基础信息
项目名称:LaniJ/invoice-dragon
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721356229845483520/1727101049325969408
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| ZEIT Next.js 安全漏洞 | MPS-cl5v-ayrn | CVE-2023-46298 | 高危 | |
| crypto-js 安全漏洞 | 使用具有不充分计算复杂性的口令哈希 | MPS-m6rl-80wf | CVE-2023-46233 | 严重 |
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| next | 13.4.12 | 13.4.20-canary.13 | 直接依赖 | 可选修复 |
| postcss | 8.4.14 | 8.4.31 | 间接依赖 | 可选修复 |
| crypto-js | 4.1.1 | 4.2.0 | 间接依赖 | 可选修复 |
| tslib | 2.5.0 | 间接依赖 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 95 | 低 |
| Apache-2.0 | 2 | 低 |
| BSD-3-Clause | 2 | 低 |
| ISC | 8 | 低 |
| 0BSD | 1 | 低 |
| CC-BY-4.0 | 1 | 低 |
| BSD-2-Clause | 2 | 低 |
| BSD | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| binary-extensions | 2.2.0 | 间接依赖 | npm |
| @next/swc-win32-x64-msvc | 13.4.12 | 间接依赖 | npm |
| styled-jsx | 5.1.1 | 间接依赖 | npm |
| color-name | 1.1.4 | 间接依赖 | npm |
| @react-pdf/font | 2.3.4 | 间接依赖 | npm |
| to-regex-range | 5.0.1 | 间接依赖 | npm |
| vite-compatible-readable-stream | 3.6.1 | 间接依赖 | npm |
| @types/scheduler | 0.16.3 | 间接依赖 | npm |
| parse-svg-path | 0.1.2 | 间接依赖 | npm |
| typescript | 5.1.6 | 间接依赖 | npm |
| @react-pdf/png-js | 2.2.0 | 间接依赖 | npm |
| base64-js | 1.5.1 | 间接依赖 | npm |
| @next/swc-linux-arm64-musl | 13.4.12 | 间接依赖 | npm |
| safe-buffer | 5.2.1 | 间接依赖 | npm |
| hyphenate-style-name | 1.0.4 | 间接依赖 | npm |
| emoji-regex | 10.2.1 | 间接依赖 | npm |
| normalize-svg-path | 1.1.0 | 间接依赖 | npm |
| color-string | 1.9.1 | 间接依赖 | npm |
| fsevents | 2.3.2 | 间接依赖 | npm |
| picomatch | 2.3.1 | 间接依赖 | npm |
| @react-pdf/image | 2.2.1 | 间接依赖 | npm |
| fontkit | 2.0.2 | 间接依赖 | npm |
| unicode-trie | 2.0.0 | 间接依赖 | npm |
| whatwg-url | 5.0.0 | 间接依赖 | npm |
| cross-fetch | 3.1.5 | 间接依赖 | npm |
| media-engine | 1.0.3 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| react-dom | 18.2.0 | 直接依赖 | npm |
| @next/swc-linux-x64-gnu | 13.4.12 | 间接依赖 | npm |
| unicode-properties | 1.4.1 | 间接依赖 | npm |
| @babel/runtime | 7.21.0 | 间接依赖 | npm |
| crypto-js | 4.1.1 | 间接依赖 | npm |
| @react-pdf/layout | 3.6.0 | 间接依赖 | npm |
| tslib | 2.5.0 | 间接依赖 | npm |
| is-arrayish | 0.3.2 | 间接依赖 | npm |
| react | 18.2.0 | 直接依赖 | npm |
| sass | 1.60.0 | 直接依赖 | npm |
| @react-pdf/stylesheet | 4.1.5 | 间接依赖 | npm |
| typewriter-effect | 2.19.0 | 直接依赖 | npm |
| postcss-value-parser | 4.2.0 | 间接依赖 | npm |
| brotli | 1.3.3 | 间接依赖 | npm |
| is-glob | 4.0.3 | 间接依赖 | npm |
| @next/swc-linux-x64-musl | 13.4.12 | 间接依赖 | npm |
| is-url | 1.2.4 | 间接依赖 | npm |
| @types/react | 18.0.32 | 直接依赖 | npm |
| @react-pdf/textkit | 4.2.0 | 间接依赖 | npm |
| object-assign | 4.1.1 | 间接依赖 | npm |
| @types/prop-types | 15.7.5 | 间接依赖 | npm |
| anymatch | 3.1.3 | 间接依赖 | npm |
| @next/env | 13.4.12 | 间接依赖 | npm |
| tr46 | 0.0.3 | 间接依赖 | npm |
| nanoid | 3.3.6 | 间接依赖 | npm |
| matchmediaquery | 0.3.1 | 间接依赖 | npm |
| queue | 6.0.2 | 间接依赖 | npm |
| hsl-to-hex | 1.0.0 | 间接依赖 | npm |
| restructure | 3.0.0 | 间接依赖 | npm |
| regenerator-runtime | 0.13.11 | 间接依赖 | npm |
| @react-pdf/renderer | 3.1.9 | 直接依赖 | npm |
| tiny-inflate | 1.0.3 | 间接依赖 | npm |
| simple-swizzle | 0.2.2 | 间接依赖 | npm |
| graceful-fs | 4.2.11 | 间接依赖 | npm |
| is-binary-path | 2.1.0 | 间接依赖 | npm |
| prop-types | 15.8.1 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| string_decoder | 1.3.0 | 间接依赖 | npm |
| inherits | 2.0.4 | 间接依赖 | npm |
| scheduler | 0.23.0 | 间接依赖 | npm |
| caniuse-lite | 1.0.30001470 | 间接依赖 | npm |
| csstype | 3.1.2 | 间接依赖 | npm |
| dfa | 1.2.0 | 间接依赖 | npm |
| source-map-js | 1.0.2 | 间接依赖 | npm |
| @react-pdf/render | 3.2.4 | 间接依赖 | npm |
| node-fetch | 2.6.7 | 间接依赖 | npm |
| clone | 2.1.2 | 间接依赖 | npm |
| glob-to-regexp | 0.4.1 | 间接依赖 | npm |
| @next/font | 13.2.4 | 直接依赖 | npm |
| shallow-equal | 1.2.1 | 间接依赖 | npm |
| @react-pdf/yoga | 4.1.2 | 间接依赖 | npm |
| raf | 3.4.1 | 间接依赖 | npm |
| @next/swc-darwin-x64 | 13.4.12 | 间接依赖 | npm |
| webidl-conversions | 3.0.1 | 间接依赖 | npm |
| hyphen | 1.6.5 | 间接依赖 | npm |
| @next/swc-darwin-arm64 | 13.4.12 | 间接依赖 | npm |
| pako | 1.0.11 | 间接依赖 | npm |
| events | 3.3.0 | 间接依赖 | npm |
| hsl-to-rgb-for-reals | 1.1.1 | 间接依赖 | npm |
| busboy | 1.6.0 | 间接依赖 | npm |
| is-number | 7.0.0 | 间接依赖 | npm |
| @react-pdf/pdfkit | 3.0.2 | 间接依赖 | npm |
| next-translate-plugin | 2.5.2 | 直接依赖 | npm |
| immutable | 4.3.0 | 间接依赖 | npm |
| glob-parent | 5.1.2 | 间接依赖 | npm |
| @react-pdf/types | 2.3.1 | 间接依赖 | npm |
| browserify-zlib | 0.2.0 | 间接依赖 | npm |
| abs-svg-path | 0.1.1 | 间接依赖 | npm |
| next-translate | 2.5.2 | 直接依赖 | npm |
| @react-pdf/primitives | 3.0.1 | 间接依赖 | npm |
| @swc/helpers | 0.4.14 | 间接依赖 | npm |
| @react-pdf/fns | 2.0.1 | 间接依赖 | npm |
| react-responsive | 9.0.2 | 直接依赖 | npm |
| postcss | 8.4.14 | 间接依赖 | npm |
| react-is | 16.13.1 | 间接依赖 | npm |
| braces | 3.0.2 | 间接依赖 | npm |
| performance-now | 2.1.0 | 间接依赖 | npm |
| @next/swc-win32-ia32-msvc | 13.4.12 | 间接依赖 | npm |
| @types/node | 18.15.11 | 直接依赖 | npm |
| is-extglob | 2.1.1 | 间接依赖 | npm |
| svg-arc-to-cubic-bezier | 3.2.0 | 间接依赖 | npm |
| zod | 3.21.4 | 间接依赖 | npm |
| @next/swc-linux-arm64-gnu | 13.4.12 | 间接依赖 | npm |
| client-only | 0.0.1 | 间接依赖 | npm |
| @next/swc-win32-arm64-msvc | 13.4.12 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| normalize-path | 3.0.0 | 间接依赖 | npm |
| watchpack | 2.4.0 | 间接依赖 | npm |
| readdirp | 3.6.0 | 间接依赖 | npm |
| css-mediaquery | 0.1.2 | 间接依赖 | npm |
| loose-envify | 1.4.0 | 间接依赖 | npm |
| fill-range | 7.0.1 | 间接依赖 | npm |
| next | 13.4.12 | 直接依赖 | npm |
| chokidar | 3.5.3 | 间接依赖 | npm |
| fast-deep-equal | 3.1.3 | 间接依赖 | npm |
| streamsearch | 1.1.0 | 间接依赖 | npm |