基础信息
项目名称:milesmcc/shynet
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1731148710068838400/1731148710114975744
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Junedchhipa ApexCharts 跨站脚本漏洞 | XSS | MPS-2021-1405 | CVE-2021-23327 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| apexcharts | 3.26.2 | 3.27.0 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 36 | 低 |
| BSD-3-Clause | 7 | 低 |
| ISC | 1 | 低 |
| BSD-2-Clause | 1 | 低 |
| 自定义许可证 | 1 | 低 |
| OFL-1.1 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| brfs | 1.6.1 | 间接依赖 | npm |
| TestCase | 间接依赖 | pip | |
| celery | 间接依赖 | pip | |
| has | 1.0.3 | 间接依赖 | npm |
| d3-queue | 2.0.3 | 间接依赖 | npm |
| d3-geo-projection | 0.2.16 | 间接依赖 | npm |
| convert-source-map | 1.7.0 | 间接依赖 | npm |
| ACTIVE_USER_TIMEDELTA | 间接依赖 | pip | |
| CommandError | 间接依赖 | pip | |
| svg.draggable.js | 2.2.2 | 间接依赖 | npm |
| buffer-equal | 0.0.1 | 间接依赖 | npm |
| svg.select.js | 3.0.1 | 间接依赖 | npm |
| apexcharts | 3.26.2 | 直接依赖 | npm |
| topojson | 1.6.27 | 间接依赖 | npm |
| svg.resize.js | 1.4.3 | 间接依赖 | npm |
| shallow-copy | 0.0.1 | 间接依赖 | npm |
| svg.easing.js | 2.0.0 | 间接依赖 | npm |
| @types/d3 | 3.5.38 | 间接依赖 | npm |
| TruncDate | 间接依赖 | pip | |
| optimist | 0.3.7 | 间接依赖 | npm |
| a17t | 0.5.1 | 直接依赖 | npm |
| wordwrap | 0.0.3 | 间接依赖 | npm |
| TruncHour | 间接依赖 | pip | |
| escodegen | 1.9.1 | 间接依赖 | npm |
| svg.filter.js | 2.0.2 | 间接依赖 | npm |
| iconv-lite | 0.2.11 | 间接依赖 | npm |
| Hit | 间接依赖 | pip | |
| through2 | 2.0.5 | 间接依赖 | npm |
| merge-source-map | 1.0.4 | 间接依赖 | npm |
| falafel | 2.2.4 | 间接依赖 | npm |
| static-module | 2.2.5 | 间接依赖 | npm |
| duplexer2 | 0.1.4 | 间接依赖 | npm |
| concat-stream | 1.6.2 | 间接依赖 | npm |
| reverse | 间接依赖 | pip | |
| xtend | 4.0.2 | 间接依赖 | npm |
| @fortawesome/fontawesome-free | 5.15.3 | 直接依赖 | npm |
| d3 | 3.5.17 | 间接依赖 | npm |
| rw | 1.3.3 | 间接依赖 | npm |
| svg.js | 2.7.1 | 间接依赖 | npm |
| litepicker | 2.0.11 | 直接依赖 | npm |
| magic-string | 0.22.5 | 间接依赖 | npm |
| static-eval | 2.1.0 | 间接依赖 | npm |
| Session | 间接依赖 | pip | |
| shapefile | 0.3.1 | 间接依赖 | npm |
| path-parse | 1.0.7 | 间接依赖 | npm |
| BaseCommand | 间接依赖 | pip | |
| allauth | 间接依赖 | pip | |
| Service | 间接依赖 | pip | |
| flag-icon-css | 3.5.0 | 直接依赖 | npm |
| quote-stream | 1.0.2 | 间接依赖 | npm |
| render | 间接依赖 | pip | |
| datamaps | 0.5.9 | 直接依赖 | npm |
| resolve | 1.20.0 | 间接依赖 | npm |
| object-inspect | 1.4.1 | 间接依赖 | npm |
| is-core-module | 2.2.0 | 间接依赖 | npm |
| svg.pathmorphing.js | 0.1.3 | 间接依赖 | npm |
| minimist | 1.2.6 | 间接依赖 | npm |
| RequestFactory | 间接依赖 | pip | |
| readable-stream | 2.3.7 | 间接依赖 | npm |
| inter-ui | 3.18.1 | 直接依赖 | npm |
| django | 间接依赖 | pip |