基础信息
项目名称:JSPrismarine/JSPrismarine
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721324025371197440/1728566570923810816
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| node-semver 安全漏洞 | ReDoS | MPS-2022-5166 | CVE-2022-25883 | 高危 |
| Babel 插件任意代码执行漏洞漏洞【Poc公开】 | 不完整的黑名单 | MPS-avb9-j50z | CVE-2023-45133 | 严重 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| @babel/traverse | 7.22.11 | 7.23.2 | 间接依赖 | 建议修复 |
| semver | 6.3.1 | 7.5.2 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 259 | 低 |
| ISC | 36 | 低 |
| BSD-3-Clause | 9 | 低 |
| Apache-2.0 | 9 | 低 |
| BSD-2-Clause | 2 | 低 |
| CC-BY-4.0 | 1 | 低 |
| Unlicense | 1 | 低 |
| 自定义许可证 | 1 | 低 |
| BSD | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| to-regex-range | 5.0.1 | 间接依赖 | npm |
| leven | 3.1.0 | 间接依赖 | npm |
| find-parent-dir | 0.3.1 | 间接依赖 | npm |
| unzipper | 0.10.14 | 间接依赖 | npm |
| micromatch | 4.0.5 | 间接依赖 | npm |
| @sinclair/typebox | 0.27.8 | 间接依赖 | npm |
| picomatch | 2.3.1 | 间接依赖 | npm |
| @jridgewell/trace-mapping | 0.3.19 | 间接依赖 | npm |
| @jest/environment | 29.7.0 | 间接依赖 | npm |
| @babel/plugin-syntax-jsx | 7.22.5 | 间接依赖 | npm |
| jest-resolve | 29.7.0 | 间接依赖 | npm |
| yarnhook | 0.5.3 | 间接依赖 | npm |
| mkdirp | 1.0.4 | 间接依赖 | npm |
| heap | 0.2.7 | 间接依赖 | npm |
| get-stream | 6.0.1 | 间接依赖 | npm |
| @lukeed/ms | 2.0.1 | 间接依赖 | npm |
| supports-preserve-symlinks-flag | 1.0.0 | 间接依赖 | npm |
| is-arrayish | 0.3.2 | 间接依赖 | npm |
| logform | 2.5.1 | 间接依赖 | npm |
| @jridgewell/set-array | 1.1.2 | 间接依赖 | npm |
| find-up | 4.1.0 | 间接依赖 | npm |
| chalk | 2.4.2 | 间接依赖 | npm |
| buffers | 0.1.1 | 间接依赖 | npm |
| undici-types | 5.26.5 | 间接依赖 | npm |
| one-time | 1.0.0 | 间接依赖 | npm |
| supports-color | 8.1.1 | 间接依赖 | npm |
| eventemitter-asyncresource | 1.0.0 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| pirates | 4.0.6 | 间接依赖 | npm |
| semver | 6.3.1 | 间接依赖 | npm |
| @types/node-fetch | 2.6.4 | 间接依赖 | npm |
| kuler | 2.0.0 | 间接依赖 | npm |
| node-int64 | 0.4.0 | 间接依赖 | npm |
| minizlib | 2.1.2 | 间接依赖 | npm |
| @jest/expect | 29.7.0 | 间接依赖 | npm |
| @types/istanbul-reports | 3.0.1 | 间接依赖 | npm |
| @babel/plugin-syntax-nullish-coalescing-operator | 7.8.3 | 间接依赖 | npm |
| has | 1.0.3 | 间接依赖 | npm |
| istanbul-lib-coverage | 3.2.0 | 间接依赖 | npm |
| readable-stream | 3.6.2 | 间接依赖 | npm |
| @babel/helper-function-name | 7.22.5 | 间接依赖 | npm |
| winston-transport | 4.5.0 | 间接依赖 | npm |
| @babel/plugin-syntax-logical-assignment-operators | 7.10.4 | 间接依赖 | npm |
| path-is-absolute | 1.0.1 | 间接依赖 | npm |
| minipass | 3.3.6 | 间接依赖 | npm |
| jest-matcher-utils | 29.7.0 | 间接依赖 | npm |
| cross-spawn | 7.0.3 | 间接依赖 | npm |
| camelcase | 6.3.0 | 间接依赖 | npm |
| jest-message-util | 29.7.0 | 间接依赖 | npm |
| jest-regex-util | 29.6.3 | 间接依赖 | npm |
| babel-preset-current-node-syntax | 1.0.1 | 间接依赖 | npm |
| jest-pnp-resolver | 1.2.3 | 间接依赖 | npm |
| is-number | 7.0.0 | 间接依赖 | npm |
| @colors/colors | 1.6.0 | 间接依赖 | npm |
| @babel/helper-hoist-variables | 7.22.5 | 间接依赖 | npm |
| @types/node | 20.9.3 | 间接依赖 | npm |
| node-fetch | 3.3.2 | 间接依赖 | npm |
| asynckit | 0.4.0 | 间接依赖 | npm |
| fs.realpath | 1.0.0 | 间接依赖 | npm |
| fast-json-stable-stringify | 2.1.0 | 间接依赖 | npm |
| url-join | 4.0.1 | 间接依赖 | npm |
| ms | 2.1.2 | 间接依赖 | npm |
| @types/semver | 7.5.1 | 间接依赖 | npm |
| co | 4.6.0 | 间接依赖 | npm |
| fecha | 4.2.3 | 间接依赖 | npm |
| piscina | 3.2.0 | 间接依赖 | npm |
| @babel/plugin-syntax-object-rest-spread | 7.8.3 | 间接依赖 | npm |
| jest-runtime | 29.7.0 | 间接依赖 | npm |
| @babel/helper-environment-visitor | 7.22.5 | 间接依赖 | npm |
| @babel/plugin-syntax-json-strings | 7.8.3 | 间接依赖 | npm |
| @babel/plugin-syntax-optional-chaining | 7.8.3 | 间接依赖 | npm |
| tsafe | 1.6.5 | 间接依赖 | npm |
| @types/debug | 4.1.8 | 间接依赖 | npm |
| @types/lockfile | 1.0.2 | 间接依赖 | npm |
| @types/istanbul-lib-coverage | 2.0.4 | 间接依赖 | npm |
| is-generator-fn | 2.1.0 | 间接依赖 | npm |
| rimraf | 2.7.1 | 间接依赖 | npm |
| @istanbuljs/schema | 0.1.3 | 间接依赖 | npm |
| @jest/types | 29.6.3 | 间接依赖 | npm |
| bser | 2.1.1 | 间接依赖 | npm |
| convert-source-map | 1.9.0 | 间接依赖 | npm |
| brace-expansion | 1.1.11 | 间接依赖 | npm |
| fb-watchman | 2.0.2 | 间接依赖 | npm |
| @jridgewell/sourcemap-codec | 1.4.15 | 间接依赖 | npm |
| fs-extra | 10.1.0 | 间接依赖 | npm |
| braces | 3.0.2 | 间接依赖 | npm |
| tr46 | 0.0.3 | 间接依赖 | npm |
| @types/git-rev-sync | 2.0.2 | 间接依赖 | npm |
| jest-each | 29.7.0 | 间接依赖 | npm |
| data-uri-to-buffer | 4.0.1 | 间接依赖 | npm |
| mime-db | 1.52.0 | 间接依赖 | npm |
| wrappy | 1.0.2 | 间接依赖 | npm |
| rechoir | 0.6.2 | 间接依赖 | npm |
| async-exit-hook | 2.0.1 | 间接依赖 | npm |
| @babel/code-frame | 7.22.13 | 间接依赖 | npm |
| universalify | 2.0.0 | 间接依赖 | npm |
| setimmediate | 1.0.5 | 间接依赖 | npm |
| jest-light-runner | 0.5.1 | 间接依赖 | npm |
| process-nextick-args | 2.0.1 | 间接依赖 | npm |
| binary | 0.3.0 | 间接依赖 | npm |
| imurmurhash | 0.1.4 | 间接依赖 | npm |
| minipass | 5.0.0 | 间接依赖 | npm |
| bluebird | 3.4.7 | 间接依赖 | npm |
| fast-jwt | 3.3.2 | 间接依赖 | npm |
| duplexer2 | 0.1.4 | 间接依赖 | npm |
| node-fetch | 2.7.0 | 间接依赖 | npm |
| @jest/expect-utils | 29.7.0 | 间接依赖 | npm |
| npm-run-path | 4.0.1 | 间接依赖 | npm |
| signal-exit | 3.0.7 | 间接依赖 | npm |
| jsonfile | 6.1.0 | 间接依赖 | npm |
| node-releases | 2.0.13 | 间接依赖 | npm |
| listenercount | 1.0.1 | 间接依赖 | npm |
| safer-buffer | 2.1.2 | 间接依赖 | npm |
| execa | 5.1.1 | 间接依赖 | npm |
| web-streams-polyfill | 3.2.1 | 间接依赖 | npm |
| @babel/plugin-syntax-async-generators | 7.8.4 | 间接依赖 | npm |
| @types/ms | 0.7.31 | 间接依赖 | npm |
| triple-beam | 1.4.1 | 间接依赖 | npm |
| buffer-indexof-polyfill | 1.0.2 | 间接依赖 | npm |
| @jest/fake-timers | 29.7.0 | 间接依赖 | npm |
| traverse | 0.3.9 | 间接依赖 | npm |
| webidl-conversions | 3.0.1 | 间接依赖 | npm |
| safe-buffer | 5.2.1 | 间接依赖 | npm |
| text-hex | 1.0.0 | 间接依赖 | npm |
| json5 | 2.2.3 | 间接依赖 | npm |
| @babel/plugin-syntax-typescript | 7.22.5 | 间接依赖 | npm |
| color-string | 1.9.1 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| jsesc | 2.5.2 | 间接依赖 | npm |
| glob | 7.2.3 | 间接依赖 | npm |
| @babel/compat-data | 7.22.9 | 间接依赖 | npm |
| async | 3.2.4 | 间接依赖 | npm |
| @jest/console | 29.7.0 | 间接依赖 | npm |
| @jest/source-map | 29.6.3 | 间接依赖 | npm |
| @types/graceful-fs | 4.1.6 | 间接依赖 | npm |
| color | 3.2.1 | 间接依赖 | npm |
| jest-worker | 29.7.0 | 间接依赖 | npm |
| @jsprismarine/brigadier | 0.2.0-rc.1 | 间接依赖 | npm |
| merge-stream | 2.0.0 | 间接依赖 | npm |
| mnemonist | 0.39.5 | 间接依赖 | npm |
| walker | 1.0.8 | 间接依赖 | npm |
| strip-final-newline | 2.0.0 | 间接依赖 | npm |
| yaml | 2.3.4 | 间接依赖 | npm |
| minimatch | 3.1.2 | 间接依赖 | npm |
| path-parse | 1.0.7 | 间接依赖 | npm |
| ansi-styles | 5.2.0 | 间接依赖 | npm |
| electron-to-chromium | 1.4.505 | 间接依赖 | npm |
| stack-trace | 0.0.10 | 间接依赖 | npm |
| tar | 6.1.15 | 间接依赖 | npm |
| fs-minipass | 2.1.0 | 间接依赖 | npm |
| minimist | 1.2.8 | 间接依赖 | npm |
| callsites | 3.1.0 | 间接依赖 | npm |
| @babel/helper-module-transforms | 7.22.9 | 间接依赖 | npm |
| delayed-stream | 1.0.0 | 间接依赖 | npm |
| collect-v8-coverage | 1.0.2 | 间接依赖 | npm |
| ci-info | 3.8.0 | 间接依赖 | npm |
| istanbul-lib-instrument | 5.2.1 | 间接依赖 | npm |
| escape-string-regexp | 1.0.5 | 间接依赖 | npm |
| resolve-from | 5.0.0 | 间接依赖 | npm |
| yallist | 3.1.1 | 间接依赖 | npm |
| inflight | 1.0.6 | 间接依赖 | npm |
| pure-rand | 6.0.2 | 间接依赖 | npm |
| convert-source-map | 2.0.0 | 间接依赖 | npm |
| @types/stack-utils | 2.0.1 | 间接依赖 | npm |
| dedent | 1.5.1 | 间接依赖 | npm |
| minimalistic-assert | 1.0.1 | 间接依赖 | npm |
| semver | 7.5.4 | 间接依赖 | npm |
| @babel/helpers | 7.22.11 | 间接依赖 | npm |
| supports-color | 7.2.0 | 间接依赖 | npm |
| @jest/schemas | 29.6.3 | 间接依赖 | npm |
| jest-validate | 29.7.0 | 间接依赖 | npm |
| hdr-histogram-percentiles-obj | 3.0.0 | 间接依赖 | npm |
| mimic-fn | 2.1.0 | 间接依赖 | npm |
| pako | 1.0.11 | 间接依赖 | npm |
| @sinonjs/fake-timers | 10.3.0 | 间接依赖 | npm |
| @types/fs-extra | 9.0.13 | 间接依赖 | npm |
| normalize-path | 3.0.0 | 间接依赖 | npm |
| @babel/helper-plugin-utils | 7.22.5 | 间接依赖 | npm |
| tmpl | 1.0.5 | 间接依赖 | npm |
| @babel/generator | 7.22.10 | 间接依赖 | npm |
| winston | 3.11.0 | 间接依赖 | npm |
| @babel/helper-simple-access | 7.22.5 | 间接依赖 | npm |
| @types/tar | 6.1.5 | 间接依赖 | npm |
| @babel/types | 7.22.11 | 间接依赖 | npm |
| color-name | 1.1.3 | 间接依赖 | npm |
| @babel/helper-validator-identifier | 7.22.5 | 间接依赖 | npm |
| @babel/plugin-syntax-optional-catch-binding | 7.8.3 | 间接依赖 | npm |
| ecdsa-sig-formatter | 1.0.11 | 间接依赖 | npm |
| isexe | 2.0.0 | 间接依赖 | npm |
| @jridgewell/resolve-uri | 3.1.1 | 间接依赖 | npm |
| base64-js | 1.5.1 | 间接依赖 | npm |
| is-core-module | 2.13.0 | 间接依赖 | npm |
| @babel/core | 7.22.11 | 间接依赖 | npm |
| babel-plugin-istanbul | 6.1.1 | 间接依赖 | npm |
| @jest/transform | 29.7.0 | 间接依赖 | npm |
| diff-sequences | 29.6.3 | 间接依赖 | npm |
| slash | 3.0.0 | 间接依赖 | npm |
| human-signals | 2.1.0 | 间接依赖 | npm |
| yallist | 4.0.0 | 间接依赖 | npm |
| @types/yargs | 17.0.24 | 间接依赖 | npm |
| function-bind | 1.1.1 | 间接依赖 | npm |
| @dabh/diagnostics | 2.0.3 | 间接依赖 | npm |
| debug | 4.3.4 | 间接依赖 | npm |
| concat-map | 0.0.1 | 间接依赖 | npm |
| esprima | 4.0.1 | 间接依赖 | npm |
| asn1.js | 5.4.1 | 间接依赖 | npm |
| graceful-fs | 4.1.15 | 间接依赖 | npm |
| stack-utils | 2.0.6 | 间接依赖 | npm |
| fn.name | 1.1.0 | 间接依赖 | npm |
| @jest/globals | 29.7.0 | 间接依赖 | npm |
| strip-json-comments | 5.0.1 | 间接依赖 | npm |
| natural-compare | 1.4.0 | 间接依赖 | npm |
| core-util-is | 1.0.3 | 间接依赖 | npm |
| jest-snapshot | 29.7.0 | 间接依赖 | npm |
| resolve | 1.22.4 | 间接依赖 | npm |
| minipass | 4.2.8 | 间接依赖 | npm |
| globals | 11.12.0 | 间接依赖 | npm |
| escape-string-regexp | 2.0.0 | 间接依赖 | npm |
| formdata-polyfill | 4.0.10 | 间接依赖 | npm |
| inherits | 2.0.4 | 间接依赖 | npm |
| mime-types | 2.1.35 | 间接依赖 | npm |
| @jsprismarine/jsbinaryutils | 5.4.4 | 间接依赖 | npm |
| lru-cache | 5.1.1 | 间接依赖 | npm |
| @babel/helper-validator-option | 7.22.5 | 间接依赖 | npm |
| graceful-fs | 4.2.11 | 间接依赖 | npm |
| @jridgewell/gen-mapping | 0.3.3 | 间接依赖 | npm |
| fetch-blob | 3.2.0 | 间接依赖 | npm |
| @babel/highlight | 7.22.13 | 间接依赖 | npm |
| interpret | 1.4.0 | 间接依赖 | npm |
| @babel/plugin-syntax-top-level-await | 7.14.5 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| jest-haste-map | 29.7.0 | 间接依赖 | npm |
| combined-stream | 1.0.8 | 间接依赖 | npm |
| onetime | 5.1.2 | 间接依赖 | npm |
| color-convert | 1.9.3 | 间接依赖 | npm |
| @assemblyscript/loader | 0.10.1 | 间接依赖 | npm |
| simplex-noise | 4.0.1 | 间接依赖 | npm |
| enabled | 2.0.0 | 间接依赖 | npm |
| once | 1.4.0 | 间接依赖 | npm |
| lru-cache | 6.0.0 | 间接依赖 | npm |
| balanced-match | 1.0.2 | 间接依赖 | npm |
| @types/unzipper | 0.10.9 | 间接依赖 | npm |
| shebang-regex | 3.0.0 | 间接依赖 | npm |
| @jsprismarine/bedrock-data | 1.20.15-b | 间接依赖 | npm |
| anymatch | 3.1.3 | 间接依赖 | npm |
| @babel/plugin-syntax-import-meta | 7.10.4 | 间接依赖 | npm |
| type-detect | 4.0.8 | 间接依赖 | npm |
| live-plugin-manager | 0.18.1 | 间接依赖 | npm |
| pretty-format | 29.7.0 | 间接依赖 | npm |
| lockfile | 1.0.4 | 间接依赖 | npm |
| react-is | 18.2.0 | 间接依赖 | npm |
| which | 2.0.2 | 间接依赖 | npm |
| @babel/traverse | 7.22.11 | 间接依赖 | npm |
| @types/istanbul-lib-report | 3.0.0 | 间接依赖 | npm |
| colorspace | 1.1.4 | 间接依赖 | npm |
| jest-circus | 29.7.0 | 间接依赖 | npm |
| @babel/helper-compilation-targets | 7.22.10 | 间接依赖 | npm |
| jest-util | 29.7.0 | 间接依赖 | npm |
| @ampproject/remapping | 2.2.1 | 间接依赖 | npm |
| chownr | 2.0.0 | 间接依赖 | npm |
| get-package-type | 0.1.0 | 间接依赖 | npm |
| minimal-polyfills | 2.2.3 | 间接依赖 | npm |
| @istanbuljs/load-nyc-config | 1.1.0 | 间接依赖 | npm |
| to-fast-properties | 2.0.0 | 间接依赖 | npm |
| camelcase | 5.3.1 | 间接依赖 | npm |
| @babel/plugin-syntax-bigint | 7.8.3 | 间接依赖 | npm |
| string_decoder | 1.3.0 | 间接依赖 | npm |
| fill-range | 7.0.1 | 间接依赖 | npm |
| caniuse-lite | 1.0.30001524 | 间接依赖 | npm |
| @types/url-join | 4.0.1 | 间接依赖 | npm |
| has-flag | 4.0.0 | 间接依赖 | npm |
| form-data | 3.0.1 | 间接依赖 | npm |
| strip-bom | 4.0.0 | 间接依赖 | npm |
| big-integer | 1.6.51 | 间接依赖 | npm |
| @types/yargs-parser | 21.0.0 | 间接依赖 | npm |
| fflate | 0.8.1 | 间接依赖 | npm |
| makeerror | 1.0.12 | 间接依赖 | npm |
| path-key | 3.1.1 | 间接依赖 | npm |
| git-rev-sync | 3.0.2 | 间接依赖 | npm |
| @colors/colors | 1.5.0 | 间接依赖 | npm |
| shebang-command | 2.0.0 | 间接依赖 | npm |
| whatwg-url | 5.0.0 | 间接依赖 | npm |
| path-exists | 4.0.0 | 间接依赖 | npm |
| @babel/template | 7.22.5 | 间接依赖 | npm |
| chainsaw | 0.1.0 | 间接依赖 | npm |
| js-yaml | 3.14.1 | 间接依赖 | npm |
| supports-color | 9.4.0 | 间接依赖 | npm |
| fstream | 1.0.12 | 间接依赖 | npm |
| run-exclusive | 2.2.19 | 间接依赖 | npm |
| @babel/helper-module-imports | 7.22.5 | 间接依赖 | npm |
| simple-swizzle | 0.2.2 | 间接依赖 | npm |
| test-exclude | 6.0.0 | 间接依赖 | npm |
| yocto-queue | 0.1.0 | 间接依赖 | npm |
| expect | 29.7.0 | 间接依赖 | npm |
| update-browserslist-db | 1.0.11 | 间接依赖 | npm |
| chalk | 4.1.2 | 间接依赖 | npm |
| @babel/plugin-syntax-numeric-separator | 7.10.4 | 间接依赖 | npm |
| @jest/test-result | 29.7.0 | 间接依赖 | npm |
| escalade | 3.1.1 | 间接依赖 | npm |
| cjs-module-lexer | 1.2.3 | 间接依赖 | npm |
| safe-stable-stringify | 2.4.3 | 间接依赖 | npm |
| ansi-styles | 3.2.1 | 间接依赖 | npm |
| mkdirp | 0.5.6 | 间接依赖 | npm |
| node-domexception | 1.0.0 | 间接依赖 | npm |
| @babel/helper-split-export-declaration | 7.22.6 | 间接依赖 | npm |
| jest-mock | 29.7.0 | 间接依赖 | npm |
| write-file-atomic | 4.0.2 | 间接依赖 | npm |
| bn.js | 4.12.0 | 间接依赖 | npm |
| hdr-histogram-js | 2.0.3 | 间接依赖 | npm |
| evt | 2.5.3 | 间接依赖 | npm |
| @types/triple-beam | 1.3.2 | 间接依赖 | npm |
| jest-diff | 29.7.0 | 间接依赖 | npm |
| @babel/plugin-syntax-class-properties | 7.12.13 | 间接依赖 | npm |
| node-machine-id | 1.1.12 | 间接依赖 | npm |
| obliterator | 2.0.4 | 间接依赖 | npm |
| is-stream | 2.0.1 | 间接依赖 | npm |
| @babel/helper-string-parser | 7.22.5 | 间接依赖 | npm |
| @babel/parser | 7.22.13 | 间接依赖 | npm |
| resolve.exports | 2.0.2 | 间接依赖 | npm |
| @sinonjs/commons | 3.0.0 | 间接依赖 | npm |
| gensync | 1.0.0-beta.2 | 间接依赖 | npm |
| readable-stream | 2.3.8 | 间接依赖 | npm |
| shelljs | 0.8.5 | 间接依赖 | npm |
| browserslist | 4.21.10 | 间接依赖 | npm |
| jest-get-type | 29.6.3 | 间接依赖 | npm |
| p-limit | 3.1.0 | 间接依赖 | npm |