基础信息
项目名称:J_Sky/miniadmin
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721352687726710784/1724555974331031552
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| NPM包esbuild-linux-arm64内嵌恶意代码 | 内嵌恶意代码 | MPS-1czt-vhmw | 高危 | |
| loguru 代码注入漏洞 | 代码注入 | MPS-2022-1393 | CVE-2022-0329 | 严重 |
| NPM包esbuild-windows-32内嵌恶意代码 | 内嵌恶意代码 | MPS-57lz-wkt4 | 高危 | |
| NPM包esbuild-darwin-arm64内嵌恶意代码 | 内嵌恶意代码 | MPS-8hlj-rbwu | 高危 | |
| NPM包esbuild-freebsd-64内嵌恶意代码 | 内嵌恶意代码 | MPS-le94-f1pg | 高危 | |
| NPM包esbuild-windows-64内嵌恶意代码 | 内嵌恶意代码 | MPS-m5xq-lpih | 高危 | |
| Vite 安全漏洞 | 使用不正确的解析名称或索引 | MPS-o473-85mg | CVE-2023-34092 | 高危 |
| Axios XSRF-TOKEN CSRF漏洞 | 侵犯隐私 | MPS-v3q7-sjd2 | CVE-2023-45857 | 高危 |
| NPM包esbuild-darwin-64内嵌恶意代码 | 内嵌恶意代码 | MPS-wzhl-gya9 | 高危 | |
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| esbuild-freebsd-64 | 0.15.16 | 间接依赖 | 强烈建议修复 | |
| esbuild-darwin-arm64 | 0.15.16 | 间接依赖 | 强烈建议修复 | |
| esbuild-windows-64 | 0.15.16 | 间接依赖 | 强烈建议修复 | |
| esbuild-windows-32 | 0.15.16 | 间接依赖 | 强烈建议修复 | |
| esbuild-linux-arm64 | 0.15.16 | 间接依赖 | 强烈建议修复 | |
| esbuild-darwin-64 | 0.15.16 | 间接依赖 | 强烈建议修复 | |
| vite | 3.2.4 | 3.2.7 | 直接依赖 | 建议修复 |
| axios | 1.2.0 | 1.6.0 | 直接依赖 | 建议修复 |
| loguru | 0.6.0 | 间接依赖 | 建议修复 | |
| postcss | 8.4.19 | 8.4.31 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 88 | 低 |
| Apache-2.0 | 2 | 低 |
| 自定义许可证 | 1 | 低 |
| BSD-3-Clause | 2 | 低 |
| ISC | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| esbuild-linux-s390x | 0.15.16 | 间接依赖 | npm |
| resolve | 1.22.1 | 间接依赖 | npm |
| lodash | 4.17.21 | 间接依赖 | npm |
| axios | 1.2.0 | 直接依赖 | npm |
| @ctrl/tinycolor | 3.4.1 | 间接依赖 | npm |
| loose-envify | 1.4.0 | 间接依赖 | npm |
| @vue/server-renderer | 3.2.45 | 间接依赖 | npm |
| @ant-design/icons-vue | 6.1.0 | 间接依赖 | npm |
| async-validator | 4.2.5 | 间接依赖 | npm |
| sourcemap-codec | 1.4.8 | 间接依赖 | npm |
| is-core-module | 2.11.0 | 间接依赖 | npm |
| bcrypt | 4.0.1 | 间接依赖 | pip |
| esbuild-linux-ppc64le | 0.15.16 | 间接依赖 | npm |
| esbuild-netbsd-64 | 0.15.16 | 间接依赖 | npm |
| vue-router | 4.1.6 | 直接依赖 | npm |
| esbuild-linux-arm | 0.15.16 | 间接依赖 | npm |
| jose | 1.0.0 | 间接依赖 | pip |
| fsevents | 2.3.2 | 间接依赖 | npm |
| esbuild-windows-64 | 0.15.16 | 间接依赖 | npm |
| proxy-from-env | 1.1.0 | 间接依赖 | npm |
| esbuild-android-arm64 | 0.15.16 | 间接依赖 | npm |
| esbuild | 0.15.16 | 间接依赖 | npm |
| warning | 4.0.3 | 间接依赖 | npm |
| passlib | 1.7.4 | 间接依赖 | pip |
| follow-redirects | 1.15.2 | 间接依赖 | npm |
| mime-db | 1.52.0 | 间接依赖 | npm |
| dom-scroll-into-view | 2.0.1 | 间接依赖 | npm |
| dom-align | 1.12.4 | 间接依赖 | npm |
| @babel/parser | 7.20.5 | 间接依赖 | npm |
| supports-preserve-symlinks-flag | 1.0.0 | 间接依赖 | npm |
| vue-types | 3.0.2 | 间接依赖 | npm |
| python-multipart | 0.0.5 | 间接依赖 | pip |
| esbuild-android-64 | 0.15.16 | 间接依赖 | npm |
| @vue/runtime-core | 3.2.45 | 间接依赖 | npm |
| esbuild-freebsd-arm64 | 0.15.16 | 间接依赖 | npm |
| is-plain-object | 3.0.1 | 间接依赖 | npm |
| esbuild-freebsd-64 | 0.15.16 | 间接依赖 | npm |
| rollup | 2.79.1 | 间接依赖 | npm |
| magic-string | 0.25.9 | 间接依赖 | npm |
| SQLAlchemy | 1.4.39 | 间接依赖 | pip |
| esbuild-openbsd-64 | 0.15.16 | 间接依赖 | npm |
| @vue/compiler-sfc | 3.2.45 | 间接依赖 | npm |
| dayjs | 1.11.6 | 间接依赖 | npm |
| @ant-design/icons-svg | 4.2.1 | 间接依赖 | npm |
| @ant-design/colors | 6.0.0 | 间接依赖 | npm |
| function-bind | 1.1.1 | 间接依赖 | npm |
| @vue/compiler-dom | 3.2.45 | 间接依赖 | npm |
| vue | 3.2.45 | 直接依赖 | npm |
| combined-stream | 1.0.8 | 间接依赖 | npm |
| esbuild-linux-arm64 | 0.15.16 | 间接依赖 | npm |
| @vue/shared | 3.2.45 | 间接依赖 | npm |
| @vue/reactivity | 3.2.45 | 间接依赖 | npm |
| estree-walker | 2.0.2 | 间接依赖 | npm |
| compute-scroll-into-view | 1.0.20 | 间接依赖 | npm |
| esbuild-windows-32 | 0.15.16 | 间接依赖 | npm |
| @vue/runtime-dom | 3.2.45 | 间接依赖 | npm |
| @vitejs/plugin-vue | 3.2.0 | 直接依赖 | npm |
| esbuild-darwin-64 | 0.15.16 | 间接依赖 | npm |
| esbuild-darwin-arm64 | 0.15.16 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| scroll-into-view-if-needed | 2.2.31 | 间接依赖 | npm |
| @babel/runtime | 7.20.6 | 间接依赖 | npm |
| casbin | 1.17.4 | 间接依赖 | pip |
| resize-observer-polyfill | 1.5.1 | 间接依赖 | npm |
| @vue/compiler-ssr | 3.2.45 | 间接依赖 | npm |
| esbuild-linux-riscv64 | 0.15.16 | 间接依赖 | npm |
| @vue/devtools-api | 6.4.5 | 间接依赖 | npm |
| esbuild-windows-arm64 | 0.15.16 | 间接依赖 | npm |
| pytest | 7.1.2 | 间接依赖 | pip |
| source-map | 0.6.1 | 间接依赖 | npm |
| shallow-equal | 1.2.1 | 间接依赖 | npm |
| casbin_sqlalchemy_adapter | 0.5.0 | 间接依赖 | pip |
| regenerator-runtime | 0.13.11 | 间接依赖 | npm |
| postcss | 8.4.19 | 间接依赖 | npm |
| form-data | 4.0.0 | 间接依赖 | npm |
| uvicorn | 0.20.0 | 间接依赖 | pip |
| vite | 3.2.4 | 直接依赖 | npm |
| @esbuild/android-arm | 0.15.16 | 间接依赖 | npm |
| delayed-stream | 1.0.0 | 间接依赖 | npm |
| python_jose | 3.3.0 | 间接依赖 | pip |
| esbuild-sunos-64 | 0.15.16 | 间接依赖 | npm |
| esbuild-linux-mips64le | 0.15.16 | 间接依赖 | npm |
| core-js | 3.26.1 | 间接依赖 | npm |
| @esbuild/linux-loong64 | 0.15.16 | 间接依赖 | npm |
| loguru | 0.6.0 | 间接依赖 | pip |
| esbuild-linux-64 | 0.15.16 | 间接依赖 | npm |
| array-tree-filter | 2.1.0 | 间接依赖 | npm |
| pydantic | 1.10.2 | 间接依赖 | pip |
| esbuild-linux-32 | 0.15.16 | 间接依赖 | npm |
| path-parse | 1.0.7 | 间接依赖 | npm |
| lodash-es | 4.17.21 | 间接依赖 | npm |
| @simonwep/pickr | 1.8.2 | 间接依赖 | npm |
| asynckit | 0.4.0 | 间接依赖 | npm |
| nanoid | 3.3.4 | 间接依赖 | npm |
| has | 1.0.3 | 间接依赖 | npm |
| @vue/reactivity-transform | 3.2.45 | 间接依赖 | npm |
| nanopop | 2.2.0 | 间接依赖 | npm |
| source-map-js | 1.0.2 | 间接依赖 | npm |
| fastapi | 0.88.0 | 间接依赖 | pip |
| mime-types | 2.1.35 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| ant-design-vue | 3.2.15 | 直接依赖 | npm |
| csstype | 2.6.21 | 间接依赖 | npm |
| @vue/compiler-core | 3.2.45 | 间接依赖 | npm |