 1.2.1 | 间接依赖 | npm |
| it-peekable | 2.0.1 | 间接依赖 | npm |
| @libp2p/logger | 2.0.7 | 间接依赖 | npm |
| fast-fifo | 1.2.0 | 间接依赖 | npm |
| ipfs-core-types | 0.13.0 | 间接依赖 | npm |
| path-is-absolute | 1.0.1 | 间接依赖 | npm |
| promise-inflight | 1.0.1 | 间接依赖 | npm |
| any-signal | 3.0.1 | 间接依赖 | npm |
| node-fetch | 2.6.9 | 间接依赖 | npm |
| fs.realpath | 1.0.0 | 间接依赖 | npm |
| capital-case | 1.0.4 | 间接依赖 | npm |
| clean-stack | 2.2.0 | 间接依赖 | npm |
| ipfs-grpc-protocol | 0.7.0 | 间接依赖 | npm |
| gensync | 1.0.0-beta.2 | 间接依赖 | npm |
| snake-case | 3.0.4 | 间接依赖 | npm |
| stdin-discarder | 0.1.0 | 间接依赖 | npm |
| lru-cache | 6.0.0 | 间接依赖 | npm |
| upper-case-first | 2.0.2 | 间接依赖 | npm |
| defaults | 1.0.4 | 间接依赖 | npm |
| make-fetch-happen | 8.0.14 | 间接依赖 | npm |
| tar | 6.1.13 | 间接依赖 | npm |
| p-defer | 3.0.0 | 间接依赖 | npm |
| json5 | 2.2.3 | 间接依赖 | npm |
| @chainsafe/is-ip | 2.0.1 | 间接依赖 | npm |
| signal-exit | 3.0.7 | 间接依赖 | npm |
| node-releases | 2.0.10 | 间接依赖 | npm |
| @ipld/dag-cbor | 8.0.1 | 间接依赖 | npm |
| browserslist | 4.21.5 | 间接依赖 | npm |
| stream-to-it | 0.2.4 | 间接依赖 | npm |
| cli-spinners | 2.8.0 | 间接依赖 | npm |
| dns-over-http-resolver | 2.1.1 | 间接依赖 | npm |
| @babel/core | 7.21.4 | 间接依赖 | npm |
| http-proxy-agent | 4.0.1 | 间接依赖 | npm |
| @babel/helper-member-expression-to-functions | 7.21.0 | 间接依赖 | npm |
| it-all | 1.0.6 | 间接依赖 | npm |
| agentkeepalive | 4.3.0 | 间接依赖 | npm |
| nanoid | 4.0.2 | 间接依赖 | npm |
| buffer | 6.0.3 | 间接依赖 | npm |
| @libp2p/interfaces | 3.3.1 | 间接依赖 | npm |
| nanoid | 3.3.6 | 间接依赖 | npm |
| convert-source-map | 1.9.0 | 间接依赖 | npm |
| @babel/helper-module-transforms | 7.21.2 | 间接依赖 | npm |
| semver | 7.4.0 | 间接依赖 | npm |
| supports-color | 5.5.0 | 间接依赖 | npm |
| chalk | 2.4.2 | 间接依赖 | npm |
| @improbable-eng/grpc-web | 0.15.0 | 间接依赖 | npm |
| log-symbols | 5.1.0 | 间接依赖 | npm |
| ip | 2.0.0 | 间接依赖 | npm |
| path-scurry | 1.7.0 | 间接依赖 | npm |
| tr46 | 0.0.3 | 间接依赖 | npm |
| ipfs-grpc-client | 0.12.0 | 间接依赖 | npm |
| pascal-case | 3.1.2 | 间接依赖 | npm |
| @types/node | 18.15.11 | 间接依赖 | npm |
| glob | 7.2.3 | 间接依赖 | npm |
| it-to-stream | 1.0.0 | 间接依赖 | npm |