基础信息
项目名称:zijianhuang/webapiclientgen
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1724844330868760576/1724844330931675136
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| aurelia 代码注入漏洞 | 原型污染 | MPS-2021-31866 | CVE-2021-41097 | 高危 |
| Aurelia framework 跨站脚本漏洞 | XSS | MPS-2021-6838 | CVE-2019-10062 | 中危 |
| Moment.js 正则拒绝服务漏洞 | 拒绝服务 | MPS-2022-11159 | CVE-2022-31129 | 高危 |
| Moment.js 路径遍历漏洞 | 路径遍历 | MPS-2022-3752 | CVE-2022-24785 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| aurelia-path | 1.1.3 | 1.1.7 | 间接依赖 | 建议修复 |
| moment | 2.26.0 | 2.29.4 | 间接依赖 | 可选修复 |
| moment | 2.27.0 | 2.29.4 | 间接依赖 | 可选修复 |
| aurelia-templating-resources | 1.11.0 | 1.14.0 | 间接依赖 | 可选修复 |
| tslib | 2.6.2 | 间接依赖 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 87 | 低 |
| Apache-2.0 | 9 | 低 |
| 0BSD | 1 | 低 |
| non-standard | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| @material/form-field | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @angular/platform-browser-dynamic | 16.2.6 | 间接依赖 | npm |
| @material/progress-indicator | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/tokens | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| aurelia-templating | 1.10.2 | 间接依赖 | npm |
| @material/tab-bar | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/icon-button | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/tab-scroller | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| Newtonsoft.Json | 13.0.3 | 间接依赖 | nuget |
| @material/data-table | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| aurelia-history | 1.2.1 | 间接依赖 | npm |
| @material/touch-target | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @angular/forms | 16.2.6 | 间接依赖 | npm |
| aurelia-pal-browser | 1.8.1 | 间接依赖 | npm |
| @material/list | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| aurelia-loader-default | 1.2.1 | 间接依赖 | npm |
| xunit.extensibility.execution | 2.5.3 | 间接依赖 | nuget |
| @material/drawer | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @angular/material | 16.2.6 | 间接依赖 | npm |
| @material/base | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/floating-label | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/snackbar | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/ripple | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| aurelia-path | 1.1.3 | 间接依赖 | npm |
| @material/tab | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| moment | 2.26.0 | 间接依赖 | npm |
| @material/chips | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/button | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| aurelia-binding | 2.3.1 | 间接依赖 | npm |
| aurelia-dependency-injection | 1.4.2 | 间接依赖 | npm |
| xunit.core | 2.5.3 | 间接依赖 | nuget |
| aurelia-bootstrapper | 2.3.3 | 间接依赖 | npm |
| @angular/compiler | 16.2.6 | 间接依赖 | npm |
| @material/line-ripple | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/layout-grid | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/segmented-button | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @angular/animations | 16.2.6 | 间接依赖 | npm |
| @material/radio | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/dialog | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/menu-surface | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/rtl | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| moment | 2.27.0 | 间接依赖 | npm |
| typescript | 3.7.5 | 间接依赖 | npm |
| @material/auto-init | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| tslib | 2.6.2 | 间接依赖 | npm |
| @material/banner | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/switch | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/select | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/feature-targeting | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @angular/common | 16.2.6 | 间接依赖 | npm |
| zone.js | 0.13.3 | 间接依赖 | npm |
| aurelia-logging | 1.5.2 | 间接依赖 | npm |
| @angular/platform-browser | 16.2.6 | 间接依赖 | npm |
| aurelia-task-queue | 1.3.3 | 间接依赖 | npm |
| aurelia-templating-resources | 1.11.0 | 间接依赖 | npm |
| aurelia-route-recognizer | 1.3.2 | 间接依赖 | npm |
| @angular/router | 16.2.6 | 间接依赖 | npm |
| @material/textfield | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/typography | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| safevalues | 0.3.4 | 间接依赖 | npm |
| Fonlow.Testing.Http | 1.4.2 | 间接依赖 | nuget |
| @material/slider | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| aurelia-router | 1.7.1 | 间接依赖 | npm |
| @angular/core | 16.2.6 | 间接依赖 | npm |
| xunit | 2.5.3 | 间接依赖 | nuget |
| aurelia-history-browser | 1.4.0 | 间接依赖 | npm |
| xunit.extensibility.core | 2.5.3 | 间接依赖 | nuget |
| aurelia-pal | 1.8.2 | 间接依赖 | npm |
| @material/tab-indicator | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/focus-ring | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/fab | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/top-app-bar | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| aurelia-logging-console | 1.1.1 | 间接依赖 | npm |
| aurelia-polyfills | 1.3.4 | 间接依赖 | npm |
| aurelia-templating-router | 1.4.0 | 间接依赖 | npm |
| @material/notched-outline | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/tooltip | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/density | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| aurelia-event-aggregator | 1.0.3 | 间接依赖 | npm |
| aurelia-templating-binding | 1.5.3 | 间接依赖 | npm |
| @material/linear-progress | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @angular/material-moment-adapter | 16.2.6 | 间接依赖 | npm |
| aurelia-framework | 1.3.1 | 间接依赖 | npm |
| @material/card | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| aurelia-fetch-client | 1.8.2 | 间接依赖 | npm |
| aurelia-metadata | 1.0.6 | 间接依赖 | npm |
| @material/theme | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| xunit.analyzers | 1.4.0 | 间接依赖 | nuget |
| @material/elevation | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/image-list | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/shape | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/circular-progress | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/checkbox | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| xunit.assert | 2.5.3 | 间接依赖 | nuget |
| @material/menu | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| xunit.abstractions | 2.0.3 | 间接依赖 | nuget |
| rxjs | 7.8.1 | 间接依赖 | npm |
| @material/dom | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| @material/animation | 15.0.0-canary.bc9ae6c9c.0 | 间接依赖 | npm |
| aurelia-loader | 1.0.2 | 间接依赖 | npm |