基础信息
项目名称:xinyu198736/js2image
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1719976641785806848/1719976641940996096
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| minimist 原型污染漏洞 | 原型污染 | MPS-2020-3516 | CVE-2020-7598 | 中危 |
| org.webjars.bower:underscore 代码注入漏洞 | 代码注入 | MPS-2021-3658 | CVE-2021-23358 | 高危 |
| minimist 安全漏洞 | 原型污染 | MPS-2021-38405 | CVE-2021-44906 | 严重 |
| follow-redirects | 侵犯隐私 | MPS-2022-0815 | CVE-2022-0155 | 中危 |
| uglify-js | ReDoS | MPS-2022-14112 | 中危 | |
| parse-url跨站脚本漏洞 | XSS | MPS-2022-20044 | CVE-2022-2217 | 中危 |
| parse-url SSRF漏洞 | SSRF | MPS-2022-20045 | CVE-2022-2216 | 严重 |
| parse-url 跨站脚本漏洞 | XSS | MPS-2022-20046 | CVE-2022-2218 | 中危 |
| follow-redirects | 未授权敏感信息泄露 | MPS-2022-3636 | CVE-2022-0536 | 中危 |
| parse-url | 未授权敏感信息泄露 | MPS-2022-4780 | CVE-2022-0722 | 高危 |
| parse-url | SSRF | MPS-2022-54120 | CVE-2022-2900 | 严重 |
| parse-url 安全漏洞 | 输入的错误解释 | MPS-2022-57049 | CVE-2022-3224 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| underscore | 1.8.3 | 1.12.1 | 直接依赖 | 建议修复 |
| parse-url | 1.3.11 | 8.1.0 | 间接依赖 | 建议修复 |
| minimist | 1.2.0 | 1.2.6 | 直接依赖 | 建议修复 |
| uglify-js | 2.8.29 | 3.14.3 | 直接依赖 | 可选修复 |
| follow-redirects | 0.2.0 | 1.14.8 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 71 | 低 |
| BSD-2-Clause | 1 | 低 |
| ISC | 2 | 低 |
| BSD-3-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| window-size | 0.1.0 | 间接依赖 | npm |
| err | 1.1.1 | 间接依赖 | npm |
| couleurs | 6.0.9 | 间接依赖 | npm |
| pixel-white-bg | 1.0.7 | 间接依赖 | npm |
| lwip-pixels | 1.1.8 | 间接依赖 | npm |
| camelcase | 1.2.1 | 间接依赖 | npm |
| is-percent | 1.0.10 | 间接依赖 | npm |
| underscore | 1.8.3 | 直接依赖 | npm |
| lazy-cache | 1.0.4 | 间接依赖 | npm |
| one-by-one | 3.2.6 | 间接依赖 | npm |
| queuedo | 0.9.7 | 间接依赖 | npm |
| compute-size | 1.0.11 | 间接依赖 | npm |
| gm | 1.23.1 | 间接依赖 | npm |
| terminal-char-width | 1.0.8 | 间接依赖 | npm |
| supports-color | 3.2.3 | 间接依赖 | npm |
| uglify-js | 2.8.29 | 直接依赖 | npm |
| same-time | 2.3.3 | 间接依赖 | npm |
| prgm-installed | 1.0.9 | 间接依赖 | npm |
| noop6 | 1.0.7 | 间接依赖 | npm |
| is-windows | 0.1.1 | 间接依赖 | npm |
| yargs | 3.10.0 | 间接依赖 | npm |
| pngjs | 2.3.1 | 间接依赖 | npm |
| imgpx | 1.0.11 | 间接依赖 | npm |
| decamelize | 1.2.0 | 间接依赖 | npm |
| parse-url | 1.3.11 | 间接依赖 | npm |
| repeat-string | 1.6.1 | 间接依赖 | npm |
| last-char | 1.3.9 | 间接依赖 | npm |
| function.name | 1.0.10 | 间接依赖 | npm |
| array-parallel | 0.1.3 | 间接依赖 | npm |
| kind-of | 3.2.2 | 间接依赖 | npm |
| assured | 1.0.12 | 间接依赖 | npm |
| minimist | 1.2.0 | 直接依赖 | npm |
| which | 1.3.0 | 间接依赖 | npm |
| asciify-pixel | 1.2.12 | 间接依赖 | npm |
| ms | 2.0.0 | 间接依赖 | npm |
| array-series | 0.1.5 | 间接依赖 | npm |
| image-to-ascii | 3.0.11 | 直接依赖 | npm |
| wordwrap | 0.0.2 | 间接依赖 | npm |
| fixed-or-percent | 1.0.10 | 间接依赖 | npm |
| source-map | 0.5.7 | 间接依赖 | npm |
| asciify-pixel-matrix | 1.0.12 | 间接依赖 | npm |
| obj-def | 1.0.6 | 间接依赖 | npm |
| iterate-object | 1.3.2 | 间接依赖 | npm |
| image-parser | 1.2.6 | 间接依赖 | npm |
| pixel-bg | 1.0.8 | 间接依赖 | npm |
| bluebird | 3.5.1 | 直接依赖 | npm |
| ansi-styles | 3.2.1 | 间接依赖 | npm |
| cross-spawn | 4.0.2 | 间接依赖 | npm |
| center-align | 0.1.3 | 间接依赖 | npm |
| color-convert | 1.9.1 | 间接依赖 | npm |
| uglify-to-browserify | 1.0.2 | 间接依赖 | npm |
| url-remote | 1.1.7 | 间接依赖 | npm |
| walkdo | 0.9.6 | 直接依赖 | npm |
| longest | 1.0.1 | 间接依赖 | npm |
| typpy | 2.3.10 | 间接依赖 | npm |
| percent-value | 1.0.7 | 间接依赖 | npm |
| url-local | 1.1.7 | 间接依赖 | npm |
| lru-cache | 4.1.2 | 间接依赖 | npm |
| color-name | 1.1.3 | 间接依赖 | npm |
| deffy | 2.2.2 | 间接依赖 | npm |
| lwip2 | 1.0.13 | 间接依赖 | npm |
| pixel-class | 1.0.7 | 间接依赖 | npm |
| custom-return | 1.0.10 | 间接依赖 | npm |
| follow-redirects | 0.2.0 | 间接依赖 | npm |
| tinyreq | 3.3.1 | 间接依赖 | npm |
| gm-tools | 1.0.10 | 间接依赖 | npm |
| sliced | 1.0.1 | 间接依赖 | npm |
| ansy | 1.0.13 | 间接依赖 | npm |
| debug | 3.1.0 | 间接依赖 | npm |
| cb-buffer | 2.1.7 | 间接依赖 | npm |
| right-align | 0.1.3 | 间接依赖 | npm |
| lwipify | 2.0.10 | 间接依赖 | npm |
| map-o | 2.0.8 | 间接依赖 | npm |
| ul | 5.2.13 | 间接依赖 | npm |
| stream-consume | 0.1.1 | 间接依赖 | npm |
| cliui | 2.1.0 | 间接依赖 | npm |
| align-text | 0.1.4 | 间接依赖 | npm |
| gm-installed | 1.0.8 | 间接依赖 | npm |