基础信息
项目名称:janoodleFTW/timy-messenger
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721292232865644544/1726707590383493120
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Nanopb 缓冲区错误漏洞 | 越界读取 | MPS-2020-1683 | CVE-2020-5235 | 严重 |
| Nanopb 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2020-16842 | CVE-2020-26243 | 高危 |
| Moment.js 正则拒绝服务漏洞 | 拒绝服务 | MPS-2022-11159 | CVE-2022-31129 | 高危 |
| Moment.js 路径遍历漏洞 | 路径遍历 | MPS-2022-3752 | CVE-2022-24785 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| nanopb | 0.3.901 | 2.30907.0 | 间接依赖 | 建议修复 |
| moment | 2.24.0 | 2.29.4 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Zlib | 1 | 低 |
| Apache-2.0 | 2 | 低 |
| MIT | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| GoogleAppMeasurement | 6.1.1 | 间接依赖 | cocoapods |
| nanopb | 0.3.901 | 间接依赖 | cocoapods |
| FirebaseCore | 6.2.3 | 间接依赖 | cocoapods |
| FirebaseAnalyticsInterop | 1.4.0 | 间接依赖 | cocoapods |
| FirebaseAuth | 6.2.3 | 间接依赖 | cocoapods |
| Firebase/Analytics | 6.8.1 | 间接依赖 | cocoapods |
| org.jetbrains.kotlinx:kotlinx-coroutines-android | 1.3.0 | 直接依赖 | maven |
| firebase_auth | 0.0.1 | 间接依赖 | cocoapods |
| image_picker | 0.0.1 | 间接依赖 | cocoapods |
| firebase_crashlytics | 0.0.1 | 间接依赖 | cocoapods |
| FirebaseCoreDiagnosticsInterop | 1.0.0 | 间接依赖 | cocoapods |
| Crashlytics | 3.14.0 | 间接依赖 | cocoapods |
| GoogleUtilities/Environment | 6.3.0 | 间接依赖 | cocoapods |
| Fabric | 1.10.2 | 间接依赖 | cocoapods |
| GoogleUtilities/Reachability | 6.3.0 | 间接依赖 | cocoapods |
| pinch_zoom_image | 0.0.1 | 间接依赖 | cocoapods |
| GoogleUtilities/MethodSwizzler | 6.3.0 | 间接依赖 | cocoapods |
| gRPC-C | 间接依赖 | cocoapods | |
| FirebaseStorage | 3.4.1 | 间接依赖 | cocoapods |
| Firebase/Auth | 6.8.1 | 间接依赖 | cocoapods |
| GoogleDataTransport | 1.2.0 | 间接依赖 | cocoapods |
| FirebaseCoreDiagnostics | 1.0.1 | 间接依赖 | cocoapods |
| GoogleSignIn | 4.4.0 | 间接依赖 | cocoapods |
| FirebaseAnalytics | 6.1.1 | 间接依赖 | cocoapods |
| GoogleDataTransportCCTSupport | 1.0.4 | 间接依赖 | cocoapods |
| Protobuf | 3.9.2 | 间接依赖 | cocoapods |
| moment | 2.24.0 | 直接依赖 | npm |
| Flutter | 1.0.0 | 间接依赖 | cocoapods |
| FirebaseAuthInterop | 1.0.0 | 间接依赖 | cocoapods |
| leveldb-library | 1.22 | 间接依赖 | cocoapods |
| google_sign_in | 0.0.1 | 间接依赖 | cocoapods |
| GoogleToolboxForMac/NSString | 间接依赖 | cocoapods | |
| FirebaseFirestore/abseil-cpp | 1.5.0 | 间接依赖 | cocoapods |
| FirebaseMessaging | 4.1.4 | 间接依赖 | cocoapods |
| Firebase/Storage | 6.8.1 | 间接依赖 | cocoapods |
| androidx.work:work-runtime-ktx | 2.2.0 | 直接依赖 | maven |
| nanopb/encode | 0.3.901 | 间接依赖 | cocoapods |
| firebase_core | 0.0.1 | 间接依赖 | cocoapods |
| GoogleToolboxForMac/NSDictionary | 间接依赖 | cocoapods | |
| firebase_storage | 0.0.1 | 间接依赖 | cocoapods |
| media_picker_builder | 0.0.1 | 间接依赖 | cocoapods |
| firebase_analytics | 0.0.1 | 间接依赖 | cocoapods |
| GoogleUtilities/AppDelegateSwizzler | 6.3.0 | 间接依赖 | cocoapods |
| url_launcher | 0.0.1 | 间接依赖 | cocoapods |
| GoogleUtilities/Logger | 6.3.0 | 间接依赖 | cocoapods |
| Firebase/CoreOnly | 6.8.1 | 间接依赖 | cocoapods |
| Firebase/Messaging | 6.8.1 | 间接依赖 | cocoapods |
| FirebaseInstanceID | 4.2.5 | 间接依赖 | cocoapods |
| Firebase/Firestore | 6.8.1 | 间接依赖 | cocoapods |
| GTMSessionFetcher/Core | 1.2.2 | 间接依赖 | cocoapods |
| Firebase/Core | 6.8.1 | 间接依赖 | cocoapods |
| GoogleUtilities/NSData | 间接依赖 | cocoapods | |
| flutter_native_image | 0.0.1 | 间接依赖 | cocoapods |
| FirebaseFirestore | 1.5.0 | 间接依赖 | cocoapods |
| nanopb/decode | 0.3.901 | 间接依赖 | cocoapods |
| cloud_firestore | 0.0.1 | 间接依赖 | cocoapods |
| firebase_messaging | 0.0.1 | 间接依赖 | cocoapods |
| GoogleUtilities/UserDefaults | 6.3.0 | 间接依赖 | cocoapods |
| GoogleUtilities/Network | 6.3.0 | 间接依赖 | cocoapods |