基础信息
项目名称:Sylius/Sylius
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1744261853400915968/1744261853438664704
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| jQuery 跨站脚本漏洞 | XSS | MPS-2020-15461 | CVE-2020-11023 | 中危 |
| jQuery 跨站脚本漏洞 | XSS | MPS-2020-15462 | CVE-2020-11022 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| sphinx | 1.8.5 | 3.0.4 | 间接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 101 | 低 |
| LGPL-2.0 | 4 | 中 |
| BSD-3-Clause | 2 | 低 |
| Apache-2.0 | 1 | 低 |
| 自定义许可证 | 1 | 低 |
| BSD-2-Clause | 1 | 低 |
| BSD-4-Clause | 1 | 低 |
| LGPL-2.1 | 1 | 中 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| symfony/security-core | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/dependency-injection | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| doctrine/persistence | ^2.3 || ^3.0 | 间接依赖 | composer |
| sylius/theme-bundle | ^2.1.1 || ^2.3 | 间接依赖 | composer |
| webmozart/assert | ^1.9 | 间接依赖 | composer |
| gedmo/doctrine-extensions | ^3.2 | 间接依赖 | composer |
| psr/cache | ^2.0 | 间接依赖 | composer |
| doctrine/common | ^3.2 | 间接依赖 | composer |
| symfony/finder | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| willdurand/hateoas-bundle | ^2.0 | 间接依赖 | composer |
| nyholm/psr7 | ^1.6 | 间接依赖 | composer |
| sylius/fixtures-bundle | ^1.7 | 间接依赖 | composer |
| sonata-project/block-bundle | ^4.2 || ^5.0 | 间接依赖 | composer |
| symfony/doctrine-bridge | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| winzou/state-machine | ^0.4 | 间接依赖 | composer |
| api-platform/core | ^2.7.10 | 间接依赖 | composer |
| twig/intl-extra | ^2.12 || ^3.4 | 间接依赖 | composer |
| php-http/message-factory | ^1.0 | 间接依赖 | composer |
| symfony/polyfill-mbstring | ^1.17 | 间接依赖 | composer |
| symfony/expression-language | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| ramsey/uuid | ^4.0 | 间接依赖 | composer |
| symfony/polyfill-php80 | ^1.17 | 间接依赖 | composer |
| lexik/jwt-authentication-bundle | ^2.11 | 间接依赖 | composer |
| symfony/service-contracts | ^2.5 || ^3.0 | 间接依赖 | composer |
| sylius/registry | ^1.5 | 间接依赖 | composer |
| php-http/httplug | ^2.4 | 间接依赖 | composer |
| sphinx | 1.8.5 | 间接依赖 | pip |
| symfony/deprecation-contracts | ^2.5 | 间接依赖 | composer |
| league/flysystem-bundle | ^2.4 | 间接依赖 | composer |
| knplabs/knp-menu | ^3.1 | 间接依赖 | composer |
| symfony/yaml | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/framework-bundle | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/form | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| babdev/pagerfanta-bundle | ^3.0 | 间接依赖 | composer |
| symfony/http-foundation | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/proxy-manager-bridge | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/http-client | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| stof/doctrine-extensions-bundle | ^1.4 | 间接依赖 | composer |
| laminas/laminas-stdlib | ^3.3.1 | 间接依赖 | composer |
| knplabs/knp-gaufrette-bundle | ^0.7 || ^0.8 | 间接依赖 | composer |
| sylius-labs/polyfill-symfony-framework-bundle | ^1.0 || ^1.1 | 间接依赖 | composer |
| doctrine/orm | ^2.13 | 间接依赖 | composer |
| doctrine/dbal | ^3.0 | 间接依赖 | composer |
| symfony/translation-contracts | ^2.5 | 间接依赖 | composer |
| sylius/mailer-bundle | ^1.8 || ^2.0@beta | 间接依赖 | composer |
| symfony/messenger | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/security-bundle | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| guzzlehttp/psr7 | ^2.5 | 间接依赖 | composer |
| sylius/mailer | ^1.8 || ^2.0@beta | 间接依赖 | composer |
| symfony/http-kernel | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/property-access | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| knplabs/gaufrette | ^0.10 || ^0.11 | 间接依赖 | composer |
| symfony/workflow | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| payum/offline | ^1.7.3 | 间接依赖 | composer |
| requirements.txt | 间接依赖 | pip | |
| symfony/monolog-bundle | ^3.5 | 间接依赖 | composer |
| sylius/calendar | v0.5.0 | 间接依赖 | composer |
| friendsofphp/proxy-manager-lts | ^1.0.7 | 间接依赖 | composer |
| sylius-labs/polyfill-symfony-security | ^1.1 | 间接依赖 | composer |
| doctrine/doctrine-migrations-bundle | ^3.0.1 | 间接依赖 | composer |
| symfony/polyfill-intl-icu | ^1.22 | 间接依赖 | composer |
| sylius/resource-bundle | ^1.9 | 间接依赖 | composer |
| doctrine/event-manager | ^1.1 | 间接依赖 | composer |
| symfony/twig-bundle | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/routing | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/polyfill-iconv | ^1.17 | 间接依赖 | composer |
| egulias/email-validator | ^3.1 | 间接依赖 | composer |
| jinja2 | 3.0.0 | 间接依赖 | pip |
| symfony/config | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/password-hasher | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/event-dispatcher | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| guzzlehttp/guzzle | ^6.5 || ^7.0 | 间接依赖 | composer |
| behat/transliterator | ^1.3 | 间接依赖 | composer |
| symfony/intl | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/doctrine-messenger | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| liip/imagine-bundle | ^2.10 | 间接依赖 | composer |
| symfony/webpack-encore-bundle | ^1.15 | 间接依赖 | composer |
| symfony/translation | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| sylius/resource | ^1.9 | 间接依赖 | composer |
| symfony/mailer | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| jms/serializer-bundle | ^4.2 | 间接依赖 | composer |
| sylius-labs/doctrine-migrations-extra-bundle | ^0.1.4 || ^0.2 | 间接依赖 | composer |
| sylius-labs/polyfill-symfony-event-dispatcher | ^1.0.1 | 间接依赖 | composer |
| pagerfanta/pagerfanta | ^3.0 | 间接依赖 | composer |
| psr/log | ^2.0 | 间接依赖 | composer |
| payum/payum-bundle | ^2.5 | 间接依赖 | composer |
| symfony/templating | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| willdurand/hateoas | ^3.0 | 间接依赖 | composer |
| fakerphp/faker | ^1.10 | 间接依赖 | composer |
| knplabs/knp-menu-bundle | ^3.0 | 间接依赖 | composer |
| symfony/process | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/security-csrf | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| winzou/state-machine-bundle | ^0.6 | 间接依赖 | composer |
| friendsofsymfony/rest-bundle | ^3.0 | 间接依赖 | composer |
| symfony/property-info | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| enshrined/svg-sanitize | ^0.16 | 间接依赖 | composer |
| symfony/framework-bundle | 间接依赖 | composer | |
| sylius/grid-bundle | ^1.11 | 间接依赖 | composer |
| sylius/grid | ^1.11 | 间接依赖 | composer |
| symfony/security-http | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| doctrine/collections | ^1.6 | 间接依赖 | composer |
| symfony/validator | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| doctrine/doctrine-bundle | ^1.12 || ^2.3.1 | 间接依赖 | composer |
| symfony/filesystem | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| symfony/options-resolver | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| psr/http-message | ^1.0 | 间接依赖 | composer |
| doctrine/inflector | ^1.4 || ^2.0 | 间接依赖 | composer |
| docutils | 0.18 | 间接依赖 | pip |
| symfony/console | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| twig/twig | ^2.12 || ^3.3 | 间接依赖 | composer |
| symfony/asset | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| psr/http-client | ^1.0 | 间接依赖 | composer |
| symfony/string | ^5.4.21 || ^6.0 | 间接依赖 | composer |
| doctrine/migrations | ^3.5.5 | 间接依赖 | composer |
| sylius-labs/association-hydrator | ^1.1 || ^1.2 | 间接依赖 | composer |
| symfony/serializer | ^5.4.21 || ^6.0 | 间接依赖 | composer |