基础信息
项目名称:Cacti/cacti
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1722276853960437760/1722276854048518144
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| node-semver 安全漏洞 | ReDoS | MPS-2022-5166 | CVE-2022-25883 | 高危 |
| NPM包tslib内嵌恶意代码 | 内嵌恶意代码 | MPS-j72n-38lk | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| tslib | 2.3.1 | 间接依赖 | 强烈建议修复 | |
| semver | 5.7.2 | 7.5.2 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 77 | 低 |
| BSD-2-Clause | 7 | 低 |
| CC0-1.0 | 1 | 低 |
| ISC | 6 | 低 |
| LGPL-2.1 | 1 | 中 |
| BSD-3-Clause | 4 | 低 |
| Apache-2.0 | 1 | 低 |
| 0BSD | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| friendsofphp/php-cs-fixer | v3.13.0 | 间接依赖 | composer |
| composer/xdebug-handler | 3.0.3 | 间接依赖 | composer |
| domelementtype | 2.3.0 | 间接依赖 | npm |
| supports-color | 7.2.0 | 间接依赖 | npm |
| mdn-data | 2.0.28 | 间接依赖 | npm |
| prettier | 3.0.3 | 直接依赖 | npm |
| basic-auth | 2.0.1 | 间接依赖 | npm |
| sax | 1.2.4 | 间接依赖 | npm |
| commander | 7.2.0 | 间接依赖 | npm |
| whatwg-encoding | 2.0.0 | 间接依赖 | npm |
| domutils | 3.0.1 | 间接依赖 | npm |
| iconv-lite | 0.6.3 | 间接依赖 | npm |
| symfony/filesystem | v6.2.0 | 间接依赖 | composer |
| errno | 0.1.7 | 直接依赖 | npm |
| chalk | 4.1.2 | 间接依赖 | npm |
| nth-check | 2.1.1 | 间接依赖 | npm |
| symfony/event-dispatcher | v6.2.0 | 间接依赖 | composer |
| union | 0.5.0 | 间接依赖 | npm |
| color-name | 1.1.4 | 间接依赖 | npm |
| html-encoding-sniffer | 3.0.0 | 间接依赖 | npm |
| symfony/options-resolver | v6.2.0 | 间接依赖 | composer |
| symfony/event-dispatcher-contracts | v3.2.0 | 间接依赖 | composer |
| csso | 5.0.5 | 间接依赖 | npm |
| psr/log | 3.0.0 | 间接依赖 | composer |
| get-intrinsic | 1.1.3 | 间接依赖 | npm |
| doctrine/deprecations | v1.0.0 | 间接依赖 | composer |
| phpmailer/phpmailer | v6.7.1 | 间接依赖 | composer |
| safe-buffer | 5.1.2 | 间接依赖 | npm |
| ansi-styles | 4.3.0 | 间接依赖 | npm |
| source-map | 0.6.1 | 直接依赖 | npm |
| symfony/polyfill-php81 | v1.27.0 | 间接依赖 | composer |
| object-inspect | 1.12.2 | 间接依赖 | npm |
| he | 1.2.0 | 间接依赖 | npm |
| opener | 1.5.2 | 间接依赖 | npm |
| eventemitter3 | 4.0.7 | 间接依赖 | npm |
| psr/event-dispatcher | 1.0.0 | 间接依赖 | composer |
| symfony/deprecation-contracts | v3.2.0 | 间接依赖 | composer |
| pify | 4.0.1 | 间接依赖 | npm |
| requires-port | 1.0.0 | 间接依赖 | npm |
| symfony/polyfill-intl-normalizer | v1.27.0 | 间接依赖 | composer |
| http-proxy | 1.18.1 | 间接依赖 | npm |
| symfony/polyfill-intl-grapheme | v1.27.0 | 间接依赖 | composer |
| semver | 5.7.2 | 间接依赖 | npm |
| less | 4.2.0 | 直接依赖 | npm |
| symfony/stopwatch | v6.2.0 | 间接依赖 | composer |
| svgo | 3.0.2 | 直接依赖 | npm |
| debug | 3.2.7 | 间接依赖 | npm |
| doctrine/annotations | 1.14.1 | 间接依赖 | composer |
| symfony/polyfill-mbstring | v1.27.0 | 间接依赖 | composer |
| qs | 6.11.0 | 间接依赖 | npm |
| css-what | 6.1.0 | 间接依赖 | npm |
| make-dir | 2.1.0 | 直接依赖 | npm |
| symfony/process | v6.2.0 | 间接依赖 | composer |
| symfony/console | v6.2.1 | 间接依赖 | composer |
| lodash | 4.17.21 | 间接依赖 | npm |
| symfony/finder | v6.2.0 | 间接依赖 | composer |
| sebastian/diff | 4.0.4 | 间接依赖 | composer |
| symfony/string | v6.2.0 | 间接依赖 | composer |
| mime | 1.6.0 | 直接依赖 | npm |
| @trysound/sax | 0.2.0 | 间接依赖 | npm |
| tslib | 2.3.1 | 间接依赖 | npm |
| function-bind | 1.1.1 | 间接依赖 | npm |
| safer-buffer | 2.1.2 | 间接依赖 | npm |
| psr/container | 2.0.2 | 间接依赖 | composer |
| symfony/service-contracts | v3.1.1 | 间接依赖 | composer |
| has-flag | 4.0.0 | 间接依赖 | npm |
| entities | 4.4.0 | 间接依赖 | npm |
| dom-serializer | 2.0.0 | 间接依赖 | npm |
| side-channel | 1.0.4 | 间接依赖 | npm |
| color-convert | 2.0.1 | 间接依赖 | npm |
| corser | 2.0.1 | 间接依赖 | npm |
| doctrine/lexer | 2.1.0 | 间接依赖 | composer |
| symfony/polyfill-php80 | v1.27.0 | 间接依赖 | composer |
| prr | 1.0.1 | 间接依赖 | npm |
| http-server | 14.1.1 | 直接依赖 | npm |
| mkdirp | 0.5.5 | 间接依赖 | npm |
| graceful-fs | 4.1.11 | 直接依赖 | npm |
| async | 2.6.4 | 间接依赖 | npm |
| source-map-js | 1.0.2 | 间接依赖 | npm |
| ms | 2.1.3 | 间接依赖 | npm |
| url-join | 4.0.1 | 间接依赖 | npm |
| css-select | 5.1.0 | 间接依赖 | npm |
| minimist | 1.2.6 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| composer/pcre | 3.1.0 | 间接依赖 | composer |
| symfony/polyfill-ctype | v1.27.0 | 间接依赖 | composer |
| css-tree | 2.2.1 | 间接依赖 | npm |
| call-bind | 1.0.2 | 间接依赖 | npm |
| has | 1.0.3 | 间接依赖 | npm |
| parse-node-version | 1.0.1 | 间接依赖 | npm |
| psr/cache | 3.0.0 | 间接依赖 | composer |
| boolbase | 1.0.0 | 间接依赖 | npm |
| has-symbols | 1.0.3 | 间接依赖 | npm |
| needle | 3.1.0 | 直接依赖 | npm |
| is-what | 3.14.1 | 间接依赖 | npm |
| domhandler | 5.0.3 | 间接依赖 | npm |
| image-size | 0.5.5 | 直接依赖 | npm |
| composer/semver | 3.3.2 | 间接依赖 | composer |
| follow-redirects | 1.14.8 | 间接依赖 | npm |
| secure-compare | 3.0.1 | 间接依赖 | npm |
| portfinder | 1.0.28 | 间接依赖 | npm |
| copy-anything | 2.0.3 | 间接依赖 | npm |