基础信息
项目名称:confluence-publisher/confluence-publisher
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721103022217564160/1727703336940949504
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| 【存在争议】FasterXML jackson-databind 代码问题漏洞 | 不加限制或调节的资源分配 | MPS-z1bx-p8y2 | CVE-2023-35116 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| com.fasterxml.jackson.core:jackson-databind | 2.15.1 | 直接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 39 | 低 |
| MIT | 4 | 低 |
| BSD-3-Clause | 5 | 低 |
| GPL-2.0 | 4 | 中 |
| LGPL-2.1 | 4 | 中 |
| EPL-2.0 | 4 | 低 |
| 自定义许可证 | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| org.codehaus.plexus:plexus-sec-dispatcher | 2.0 | 直接依赖 | maven |
| org.codehaus.plexus:plexus-cipher | 2.0 | 间接依赖 | maven |
| org.jruby.joni:joni | 2.1.46 | 间接依赖 | maven |
| com.google.code.findbugs:jsr305 | 3.0.2 | 间接依赖 | maven |
| com.github.jnr:jnr-a64asm | 1.0.0 | 间接依赖 | maven |
| com.beust:jcommander | 1.82 | 间接依赖 | maven |
| org.apache.httpcomponents:httpcore | 4.4.16 | 间接依赖 | maven |
| org.apache.httpcomponents:httpclient | 4.5.14 | 直接依赖 | maven |
| org.asciidoctor:asciidoctorj-diagram-ditaamini | 1.0.3 | 间接依赖 | maven |
| com.google.j2objc:j2objc-annotations | 2.8 | 间接依赖 | maven |
| org.ow2.asm:asm-tree | 9.2 | 间接依赖 | maven |
| com.headius:backport9 | 1.12 | 间接依赖 | maven |
| com.google.guava:failureaccess | 1.0.1 | 间接依赖 | maven |
| me.qmx.jitescript:jitescript | 0.4.1 | 间接依赖 | maven |
| com.google.errorprone:error_prone_annotations | 2.18.0 | 间接依赖 | maven |
| org.jruby:jruby-base | 9.3.10.0 | 间接依赖 | maven |
| com.github.jnr:jnr-enxio | 0.32.14 | 间接依赖 | maven |
| commons-lang:commons-lang | 2.6 | 直接依赖 | maven |
| org.checkerframework:checker-qual | 3.33.0 | 间接依赖 | maven |
| org.ow2.asm:asm-analysis | 9.2 | 间接依赖 | maven |
| com.github.jnr:jnr-constants | 0.10.4 | 间接依赖 | maven |
| com.google.guava:listenablefuture | 9999.0-empty-to-avoid-conflict-with-guava | 间接依赖 | maven |
| com.headius:options | 1.6 | 间接依赖 | maven |
| org.jruby.jcodings:jcodings | 1.0.58 | 间接依赖 | maven |
| com.github.jnr:jnr-ffi | 2.2.13 | 间接依赖 | maven |
| org.asciidoctor:asciidoctorj | 2.5.8 | 直接依赖 | maven |
| org.sahli.asciidoc.confluence.publisher:asciidoc-confluence-publisher-cli | 0.0.0-SNAPSHOT | 直接依赖 | maven |
| com.headius:invokebinder | 1.12 | 间接依赖 | maven |
| com.github.jnr:jnr-posix | 3.1.16 | 间接依赖 | maven |
| org.jruby:dirgra | 0.3 | 间接依赖 | maven |
| org.asciidoctor:asciidoctorj-diagram | 2.2.8 | 直接依赖 | maven |
| org.asciidoctor:asciidoctorj-diagram-plantuml | 1.2023.5 | 间接依赖 | maven |
| org.jruby:jruby-stdlib | 9.3.10.0 | 间接依赖 | maven |
| com.github.jnr:jnr-x86asm | 1.0.2 | 间接依赖 | maven |
| com.github.jnr:jnr-unixsocket | 0.38.19 | 间接依赖 | maven |
| com.github.jnr:jnr-netdb | 1.2.0 | 间接依赖 | maven |
| org.asciidoctor:asciidoctorj-api | 2.5.8 | 间接依赖 | maven |
| com.fasterxml.jackson.core:jackson-annotations | 2.15.1 | 间接依赖 | maven |
| commons-codec:commons-codec | 1.15 | 直接依赖 | maven |
| org.sahli.asciidoc.confluence.publisher:asciidoc-confluence-publisher-converter | 0.0.0-SNAPSHOT | 直接依赖 | maven |
| org.jruby:jruby | 9.3.10.0 | 间接依赖 | maven |
| com.jcraft:jzlib | 1.1.3 | 间接依赖 | maven |
| org.sahli.asciidoc.confluence.publisher:asciidoc-confluence-publisher-client | 0.0.0-SNAPSHOT | 直接依赖 | maven |
| com.fasterxml.jackson.core:jackson-core | 2.15.1 | 间接依赖 | maven |
| com.google.guava:guava | 32.0.0-jre | 直接依赖 | maven |
| commons-logging:commons-logging | 1.2 | 间接依赖 | maven |
| org.apache.maven.shared:maven-verifier | 1.6 | 直接依赖 | maven |
| org.ow2.asm:asm-commons | 9.2 | 间接依赖 | maven |
| joda-time:joda-time | 2.10.10 | 间接依赖 | maven |
| org.apache.httpcomponents:httpmime | 4.5.14 | 直接依赖 | maven |
| com.fasterxml.jackson.core:jackson-databind | 2.15.1 | 直接依赖 | maven |
| org.ow2.asm:asm | 9.2 | 间接依赖 | maven |
| org.ow2.asm:asm-util | 9.2 | 间接依赖 | maven |
| com.github.jnr:jffi | 1.3.10 | 间接依赖 | maven |