JasperFx/marten 软件分析报告

基础信息

项目名称:JasperFx/marten

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1721294843300106240/1730484185918820352

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
Mermaid 跨站脚本漏洞 XSS MPS-2022-11138 CVE-2022-31108 中危
node-semver 安全漏洞 ReDoS MPS-2022-5166 CVE-2022-25883 高危
get-func-name 安全漏洞 ReDoS MPS-cyhe-l36p CVE-2023-43646 高危
Vite 安全漏洞 使用不正确的解析名称或索引 MPS-o473-85mg CVE-2023-34092 高危
PostCSS 安全漏洞 注入 MPS-y3tx-jzms CVE-2023-44270 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
vite 4.3.5 4.3.9 间接依赖 建议修复
semver 5.7.1 7.5.2 间接依赖 可选修复
get-func-name 2.0.0 2.0.1 间接依赖 可选修复
mermaid 8.14.0 9.1.3 直接依赖 可选修复
postcss 8.4.23 8.4.31 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
MIT 200
CC-BY-3.0 1
ISC 50
Unlicense 1
BSD-3-Clause 9
CC0-1.0 1
Python-2.0 1
Apache-2.0 3
BSD-2-Clause 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
@algolia/cache-in-memory 4.17.0 间接依赖 npm
npm-run-all 4.1.5 直接依赖 npm
is-weakref 1.0.2 间接依赖 npm
camelcase 6.3.0 间接依赖 npm
has-flag 4.0.0 间接依赖 npm
graphlib 2.1.8 间接依赖 npm
find-up 5.0.0 间接依赖 npm
is-fullwidth-code-point 3.0.0 间接依赖 npm
is-string 1.0.7 间接依赖 npm
chalk 4.1.2 间接依赖 npm
spdx-exceptions 2.3.0 间接依赖 npm
path-key 2.0.1 间接依赖 npm
mocha 10.2.0 直接依赖 npm
object-keys 1.1.1 间接依赖 npm
anymatch 3.1.2 间接依赖 npm
d3-scale-chromatic 3.0.0 间接依赖 npm
object.assign 4.1.2 间接依赖 npm
readdirp 3.6.0 间接依赖 npm
check-error 1.0.2 间接依赖 npm
isexe 2.0.0 间接依赖 npm
fsevents 2.3.2 间接依赖 npm
robust-predicates 3.0.1 间接依赖 npm
vitepress 1.0.0-alpha.75 直接依赖 npm
glob-parent 5.1.2 间接依赖 npm
is-symbol 1.0.4 间接依赖 npm
@algolia/transporter 4.17.0 间接依赖 npm
debug 4.3.4 间接依赖 npm
cytoscape 3.23.0 间接依赖 npm
dompurify 2.3.5 间接依赖 npm
@braintree/sanitize-url 6.0.2 间接依赖 npm
serialize-javascript 6.0.0 间接依赖 npm
unbox-primitive 1.0.1 间接依赖 npm
picocolors 1.0.0 间接依赖 npm
internal-slot 1.0.3 间接依赖 npm
mermaid 8.14.0 直接依赖 npm
string.prototype.trimstart 1.0.4 间接依赖 npm
pathval 1.1.1 间接依赖 npm
braces 3.0.2 间接依赖 npm
d3-format 3.1.0 间接依赖 npm
@docsearch/react 3.3.4 间接依赖 npm
@esbuild/darwin-arm64 0.17.18 间接依赖 npm
minimatch 3.1.2 间接依赖 npm
color-convert 2.0.1 间接依赖 npm
stylis 4.1.2 间接依赖 npm
d3 7.8.2 间接依赖 npm
shebang-command 1.2.0 间接依赖 npm
is-date-object 1.0.5 间接依赖 npm
y18n 5.0.8 间接依赖 npm
inflight 1.0.6 间接依赖 npm
d3-time-format 4.1.0 间接依赖 npm
@esbuild/win32-x64 0.17.18 间接依赖 npm
@esbuild/android-arm64 0.17.18 间接依赖 npm
iconv-lite 0.6.3 间接依赖 npm
diff 5.0.0 间接依赖 npm
spdx-license-ids 3.0.11 间接依赖 npm
@types/scheduler 0.16.3 间接依赖 npm
vue 3.3.1 间接依赖 npm
vite 4.3.5 间接依赖 npm
@esbuild/win32-ia32 0.17.18 间接依赖 npm
p-locate 5.0.0 间接依赖 npm
algoliasearch 4.17.0 间接依赖 npm
side-channel 1.0.4 间接依赖 npm
escalade 3.1.1 间接依赖 npm
nanoid 3.3.3 间接依赖 npm
layout-base 1.0.2 间接依赖 npm
@vueuse/shared 10.1.2 间接依赖 npm
@vueuse/metadata 10.1.2 间接依赖 npm
inherits 2.0.4 间接依赖 npm
semver 5.7.1 间接依赖 npm
safe-buffer 5.2.1 间接依赖 npm
estree-walker 2.0.2 间接依赖 npm
d3-brush 3.0.0 间接依赖 npm
emoji-regex 8.0.0 间接依赖 npm
mark.js 8.11.1 间接依赖 npm
@esbuild/linux-mips64el 0.17.18 间接依赖 npm
d3-drag 3.0.0 间接依赖 npm
argparse 2.0.1 间接依赖 npm
is-binary-path 2.1.0 间接依赖 npm
path-parse 1.0.7 间接依赖 npm
yocto-queue 0.1.0 间接依赖 npm
@docsearch/css 3.3.4 间接依赖 npm
@vue/compiler-dom 3.3.1 间接依赖 npm
commander 7.2.0 间接依赖 npm
call-bind 1.0.2 间接依赖 npm
define-properties 1.1.3 间接依赖 npm
csstype 3.1.2 间接依赖 npm
body-scroll-lock 4.0.0-beta.0 间接依赖 npm
moment-mini 2.29.4 间接依赖 npm
d3-time 3.1.0 间接依赖 npm
brace-expansion 1.1.11 间接依赖 npm
d3-collection 1.0.7 直接依赖 npm
@types/prop-types 15.7.5 间接依赖 npm
wrap-ansi 7.0.0 间接依赖 npm
d3-fetch 3.0.1 间接依赖 npm
prop-types 15.8.1 间接依赖 npm
@docsearch/js 3.3.4 间接依赖 npm
@vue/runtime-dom 3.3.1 间接依赖 npm
validate-npm-package-license 3.0.4 间接依赖 npm
chai 4.3.7 直接依赖 npm
once 1.4.0 间接依赖 npm
d3-geo 3.1.0 间接依赖 npm
@algolia/requester-node-http 4.17.0 间接依赖 npm
react-dom 16.14.0 直接依赖 npm
object-assign 4.1.1 间接依赖 npm
@jridgewell/sourcemap-codec 1.4.15 间接依赖 npm
is-shared-array-buffer 1.0.1 间接依赖 npm
d3-timer 3.0.1 间接依赖 npm
is-regex 1.1.4 间接依赖 npm
supports-color 8.1.1 间接依赖 npm
d3-dsv 3.0.1 间接依赖 npm
d3-selection 3.0.0 间接依赖 npm
ansi-colors 4.1.1 间接依赖 npm
is-extglob 2.1.1 间接依赖 npm
@esbuild/darwin-x64 0.17.18 间接依赖 npm
netlify-cli 15.0.2 直接依赖 npm
is-number 7.0.0 间接依赖 npm
d3-random 3.0.1 间接依赖 npm
cytoscape-fcose 2.2.0 间接依赖 npm
string-width 4.2.3 间接依赖 npm
strip-json-comments 3.1.1 间接依赖 npm
wrappy 1.0.2 间接依赖 npm
is-number-object 1.0.6 间接依赖 npm
assertion-error 1.1.0 间接依赖 npm
parse-json 4.0.0 间接依赖 npm
dagre 0.8.5 间接依赖 npm
which-boxed-primitive 1.0.2 间接依赖 npm
error-ex 1.3.2 间接依赖 npm
read-pkg 3.0.0 间接依赖 npm
@types/react 18.2.6 直接依赖 npm
get-intrinsic 1.1.1 间接依赖 npm
jsonc-parser 3.2.0 间接依赖 npm
json-parse-better-errors 1.0.2 间接依赖 npm
vscode-textmate 8.0.0 间接依赖 npm
d3-delaunay 6.0.2 间接依赖 npm
es-to-primitive 1.2.1 间接依赖 npm
balanced-match 1.0.2 间接依赖 npm
d3-dispatch 3.0.1 间接依赖 npm
@esbuild/android-arm 0.17.18 间接依赖 npm
preact 10.13.2 间接依赖 npm
@vue/compiler-core 3.3.1 间接依赖 npm
d3-color 3.1.0 间接依赖 npm
workerpool 6.2.1 间接依赖 npm
@vue/compiler-sfc 3.3.1 间接依赖 npm
cliui 7.0.4 间接依赖 npm
fill-range 7.0.1 间接依赖 npm
nice-try 1.0.5 间接依赖 npm
@esbuild/win32-arm64 0.17.18 间接依赖 npm
lodash 4.17.21 间接依赖 npm
d3-path 3.1.0 间接依赖 npm
d3-hierarchy 3.1.2 间接依赖 npm
@algolia/cache-common 4.17.0 间接依赖 npm
@esbuild/linux-ppc64 0.17.18 间接依赖 npm
is-bigint 1.0.4 间接依赖 npm
@esbuild/freebsd-arm64 0.17.18 间接依赖 npm
load-json-file 4.0.0 间接依赖 npm
@algolia/requester-browser-xhr 4.17.0 间接依赖 npm
minisearch 6.0.1 间接依赖 npm
he 1.2.0 间接依赖 npm
@algolia/autocomplete-shared 1.8.2 间接依赖 npm
@vue/server-renderer 3.3.1 间接依赖 npm
is-plain-obj 2.1.0 间接依赖 npm
has-bigints 1.0.1 间接依赖 npm
es-abstract 1.19.1 间接依赖 npm
loose-envify 1.4.0 间接依赖 npm
@algolia/logger-common 4.17.0 间接依赖 npm
is-glob 4.0.3 间接依赖 npm
khroma 2.0.0 间接依赖 npm
magic-string 0.30.0 间接依赖 npm
@vitejs/plugin-vue 4.2.2 间接依赖 npm
is-boolean-object 1.1.2 间接依赖 npm
randombytes 2.1.0 间接依赖 npm
d3-scale 4.0.2 间接依赖 npm
@algolia/autocomplete-preset-algolia 1.8.2 间接依赖 npm
type-detect 4.0.8 间接依赖 npm
@vue/devtools-api 6.5.0 间接依赖 npm
picomatch 2.3.1 间接依赖 npm
@esbuild/android-x64 0.17.18 间接依赖 npm
@esbuild/sunos-x64 0.17.18 间接依赖 npm
@algolia/client-search 4.17.0 间接依赖 npm
is-core-module 2.10.0 间接依赖 npm
rw 1.3.3 间接依赖 npm
d3-force 3.0.0 间接依赖 npm
d3-interpolate 3.0.1 间接依赖 npm
js-yaml 4.1.0 间接依赖 npm
function-bind 1.1.1 间接依赖 npm
fs.realpath 1.0.0 间接依赖 npm
d3-zoom 3.0.0 间接依赖 npm
react-is 16.13.1 间接依赖 npm
internmap 2.0.3 间接依赖 npm
@esbuild/linux-riscv64 0.17.18 间接依赖 npm
@esbuild/freebsd-x64 0.17.18 间接依赖 npm
cross-spawn 6.0.5 间接依赖 npm
is-negative-zero 2.0.2 间接依赖 npm
path-exists 4.0.0 间接依赖 npm
d3-shape 3.2.0 间接依赖 npm
d3-contour 4.0.2 间接依赖 npm
shiki 0.14.2 间接依赖 npm
safer-buffer 2.1.2 间接依赖 npm
get-symbol-description 1.0.0 间接依赖 npm
path-is-absolute 1.0.1 间接依赖 npm
escape-string-regexp 4.0.0 间接依赖 npm
@vue/compiler-ssr 3.3.1 间接依赖 npm
get-caller-file 2.0.5 间接依赖 npm
@mermaid-js/mermaid-mindmap 9.3.0 直接依赖 npm
heap 0.2.7 间接依赖 npm
@esbuild/linux-x64 0.17.18 间接依赖 npm
binary-extensions 2.2.0 间接依赖 npm
loupe 2.3.4 间接依赖 npm
ms 2.1.3 间接依赖 npm
chokidar 3.5.3 间接依赖 npm
@algolia/autocomplete-core 1.8.2 间接依赖 npm
log-symbols 4.1.0 间接依赖 npm
@babel/parser 7.21.8 间接依赖 npm
strip-bom 3.0.0 间接依赖 npm
d3-transition 3.0.1 间接依赖 npm
@esbuild/netbsd-x64 0.17.18 间接依赖 npm
string.prototype.trimend 1.0.4 间接依赖 npm
strip-ansi 6.0.1 间接依赖 npm
@algolia/cache-browser-local-storage 4.17.0 间接依赖 npm
@algolia/requester-common 4.17.0 间接依赖 npm
normalize-path 3.0.0 间接依赖 npm
@esbuild/linux-loong64 0.17.18 间接依赖 npm
shebang-regex 1.0.0 间接依赖 npm
to-regex-range 5.0.1 间接依赖 npm
has-tostringtag 1.0.0 间接依赖 npm
@esbuild/linux-arm 0.17.18 间接依赖 npm
react 16.14.0 直接依赖 npm
yargs-unparser 2.0.0 间接依赖 npm
pify 3.0.0 间接依赖 npm
@vue/reactivity 3.3.1 间接依赖 npm
decamelize 4.0.0 间接依赖 npm
d3-polygon 3.0.1 间接依赖 npm
memorystream 0.3.1 间接依赖 npm
@vueuse/core 10.1.2 间接依赖 npm
d3-voronoi 1.1.4 直接依赖 npm
browser-stdout 1.3.1 间接依赖 npm
path-type 3.0.0 间接依赖 npm
@vue/reactivity-transform 3.3.1 间接依赖 npm
vitepress-plugin-mermaid 2.0.10 直接依赖 npm
@types/web-bluetooth 0.0.17 间接依赖 npm
@vue/shared 3.3.1 间接依赖 npm
rollup 3.21.6 间接依赖 npm
ansi-styles 4.3.0 间接依赖 npm
is-callable 1.2.4 间接依赖 npm
concat-map 0.0.1 间接依赖 npm
js-tokens 4.0.0 间接依赖 npm
object-inspect 1.12.0 间接依赖 npm
non-layered-tidy-tree-layout 2.0.2 间接依赖 npm
d3-ease 3.0.1 间接依赖 npm
has 1.0.3 间接依赖 npm
vscode-oniguruma 1.7.0 间接依赖 npm
spdx-correct 3.1.1 间接依赖 npm
cytoscape-cose-bilkent 4.1.0 间接依赖 npm
pidtree 0.3.1 间接依赖 npm
p-limit 3.1.0 间接依赖 npm
graceful-fs 4.2.9 间接依赖 npm
is-unicode-supported 0.1.0 间接依赖 npm
scheduler 0.19.1 间接依赖 npm
get-func-name 2.0.0 间接依赖 npm
hosted-git-info 2.8.9 间接依赖 npm
normalize-package-data 2.5.0 间接依赖 npm
is-arrayish 0.2.1 间接依赖 npm
postcss 8.4.23 间接依赖 npm
yargs 16.2.0 间接依赖 npm
supports-preserve-symlinks-flag 1.0.0 间接依赖 npm
@algolia/client-personalization 4.17.0 间接依赖 npm
string.prototype.padend 3.1.3 间接依赖 npm
glob 7.2.0 间接依赖 npm
dagre-d3 0.6.4 间接依赖 npm
ansi-regex 5.0.1 间接依赖 npm
delaunator 5.0.0 间接依赖 npm
resolve 1.22.1 间接依赖 npm
@esbuild/linux-s390x 0.17.18 间接依赖 npm
d3-array 3.2.2 间接依赖 npm
@esbuild/openbsd-x64 0.17.18 间接依赖 npm
@vue/runtime-core 3.3.1 间接依赖 npm
d3-chord 3.0.1 间接依赖 npm
cose-base 1.0.3 间接依赖 npm
@esbuild/linux-arm64 0.17.18 间接依赖 npm
d3-quadtree 3.0.1 间接依赖 npm
@algolia/logger-console 4.17.0 间接依赖 npm
deep-eql 4.1.3 间接依赖 npm
@algolia/client-common 4.17.0 间接依赖 npm
@esbuild/linux-ia32 0.17.18 间接依赖 npm
d3-axis 3.0.0 间接依赖 npm
@algolia/client-analytics 4.17.0 间接依赖 npm
yargs-parser 20.2.4 间接依赖 npm
has-symbols 1.0.2 间接依赖 npm
esbuild 0.17.18 间接依赖 npm
spdx-expression-parse 3.0.1 间接依赖 npm
color-name 1.1.4 间接依赖 npm
source-map-js 1.0.2 间接依赖 npm
ansi-sequence-parser 1.1.0 间接依赖 npm
shell-quote 1.7.3 间接依赖 npm
@algolia/client-account 4.17.0 间接依赖 npm
locate-path 6.0.0 间接依赖 npm
require-directory 2.1.1 间接依赖 npm
flat 5.0.2 间接依赖 npm
(0)
上一篇 2023年12月1日
下一篇 2023年12月1日

相关推荐

  • xdan/flipcountdown 软件分析报告

    基础信息 项目名称:xdan/flipcountdown 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721520708007784448/1721520708272025600 此报告由Murphysec提供…

    软件分析 2023年11月6日
    0
  • iacoposk8/Ajax-Chat 软件分析报告

    基础信息 项目名称:iacoposk8/Ajax-Chat 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718741447724548096/1718741447787462656 此报告由Murphysec提…

    软件分析 2023年10月30日
    0
  • 6thsolution/EasyMVP 软件分析报告

    基础信息 项目名称:6thsolution/EasyMVP 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1720484831701667840/1720484832137875456 此报告由Murphysec提…

    软件分析 2023年11月4日
    0
  • faisalman/ua-parser-js 软件分析报告

    基础信息 项目名称:faisalman/ua-parser-js 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721186296948396032/1723176039230169088 此报告由Murphys…

    软件分析 2023年11月11日
    0
  • cemolcay/MaterialCardView 软件分析报告

    基础信息 项目名称:cemolcay/MaterialCardView 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716608038856343552/1716608039548403712 此报告由Murp…

    软件分析 2023年10月24日
    0