基础信息
项目名称:Xstoudi/alduin
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1720001525690531840/1720001525757640704
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| postcss | 8.4.24 | 8.4.31 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 149 | 低 |
| 0BSD | 2 | 低 |
| BSD-3-Clause | 6 | 低 |
| CC0-1.0 | 1 | 低 |
| Unlicense | 3 | 低 |
| BSD-2-Clause | 4 | 低 |
| ISC | 4 | 低 |
| Apache-2.0 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| @emotion/serialize | 1.1.2 | 间接依赖 | npm |
| react-is | 16.13.1 | 间接依赖 | npm |
| tslib | 2.5.3 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| tauri-plugin-sql-api | 0.0.0 | 间接依赖 | npm |
| clsx | 1.2.1 | 间接依赖 | npm |
| deepmerge | 4.3.1 | 间接依赖 | npm |
| @emotion/utils | 1.2.1 | 间接依赖 | npm |
| hyphenate-style-name | 1.0.4 | 间接依赖 | npm |
| hoist-non-react-statics | 3.3.2 | 间接依赖 | npm |
| process-nextick-args | 2.0.1 | 间接依赖 | npm |
| fast-loops | 1.1.3 | 间接依赖 | npm |
| resize-observer-polyfill | 1.5.1 | 间接依赖 | npm |
| @emotion/react | 11.11.1 | 间接依赖 | npm |
| fastest-stable-stringify | 2.0.2 | 间接依赖 | npm |
| regenerator-runtime | 0.13.11 | 间接依赖 | npm |
| @types/parse-json | 4.0.0 | 间接依赖 | npm |
| css-in-js-utils | 3.1.0 | 间接依赖 | npm |
| resolve | 1.22.2 | 间接依赖 | npm |
| @radix-ui/react-direction | 1.0.1 | 间接依赖 | npm |
| detect-node-es | 1.1.0 | 间接依赖 | npm |
| react-universal-interface | 0.6.2 | 间接依赖 | npm |
| color-name | 1.1.3 | 间接依赖 | npm |
| @radix-ui/react-select | 1.2.2 | 间接依赖 | npm |
| toggle-selection | 1.0.6 | 间接依赖 | npm |
| @babel/highlight | 7.22.5 | 间接依赖 | npm |
| jszip | 3.10.1 | 间接依赖 | npm |
| react-remove-scroll | 2.5.5 | 间接依赖 | npm |
| @babel/helper-module-imports | 7.22.5 | 间接依赖 | npm |
| @radix-ui/react-compose-refs | 1.0.1 | 间接依赖 | npm |
| tauri-plugin-autostart-api | 0.0.0 | 间接依赖 | npm |
| stack-generator | 2.0.10 | 间接依赖 | npm |
| chalk | 2.4.2 | 间接依赖 | npm |
| @radix-ui/primitive | 1.0.1 | 间接依赖 | npm |
| has-flag | 3.0.0 | 间接依赖 | npm |
| @floating-ui/react-dom | 2.0.1 | 间接依赖 | npm |
| @radix-ui/react-popper | 1.1.2 | 间接依赖 | npm |
| loose-envify | 1.4.0 | 间接依赖 | npm |
| mdn-data | 2.0.14 | 间接依赖 | npm |
| @emotion/unitless | 0.8.1 | 间接依赖 | npm |
| screenfull | 5.2.0 | 间接依赖 | npm |
| nano-css | 5.3.5 | 间接依赖 | npm |
| tauri-plugin-store-api | 0.0.0 | 间接依赖 | npm |
| @tanstack/query-core | 4.32.6 | 间接依赖 | npm |
| @radix-ui/react-use-size | 1.0.1 | 间接依赖 | npm |
| @radix-ui/react-collection | 1.0.3 | 间接依赖 | npm |
| get-nonce | 1.0.1 | 间接依赖 | npm |
| stylis | 4.2.0 | 间接依赖 | npm |
| source-map | 0.5.7 | 间接依赖 | npm |
| @radix-ui/rect | 1.0.1 | 间接依赖 | npm |
| @dnd-kit/core | 6.0.8 | 间接依赖 | npm |
| dom-serializer | 2.0.0 | 间接依赖 | npm |
| domhandler | 5.0.3 | 间接依赖 | npm |
| readable-stream | 2.3.8 | 间接依赖 | npm |
| @radix-ui/react-slot | 1.0.2 | 间接依赖 | npm |
| @tanstack/react-query | 4.32.6 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| escape-string-regexp | 4.0.0 | 间接依赖 | npm |
| react-remove-scroll-bar | 2.3.4 | 间接依赖 | npm |
| parse-srcset | 1.0.2 | 间接依赖 | npm |
| ts-easing | 0.2.0 | 间接依赖 | npm |
| use-sidecar | 1.1.2 | 间接依赖 | npm |
| @emotion/is-prop-valid | 1.2.1 | 间接依赖 | npm |
| safe-buffer | 5.1.2 | 间接依赖 | npm |
| immediate | 3.0.6 | 间接依赖 | npm |
| @lukeed/csprng | 1.1.0 | 间接依赖 | npm |
| babel-plugin-macros | 3.1.0 | 间接依赖 | npm |
| invariant | 2.2.4 | 间接依赖 | npm |
| to-fast-properties | 2.0.0 | 间接依赖 | npm |
| yaml | 1.10.2 | 间接依赖 | npm |
| @tauri-apps/api | 1.4.0 | 间接依赖 | npm |
| resolve-from | 4.0.0 | 间接依赖 | npm |
| csstype | 3.1.2 | 间接依赖 | npm |
| @types/js-cookie | 2.2.7 | 间接依赖 | npm |
| domelementtype | 2.3.0 | 间接依赖 | npm |
| lines-and-columns | 1.2.4 | 间接依赖 | npm |
| react-icons | 4.10.1 | 间接依赖 | npm |
| fast-deep-equal | 3.1.3 | 间接依赖 | npm |
| cosmiconfig | 7.1.0 | 间接依赖 | npm |
| @lukeed/uuid | 2.0.1 | 间接依赖 | npm |
| @radix-ui/react-use-callback-ref | 1.0.1 | 间接依赖 | npm |
| @babel/code-frame | 7.22.5 | 间接依赖 | npm |
| @babel/types | 7.22.5 | 间接依赖 | npm |
| lodash | 4.17.21 | 间接依赖 | npm |
| @emotion/hash | 0.9.1 | 间接依赖 | npm |
| @radix-ui/react-focus-guards | 1.0.1 | 间接依赖 | npm |
| @emotion/use-insertion-effect-with-fallbacks | 1.0.1 | 间接依赖 | npm |
| @radix-ui/react-visually-hidden | 1.0.3 | 间接依赖 | npm |
| callsites | 3.1.0 | 间接依赖 | npm |
| error-ex | 1.3.2 | 间接依赖 | npm |
| string_decoder | 1.1.1 | 间接依赖 | npm |
| @emotion/styled | 11.11.0 | 间接依赖 | npm |
| js-cookie | 2.2.1 | 间接依赖 | npm |
| source-map | 0.6.1 | 间接依赖 | npm |
| react-dom | 18.2.0 | 间接依赖 | npm |
| path-parse | 1.0.7 | 间接依赖 | npm |
| @radix-ui/react-id | 1.0.1 | 间接依赖 | npm |
| is-plain-object | 5.0.0 | 间接依赖 | npm |
| @dnd-kit/modifiers | 6.0.1 | 间接依赖 | npm |
| color-convert | 1.9.3 | 间接依赖 | npm |
| @remix-run/router | 1.6.3 | 间接依赖 | npm |
| copy-to-clipboard | 3.3.3 | 间接依赖 | npm |
| @radix-ui/react-presence | 1.0.1 | 间接依赖 | npm |
| @radix-ui/react-use-previous | 1.0.1 | 间接依赖 | npm |
| path-type | 4.0.0 | 间接依赖 | npm |
| import-fresh | 3.3.0 | 间接依赖 | npm |
| json-parse-even-better-errors | 2.3.1 | 间接依赖 | npm |
| lie | 3.3.0 | 间接依赖 | npm |
| use-sync-external-store | 1.2.0 | 间接依赖 | npm |
| @babel/helper-validator-identifier | 7.22.5 | 间接依赖 | npm |
| @floating-ui/dom | 1.4.3 | 间接依赖 | npm |
| @dnd-kit/accessibility | 3.0.1 | 间接依赖 | npm |
| @radix-ui/react-use-controllable-state | 1.0.1 | 间接依赖 | npm |
| error-stack-parser | 2.1.4 | 间接依赖 | npm |
| aria-hidden | 1.2.3 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| htmlparser2 | 8.0.2 | 间接依赖 | npm |
| react-style-singleton | 2.2.1 | 间接依赖 | npm |
| @emotion/sheet | 1.2.2 | 间接依赖 | npm |
| @dnd-kit/utilities | 3.2.1 | 间接依赖 | npm |
| throttle-debounce | 3.0.1 | 间接依赖 | npm |
| react-router-dom | 6.13.0 | 间接依赖 | npm |
| source-map-js | 1.0.2 | 间接依赖 | npm |
| sanitize-html | 2.11.0 | 间接依赖 | npm |
| immer | 10.0.2 | 间接依赖 | npm |
| function-bind | 1.1.1 | 间接依赖 | npm |
| @radix-ui/react-context | 1.0.1 | 间接依赖 | npm |
| @radix-ui/react-use-layout-effect | 1.0.1 | 间接依赖 | npm |
| scheduler | 0.23.0 | 间接依赖 | npm |
| @emotion/babel-plugin | 11.11.0 | 间接依赖 | npm |
| core-util-is | 1.0.3 | 间接依赖 | npm |
| react-use | 17.4.0 | 间接依赖 | npm |
| has | 1.0.3 | 间接依赖 | npm |
| set-harmonic-interval | 1.0.1 | 间接依赖 | npm |
| sourcemap-codec | 1.4.8 | 间接依赖 | npm |
| domutils | 3.1.0 | 间接依赖 | npm |
| supports-color | 5.5.0 | 间接依赖 | npm |
| isarray | 1.0.0 | 间接依赖 | npm |
| @emotion/cache | 11.11.0 | 间接依赖 | npm |
| find-root | 1.1.0 | 间接依赖 | npm |
| @radix-ui/react-primitive | 1.0.3 | 间接依赖 | npm |
| @radix-ui/react-form | 0.0.3 | 间接依赖 | npm |
| inherits | 2.0.4 | 间接依赖 | npm |
| @radix-ui/react-portal | 1.0.3 | 间接依赖 | npm |
| @radix-ui/react-use-rect | 1.0.1 | 间接依赖 | npm |
| react | 18.2.0 | 间接依赖 | npm |
| rtl-css-js | 1.16.1 | 间接依赖 | npm |
| setimmediate | 1.0.5 | 间接依赖 | npm |
| @radix-ui/react-focus-scope | 1.0.3 | 间接依赖 | npm |
| @radix-ui/number | 1.0.1 | 间接依赖 | npm |
| inline-style-prefixer | 6.0.4 | 间接依赖 | npm |
| css-tree | 1.1.3 | 间接依赖 | npm |
| @emotion/weak-memoize | 0.3.1 | 间接依赖 | npm |
| @radix-ui/react-switch | 1.0.3 | 间接依赖 | npm |
| tslib | 2.6.1 | 间接依赖 | npm |
| js-xxhash | 2.0.0 | 间接依赖 | npm |
| postcss | 8.4.24 | 间接依赖 | npm |
| @xobotyi/scrollbar-width | 1.9.5 | 间接依赖 | npm |
| source-map | 0.5.6 | 间接依赖 | npm |
| @dnd-kit/sortable | 7.0.2 | 间接依赖 | npm |
| @radix-ui/react-use-escape-keydown | 1.0.3 | 间接依赖 | npm |
| parent-module | 1.0.1 | 间接依赖 | npm |
| @emotion/css | 11.11.2 | 间接依赖 | npm |
| @radix-ui/react-dismissable-layer | 1.0.4 | 间接依赖 | npm |
| convert-source-map | 1.9.0 | 间接依赖 | npm |
| @emotion/memoize | 0.8.1 | 间接依赖 | npm |
| is-arrayish | 0.2.1 | 间接依赖 | npm |
| ansi-styles | 3.2.1 | 间接依赖 | npm |
| stacktrace-js | 2.0.2 | 间接依赖 | npm |
| @floating-ui/core | 1.3.1 | 间接依赖 | npm |
| entities | 4.5.0 | 间接依赖 | npm |
| is-core-module | 2.12.1 | 间接依赖 | npm |
| stackframe | 1.3.4 | 间接依赖 | npm |
| @radix-ui/react-dialog | 1.0.4 | 间接依赖 | npm |
| fast-shallow-equal | 1.0.0 | 间接依赖 | npm |
| react-router | 6.13.0 | 间接依赖 | npm |
| nanoid | 3.3.6 | 间接依赖 | npm |
| supports-preserve-symlinks-flag | 1.0.0 | 间接依赖 | npm |
| escape-string-regexp | 1.0.5 | 间接依赖 | npm |
| @radix-ui/react-label | 2.0.2 | 间接依赖 | npm |
| @babel/runtime | 7.22.5 | 间接依赖 | npm |
| @babel/helper-string-parser | 7.22.5 | 间接依赖 | npm |
| @radix-ui/react-arrow | 1.0.3 | 间接依赖 | npm |
| pako | 1.0.11 | 间接依赖 | npm |
| parse-json | 5.2.0 | 间接依赖 | npm |
| use-callback-ref | 1.3.0 | 间接依赖 | npm |
| stacktrace-gps | 3.1.2 | 间接依赖 | npm |