基础信息
项目名称:facebook/hack-codegen
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721179781805969408/1729395916496396288
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Jekyll 安全漏洞 | 在文件访问前对链接解析不恰当(链接跟随) | MPS-2018-12834 | CVE-2018-17567 | 高危 |
| kramdown gem for Ruby 注入漏洞 | 授权检查缺失 | MPS-2020-10619 | CVE-2020-14001 | 严重 |
| Ruby JSON gem 输入验证错误漏洞 | 拒绝服务 | MPS-2020-15713 | CVE-2020-10663 | 高危 |
| Ruby on Rails 代码问题漏洞 | 反序列化 | MPS-2020-9184 | CVE-2020-8165 | 严重 |
| Addressable资源管理错误漏洞 | 拒绝服务 | MPS-2021-9447 | CVE-2021-32740 | 高危 |
| rubygem-activesupport 安全漏洞 | ReDoS | MPS-2023-0494 | CVE-2023-22796 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| activesupport | 4.2.7 | 6.1.7.1 | 间接依赖 | 强烈建议修复 |
| jekyll | 3.3.0 | 3.6.3 | 间接依赖 | 建议修复 |
| json | 1.8.6 | 2.3.0 | 间接依赖 | 建议修复 |
| addressable | 2.4.0 | 2.8.0 | 间接依赖 | 建议修复 |
| kramdown | 1.11.1 | 2.3.1 | 间接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| 自定义许可证 | 4 | 低 |
| MIT | 3 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| octokit | 4.22.0 | 间接依赖 | bundler |
| jemoji | 0.7.0 | 间接依赖 | bundler |
| hhvm | ^4.128 | 间接依赖 | composer |
| tzinfo | 1.2.10 | 间接依赖 | bundler |
| sass | 3.7.4 | 间接依赖 | bundler |
| jekyll-seo-tag | 2.1.0 | 间接依赖 | bundler |
| jekyll-swiss | 0.4.0 | 间接依赖 | bundler |
| jekyll-sitemap | 0.12.0 | 间接依赖 | bundler |
| minima | 2.0.0 | 间接依赖 | bundler |
| jekyll-github-metadata | 2.2.0 | 间接依赖 | bundler |
| faraday-net_http_persistent | 1.2.0 | 间接依赖 | bundler |
| rouge | 1.11.1 | 间接依赖 | bundler |
| rb-fsevent | 0.11.1 | 间接依赖 | bundler |
| liquid | 3.0.6 | 间接依赖 | bundler |
| sass-listen | 4.0.0 | 间接依赖 | bundler |
| public_suffix | 1.5.3 | 间接依赖 | bundler |
| thread_safe | 0.3.6 | 间接依赖 | bundler |
| rb-inotify | 0.10.1 | 间接依赖 | bundler |
| nokogiri | 1.13.10 | 间接依赖 | bundler |
| ruby2_keywords | 0.0.5 | 间接依赖 | bundler |
| jekyll-feed | 0.8.0 | 间接依赖 | bundler |
| addressable | 2.4.0 | 间接依赖 | bundler |
| racc | 1.6.1 | 间接依赖 | bundler |
| ethon | 0.15.0 | 间接依赖 | bundler |
| listen | 3.0.6 | 间接依赖 | bundler |
| forwardable-extended | 2.6.0 | 间接依赖 | bundler |
| minitest | 5.15.0 | 间接依赖 | bundler |
| faraday-excon | 1.1.0 | 间接依赖 | bundler |
| faraday-multipart | 1.0.3 | 间接依赖 | bundler |
| github-pages | 104 | 间接依赖 | bundler |
| faraday-patron | 1.0.0 | 间接依赖 | bundler |
| concurrent-ruby | 1.1.10 | 间接依赖 | bundler |
| faraday-retry | 1.0.3 | 间接依赖 | bundler |
| jekyll-coffeescript | 1.0.1 | 间接依赖 | bundler |
| activesupport | 4.2.7 | 间接依赖 | bundler |
| mini_portile2 | 2.8.0 | 间接依赖 | bundler |
| faraday-em_synchrony | 1.0.0 | 间接依赖 | bundler |
| jekyll-avatar | 0.4.2 | 间接依赖 | bundler |
| faraday-rack | 1.0.0 | 间接依赖 | bundler |
| terminal-table | 1.8.0 | 间接依赖 | bundler |
| jekyll-redirect-from | 0.11.0 | 间接依赖 | bundler |
| jekyll-paginate | 1.1.0 | 间接依赖 | bundler |
| gemoji | 2.1.0 | 间接依赖 | bundler |
| coffee-script-source | 1.12.2 | 间接依赖 | bundler |
| execjs | 2.8.1 | 间接依赖 | bundler |
| faraday-httpclient | 1.0.1 | 间接依赖 | bundler |
| multipart-post | 2.1.1 | 间接依赖 | bundler |
| jekyll-watch | 1.5.1 | 间接依赖 | bundler |
| github-pages-health-check | 1.2.0 | 间接依赖 | bundler |
| ffi | 1.15.5 | 间接依赖 | bundler |
| jekyll | 3.3.0 | 间接依赖 | bundler |
| json | 1.8.6 | 间接依赖 | bundler |
| coffee-script | 2.4.1 | 间接依赖 | bundler |
| sawyer | 0.8.2 | 间接依赖 | bundler |
| safe_yaml | 1.0.5 | 间接依赖 | bundler |
| pathutil | 0.16.2 | 间接依赖 | bundler |
| faraday-em_http | 1.0.0 | 间接依赖 | bundler |
| typhoeus | 0.8.0 | 间接依赖 | bundler |
| faraday-net_http | 1.0.1 | 间接依赖 | bundler |
| net-dns | 0.9.0 | 间接依赖 | bundler |
| mercenary | 0.3.6 | 间接依赖 | bundler |
| html-pipeline | 2.14.1 | 间接依赖 | bundler |
| colorator | 1.1.0 | 间接依赖 | bundler |
| i18n | 0.9.5 | 间接依赖 | bundler |
| jekyll-gist | 1.4.0 | 间接依赖 | bundler |
| faraday | 1.10.0 | 间接依赖 | bundler |
| jekyll-sass-converter | 1.3.0 | 间接依赖 | bundler |
| unicode-display_width | 1.8.0 | 间接依赖 | bundler |
| kramdown | 1.11.1 | 间接依赖 | bundler |
| jekyll-mentions | 1.2.0 | 间接依赖 | bundler |