基础信息
项目名称:danielcranney/profileme-dev
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721122195555553280/1722607875283062784
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| ZEIT Next.js 安全漏洞 | MPS-cl5v-ayrn | CVE-2023-46298 | 高危 | |
| NPM包tslib内嵌恶意代码 | 内嵌恶意代码 | MPS-j72n-38lk | 高危 | |
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| tslib | 2.5.0 | 间接依赖 | 强烈建议修复 | |
| postcss | 8.4.14 | 8.4.31 | 间接依赖 | 可选修复 |
| next | 13.2.4 | 13.4.20-canary.13 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 39 | 低 |
| BSD-2-Clause | 1 | 低 |
| ISC | 3 | 低 |
| BSD-3-Clause | 2 | 低 |
| CC-BY-4.0 | 1 | 低 |
| CC0-1.0 | 1 | 低 |
| 自定义许可证 | 1 | 低 |
| 0BSD | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| is-hexadecimal | 1.0.4 | 间接依赖 | npm |
| comma-separated-tokens | 1.0.8 | 间接依赖 | npm |
| character-reference-invalid | 1.1.4 | 间接依赖 | npm |
| minimist | 1.2.8 | 间接依赖 | npm |
| @babel/runtime | 7.21.0 | 间接依赖 | npm |
| character-entities | 1.2.4 | 间接依赖 | npm |
| @types/hast | 2.3.4 | 间接依赖 | npm |
| domino | 2.1.6 | 间接依赖 | npm |
| @swc/helpers | 0.4.14 | 间接依赖 | npm |
| @types/unist | 2.0.6 | 间接依赖 | npm |
| is-alphabetical | 1.0.4 | 间接依赖 | npm |
| styled-jsx | 5.1.1 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| turndown | 7.1.2 | 间接依赖 | npm |
| next-themes | 0.2.1 | 间接依赖 | npm |
| lowlight | 1.20.0 | 间接依赖 | npm |
| nanoid | 3.3.6 | 间接依赖 | npm |
| fault | 1.0.4 | 间接依赖 | npm |
| react-syntax-highlighter | 15.5.0 | 间接依赖 | npm |
| hast-util-parse-selector | 2.2.5 | 间接依赖 | npm |
| highlight.js | 10.7.3 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| parse-entities | 2.0.0 | 间接依赖 | npm |
| prismjs | 1.29.0 | 间接依赖 | npm |
| react-dom | 18.2.0 | 间接依赖 | npm |
| caniuse-lite | 1.0.30001470 | 间接依赖 | npm |
| scheduler | 0.23.0 | 间接依赖 | npm |
| client-only | 0.0.1 | 间接依赖 | npm |
| space-separated-tokens | 1.1.5 | 间接依赖 | npm |
| xtend | 4.0.2 | 间接依赖 | npm |
| next | 13.2.4 | 间接依赖 | npm |
| devicon | 2.15.1 | 间接依赖 | npm |
| simple-icons | 6.23.0 | 间接依赖 | npm |
| is-alphanumerical | 1.0.4 | 间接依赖 | npm |
| source-map-js | 1.0.2 | 间接依赖 | npm |
| node-bin-setup | 1.1.3 | 间接依赖 | npm |
| character-entities-legacy | 1.1.4 | 间接依赖 | npm |
| prismjs | 1.27.0 | 间接依赖 | npm |
| format | 0.2.2 | 间接依赖 | npm |
| node | 17.9.1 | 间接依赖 | npm |
| framer-motion | 10.9.1 | 间接依赖 | npm |
| hastscript | 6.0.0 | 间接依赖 | npm |
| react | 18.2.0 | 间接依赖 | npm |
| refractor | 3.6.0 | 间接依赖 | npm |
| @next/env | 13.2.4 | 间接依赖 | npm |
| property-information | 5.6.0 | 间接依赖 | npm |
| postcss | 8.4.14 | 间接依赖 | npm |
| tslib | 2.5.0 | 间接依赖 | npm |
| loose-envify | 1.4.0 | 间接依赖 | npm |
| regenerator-runtime | 0.13.11 | 间接依赖 | npm |
| body-scroll-lock | 4.0.0-beta.0 | 间接依赖 | npm |
| is-decimal | 1.0.4 | 间接依赖 | npm |