基础信息
项目名称:kripken/emscripten
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721347471761559552/1724527699627560960
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| GNU Libiberty 安全漏洞 | 输入验证不恰当 | MPS-2017-1331 | CVE-2016-6131 | 高危 |
| libiberty 数字错误漏洞 | 整数溢出或环绕 | MPS-2017-2066 | CVE-2016-2226 | 高危 |
| libiberty 安全漏洞 | UAF | MPS-2017-2070 | CVE-2016-4487 | 中危 |
| libiberty 安全漏洞 | UAF | MPS-2017-2071 | CVE-2016-4488 | 中危 |
| libiberty 数字错误漏洞 | 整数溢出或环绕 | MPS-2017-2072 | CVE-2016-4489 | 中危 |
| libiberty 数字错误漏洞 | 整数溢出或环绕 | MPS-2017-2073 | CVE-2016-4490 | 中危 |
| libiberty 安全漏洞 | 缓冲区溢出 | MPS-2017-2074 | CVE-2016-4491 | 中危 |
| libiberty 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2017-2075 | CVE-2016-4492 | 中危 |
| libiberty 安全漏洞 | 越界读取 | MPS-2017-2076 | CVE-2016-4493 | 中危 |
| GNU Binutils 安全漏洞 | 不可达退出条件的循环(无限循环) | MPS-2018-14162 | CVE-2018-18700 | 中危 |
| GNU Binutils GNU libiberty 安全漏洞 | 拒绝服务 | MPS-2018-8266 | CVE-2018-12698 | 高危 |
| GNU Binutils 缓冲区错误漏洞 | 越界读取 | MPS-2019-1889 | CVE-2019-9070 | 高危 |
| GNU C Library 代码问题漏洞 | 数据处理错误 | MPS-2019-1956 | CVE-2009-5155 | 高危 |
| jQuery 跨站脚本漏洞 | XSS | MPS-2020-15461 | CVE-2020-11023 | 中危 |
| jQuery 跨站脚本漏洞 | XSS | MPS-2020-15462 | CVE-2020-11022 | 中危 |
| GNU libiberty 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2021-32366 | CVE-2021-3826 | 高危 |
| NPM包tslib内嵌恶意代码 | 内嵌恶意代码 | MPS-j72n-38lk | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| tslib | 2.3.1 | 间接依赖 | 强烈建议修复 | |
| libiberty | 9.1.0 | 间接依赖 | 建议修复 | |
| sphinx | 2.4.4 | 3.0.4 | 间接依赖 | 建议修复 |
| gnulib | 20200224 | 间接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 197 | 低 |
| BSD-3-Clause | 6 | 低 |
| ISC | 18 | 低 |
| BSD-2-Clause | 9 | 低 |
| Apache-2.0 | 12 | 低 |
| LGPL-2.1-or-later | 1 | 低 |
| GPL-2.0-or-later | 1 | 低 |
| X11 | 1 | 低 |
| GPLv2 | 2 | 中 |
| GPLv2+ | 1 | 中 |
| LGPLv2+ | 1 | 中 |
| Public Domain | 1 | 低 |
| BSD with advertising | 1 | 低 |
| Python-2.0 | 1 | 低 |
| GPL-3.0-or-later | 1 | 低 |
| Unlicense | 1 | 低 |
| LGPL-3.0-or-later | 1 | 低 |
| 0BSD | 1 | 低 |
| Zlib | 1 | 低 |
| CC-BY-4.0 | 1 | 低 |
| LGPL-2.1 | 2 | 中 |
| BSD 2-Clause | 1 | 低 |
| 自定义许可证 | 3 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| fill-range | 7.0.1 | 间接依赖 | npm |
| @types/node | 13.9.3 | 间接依赖 | npm |
| @humanwhocodes/object-schema | 1.2.1 | 间接依赖 | npm |
| webpack-cli | 5.1.4 | 直接依赖 | npm |
| @jridgewell/source-map | 0.3.2 | 间接依赖 | npm |
| rimraf | 3.0.2 | 间接依赖 | npm |
| estraverse | 5.3.0 | 间接依赖 | npm |
| has-flag | 4.0.0 | 间接依赖 | npm |
| type-check | 0.4.0 | 间接依赖 | npm |
| @webassemblyjs/leb128 | 1.11.6 | 间接依赖 | npm |
| ajv-keywords | 3.5.2 | 间接依赖 | npm |
| is-extglob | 2.1.1 | 间接依赖 | npm |
| clone | 2.1.2 | 间接依赖 | npm |
| yocto-queue | 0.1.0 | 直接依赖 | npm |
| OpenDDS | 间接依赖 | ||
| @webassemblyjs/helper-api-error | 1.11.6 | 间接依赖 | npm |
| text-table | 0.2.0 | 间接依赖 | npm |
| source-map | 0.7.4 | 间接依赖 | npm |
| natural-compare | 1.4.0 | 间接依赖 | npm |
| ms | 2.1.2 | 间接依赖 | npm |
| lex | 间接依赖 | pip | |
| lodash.merge | 4.6.2 | 间接依赖 | npm |
| @colors/colors | 1.5.0 | 间接依赖 | npm |
| @webpack-cli/serve | 2.0.5 | 间接依赖 | npm |
| remove-trailing-separator | 1.1.0 | 间接依赖 | npm |
| imurmurhash | 0.1.4 | 间接依赖 | npm |
| @webassemblyjs/wasm-opt | 1.11.6 | 间接依赖 | npm |
| logform | 2.5.1 | 间接依赖 | npm |
| readable-stream | 2.3.7 | 间接依赖 | npm |
| ignore | 5.2.4 | 间接依赖 | npm |
| graceful-fs | 4.2.10 | 间接依赖 | npm |
| strip-json-comments | 3.1.1 | 间接依赖 | npm |
| ffmpeg | 间接依赖 | ||
| cloneable-readable | 1.1.3 | 间接依赖 | npm |
| flake8 | 5.0.4 | 间接依赖 | pip |
| glob-to-regexp | 0.4.1 | 间接依赖 | npm |
| @jridgewell/trace-mapping | 0.3.17 | 间接依赖 | npm |
| @eslint/js | 8.49.0 | 间接依赖 | npm |
| fast-glob | 3.2.12 | 间接依赖 | npm |
| freeglut | 3.2.1 | 间接依赖 | |
| fast-deep-equal | 3.1.3 | 间接依赖 | npm |
| flake8-bugbear | 22.9.23 | 间接依赖 | pip |
| @webassemblyjs/utf8 | 1.11.6 | 间接依赖 | npm |
| levn | 0.4.1 | 间接依赖 | npm |
| clone-stats | 1.0.0 | 间接依赖 | npm |
| webpack | 5.88.2 | 直接依赖 | npm |
| @webassemblyjs/helper-buffer | 1.11.6 | 间接依赖 | npm |
| p-try | 2.2.0 | 间接依赖 | npm |
| is-stream | 2.0.1 | 间接依赖 | npm |
| lower-case | 2.0.2 | 间接依赖 | npm |
| @eslint-community/eslint-utils | 4.4.0 | 间接依赖 | npm |
| import-local | 3.1.0 | 间接依赖 | npm |
| mypy | 0.971 | 间接依赖 | pip |
| @nodelib/fs.stat | 2.0.5 | 间接依赖 | npm |
| path-key | 3.1.1 | 间接依赖 | npm |
| @webassemblyjs/helper-wasm-section | 1.11.6 | 间接依赖 | npm |
| clone-buffer | 1.0.0 | 间接依赖 | npm |
| @jridgewell/set-array | 1.1.2 | 间接依赖 | npm |
| randombytes | 2.1.0 | 间接依赖 | npm |
| events | 3.3.0 | 间接依赖 | npm |
| param-case | 3.0.4 | 间接依赖 | npm |
| envinfo | 7.8.1 | 间接依赖 | npm |
| @webpack-cli/configtest | 2.1.1 | 间接依赖 | npm |
| micromatch | 4.0.5 | 间接依赖 | npm |
| util-linux | 间接依赖 | ||
| colorette | 2.0.19 | 间接依赖 | npm |
| argparse | 2.0.1 | 间接依赖 | npm |
| espree | 9.6.1 | 间接依赖 | npm |
| shebang-regex | 3.0.0 | 间接依赖 | npm |
| @dabh/diagnostics | 2.0.3 | 间接依赖 | npm |
| resolve | 1.22.1 | 间接依赖 | npm |
| @xtuc/long | 4.2.2 | 间接依赖 | npm |
| @aashutoshrathi/word-wrap | 1.2.6 | 间接依赖 | npm |
| reusify | 1.0.4 | 间接依赖 | npm |
| @webassemblyjs/wasm-parser | 1.11.6 | 间接依赖 | npm |
| ajv | 6.12.6 | 间接依赖 | npm |
| uri-js | 4.4.1 | 间接依赖 | npm |
| doctrine | 3.0.0 | 间接依赖 | npm |
| concat-map | 0.0.1 | 间接依赖 | npm |
| ws | 8.14.1 | 直接依赖 | npm |
| path-parse | 1.0.7 | 间接依赖 | npm |
| minimist | 1.2.6 | 间接依赖 | npm |
| fastq | 1.15.0 | 间接依赖 | npm |
| @humanwhocodes/module-importer | 1.0.1 | 间接依赖 | npm |
| @xtuc/ieee754 | 1.2.0 | 间接依赖 | npm |
| string_decoder | 1.1.1 | 间接依赖 | npm |
| merge-stream | 2.0.0 | 间接依赖 | npm |
| balanced-match | 1.0.2 | 间接依赖 | npm |
| terser-webpack-plugin | 5.3.7 | 间接依赖 | npm |
| google-closure-compiler | 20230802.0.0 | 直接依赖 | npm |
| winston-transport | 4.5.0 | 间接依赖 | npm |
| stack-trace | 0.0.10 | 间接依赖 | npm |
| node-releases | 2.0.10 | 间接依赖 | npm |
| gnulib | 20200224 | 间接依赖 | |
| is-plain-object | 2.0.4 | 间接依赖 | npm |
| brace-expansion | 1.1.11 | 间接依赖 | npm |
| @types/eslint | 8.21.2 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| supports-color | 8.1.1 | 间接依赖 | npm |
| esquery | 1.5.0 | 间接依赖 | npm |
| @jridgewell/sourcemap-codec | 1.4.14 | 间接依赖 | npm |
| inherits | 2.0.4 | 间接依赖 | npm |
| @webassemblyjs/ast | 1.11.6 | 间接依赖 | npm |
| deep-is | 0.1.4 | 间接依赖 | npm |
| fn.name | 1.1.0 | 间接依赖 | npm |
| clone-deep | 4.0.1 | 间接依赖 | npm |
| jest-worker | 27.5.1 | 间接依赖 | npm |
| es-check | 7.1.1 | 直接依赖 | npm |
| flake8-unused-arguments | 0.0.11 | 间接依赖 | pip |
| tslib | 2.3.1 | 间接依赖 | npm |
| mime-db | 1.52.0 | 间接依赖 | npm |
| dot-case | 3.0.4 | 间接依赖 | npm |
| replace-ext | 1.0.1 | 间接依赖 | npm |
| optionator | 0.9.3 | 间接依赖 | npm |
| @webassemblyjs/ieee754 | 1.11.6 | 间接依赖 | npm |
| @jridgewell/resolve-uri | 3.1.0 | 间接依赖 | npm |
| parent-module | 1.0.1 | 间接依赖 | npm |
| serialize-javascript | 6.0.1 | 间接依赖 | npm |
| one-time | 1.0.0 | 间接依赖 | npm |
| enabled | 2.0.0 | 间接依赖 | npm |
| import-fresh | 3.3.0 | 间接依赖 | npm |
| color-string | 1.9.1 | 间接依赖 | npm |
| esrecurse | 4.3.0 | 间接依赖 | npm |
| picomatch | 2.3.1 | 间接依赖 | npm |
| text-hex | 1.0.0 | 间接依赖 | npm |
| locate-path | 5.0.0 | 间接依赖 | npm |
| triple-beam | 1.3.0 | 间接依赖 | npm |
| run-parallel | 1.2.0 | 间接依赖 | npm |
| fast-json-stable-stringify | 2.1.0 | 间接依赖 | npm |
| schema-utils | 3.3.0 | 间接依赖 | npm |
| is-glob | 4.0.3 | 间接依赖 | npm |
| coverage | 5.5 | 间接依赖 | pip |
| box2d | 间接依赖 | ||
| html-minifier-terser | 7.2.0 | 直接依赖 | npm |
| clean-css | 5.3.2 | 间接依赖 | npm |
| shebang-command | 2.0.0 | 间接依赖 | npm |
| eslint | 8.49.0 | 直接依赖 | npm |
| tapable | 2.2.1 | 间接依赖 | npm |
| acorn-jsx | 5.3.2 | 间接依赖 | npm |
| punycode | 2.1.1 | 间接依赖 | npm |
| es-module-lexer | 1.3.0 | 间接依赖 | npm |
| mime-types | 2.1.35 | 间接依赖 | npm |
| @discoveryjs/json-ext | 0.5.7 | 间接依赖 | npm |
| cross-spawn | 7.0.3 | 间接依赖 | npm |
| loader-runner | 4.3.0 | 间接依赖 | npm |
| inflight | 1.0.6 | 间接依赖 | npm |
| neo-async | 2.6.2 | 间接依赖 | npm |
| @webassemblyjs/helper-wasm-bytecode | 1.11.6 | 间接依赖 | npm |
| google-closure-compiler-java | 20230802.0.0 | 间接依赖 | npm |
| safe-stable-stringify | 2.4.3 | 间接依赖 | npm |
| escalade | 3.1.1 | 间接依赖 | npm |
| android-ndk | 间接依赖 | ||
| entities | 4.5.0 | 间接依赖 | npm |
| is-path-inside | 3.0.3 | 间接依赖 | npm |
| @types/triple-beam | 1.3.2 | 间接依赖 | npm |
| jinja2 | 3.1 | 间接依赖 | pip |
| prettier | 3.0.3 | 直接依赖 | npm |
| interpret | 3.1.1 | 间接依赖 | npm |
| caniuse-lite | 1.0.30001465 | 间接依赖 | npm |
| graphemer | 1.4.0 | 间接依赖 | npm |
| vinyl-sourcemaps-apply | 0.2.1 | 间接依赖 | npm |
| libiberty | 间接依赖 | ||
| @webassemblyjs/floating-point-hex-parser | 1.11.6 | 间接依赖 | npm |
| flatted | 3.2.5 | 间接依赖 | npm |
| resolve-cwd | 3.0.0 | 间接依赖 | npm |
| acorn-import-assertions | 1.9.0 | 间接依赖 | npm |
| queue-microtask | 1.2.3 | 间接依赖 | npm |
| color | 3.2.1 | 间接依赖 | npm |
| resolve-from | 4.0.0 | 间接依赖 | npm |
| isexe | 2.0.0 | 间接依赖 | npm |
| js-yaml | 4.1.0 | 间接依赖 | npm |
| is-core-module | 2.11.0 | 间接依赖 | npm |
| p-locate | 4.1.0 | 间接依赖 | npm |
| lxml | 4.9.2 | 间接依赖 | pip |
| eslint-scope | 7.2.2 | 间接依赖 | npm |
| @types/eslint-scope | 3.7.4 | 间接依赖 | npm |
| wildcard | 2.0.0 | 间接依赖 | npm |
| android-ndk | r23b | 间接依赖 | |
| google-closure-compiler-osx | 20230802.0.0 | 间接依赖 | npm |
| @nodelib/fs.scandir | 2.1.5 | 间接依赖 | npm |
| commander | 10.0.0 | 间接依赖 | npm |
| glob | 7.2.3 | 间接依赖 | npm |
| relateurl | 0.2.7 | 间接依赖 | npm |
| source-map-support | 0.5.21 | 间接依赖 | npm |
| openjpeg | 间接依赖 | ||
| google-closure-compiler-windows | 20230802.0.0 | 间接依赖 | npm |
| debug | 4.3.4 | 间接依赖 | npm |
| json-schema-traverse | 0.4.1 | 间接依赖 | npm |
| file-entry-cache | 6.0.1 | 间接依赖 | npm |
| globals | 13.21.0 | 间接依赖 | npm |
| types-requests | 2.27.14 | 间接依赖 | pip |
| no-case | 3.0.4 | 间接依赖 | npm |
| chalk | 4.1.2 | 间接依赖 | npm |
| safe-buffer | 5.1.2 | 间接依赖 | npm |
| webpack-sources | 3.2.3 | 间接依赖 | npm |
| browserslist | 4.21.5 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| which | 2.0.2 | 间接依赖 | npm |
| @webassemblyjs/wast-printer | 1.11.6 | 间接依赖 | npm |
| sphinx | 2.4.4 | 间接依赖 | pip |
| color-name | 1.1.4 | 间接依赖 | npm |
| find-up | 4.1.0 | 间接依赖 | npm |
| kind-of | 6.0.3 | 间接依赖 | npm |
| color-convert | 2.0.1 | 间接依赖 | npm |
| fecha | 4.2.3 | 间接依赖 | npm |
| @types/estree | 1.0.1 | 间接依赖 | npm |
| @webassemblyjs/wasm-edit | 1.11.6 | 间接依赖 | npm |
| fastest-levenshtein | 1.0.16 | 间接依赖 | npm |
| websockify | 0.10.0 | 间接依赖 | pip |
| to-regex-range | 5.0.1 | 间接依赖 | npm |
| yacc | 间接依赖 | pip | |
| terser | 5.16.6 | 间接依赖 | npm |
| prelude-ls | 1.2.1 | 间接依赖 | npm |
| bullet3 | 间接依赖 | ||
| acorn | 8.10.0 | 间接依赖 | npm |
| update-browserslist-db | 1.0.10 | 间接依赖 | npm |
| fast-levenshtein | 2.0.6 | 间接依赖 | npm |
| function-bind | 1.1.1 | 间接依赖 | npm |
| google-closure-compiler-linux | 20230802.0.0 | 间接依赖 | npm |
| glob-parent | 5.1.2 | 间接依赖 | npm |
| once | 1.4.0 | 间接依赖 | npm |
| camel-case | 4.1.2 | 间接依赖 | npm |
| webpack-merge | 5.8.0 | 间接依赖 | npm |
| isobject | 3.0.1 | 间接依赖 | npm |
| @eslint-community/regexpp | 4.8.1 | 间接依赖 | npm |
| async | 3.2.4 | 间接依赖 | npm |
| libpcap | 间接依赖 | ||
| callsites | 3.1.0 | 间接依赖 | npm |
| type-fest | 0.20.2 | 间接依赖 | npm |
| flat-cache | 3.0.4 | 间接依赖 | npm |
| @humanwhocodes/config-array | 0.11.11 | 间接依赖 | npm |
| @eslint/eslintrc | 2.1.2 | 间接依赖 | npm |
| colorspace | 1.1.4 | 间接依赖 | npm |
| watchpack | 2.4.0 | 间接依赖 | npm |
| supports-preserve-symlinks-flag | 1.0.0 | 间接依赖 | npm |
| buffer-from | 1.1.2 | 间接依赖 | npm |
| merge2 | 1.4.1 | 间接依赖 | npm |
| path-is-absolute | 1.0.1 | 间接依赖 | npm |
| pkg-dir | 4.2.0 | 间接依赖 | npm |
| braces | 3.0.2 | 间接依赖 | npm |
| isarray | 1.0.0 | 间接依赖 | npm |
| fs.realpath | 1.0.0 | 间接依赖 | npm |
| iceoryx | 间接依赖 | ||
| json-parse-even-better-errors | 2.3.1 | 间接依赖 | npm |
| ansi-styles | 4.3.0 | 间接依赖 | npm |
| @jridgewell/gen-mapping | 0.3.2 | 间接依赖 | npm |
| @types/json-schema | 7.0.11 | 间接依赖 | npm |
| busybox | 间接依赖 | ||
| p-limit | 2.3.0 | 间接依赖 | npm |
| json-stable-stringify-without-jsonify | 1.0.1 | 间接依赖 | npm |
| @nodelib/fs.walk | 1.2.8 | 间接依赖 | npm |
| @webassemblyjs/helper-numbers | 1.11.6 | 间接依赖 | npm |
| has | 1.0.3 | 间接依赖 | npm |
| core-util-is | 1.0.3 | 间接依赖 | npm |
| vinyl | 2.2.1 | 间接依赖 | npm |
| unittest-xml-reporting | 3.1.0 | 间接依赖 | pip |
| electron-to-chromium | 1.4.328 | 间接依赖 | npm |
| eslint-config-prettier | 9.0.0 | 直接依赖 | npm |
| path-exists | 4.0.0 | 间接依赖 | npm |
| winston | 3.9.0 | 间接依赖 | npm |
| @webpack-cli/info | 2.0.2 | 间接依赖 | npm |
| minimatch | 3.1.2 | 间接依赖 | npm |
| enhanced-resolve | 5.15.0 | 间接依赖 | npm |
| shallow-clone | 3.0.1 | 间接依赖 | npm |
| kuler | 2.0.0 | 间接依赖 | npm |
| chrome-trace-event | 1.0.3 | 间接依赖 | npm |
| libiberty | 9.1.0 | 间接依赖 | |
| docutils | 0.17.1 | 间接依赖 | pip |
| process-nextick-args | 2.0.1 | 间接依赖 | npm |
| eslint-visitor-keys | 3.4.3 | 间接依赖 | npm |
| @webassemblyjs/wasm-gen | 1.11.6 | 间接依赖 | npm |
| rechoir | 0.8.0 | 间接依赖 | npm |
| pascal-case | 3.1.2 | 间接依赖 | npm |
| esutils | 2.0.3 | 间接依赖 | npm |