pretix/pretix 软件分析报告

基础信息

项目名称:pretix/pretix

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1751907499491729408/1751907531792064512

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
Pug 注入漏洞 注入 MPS-2021-2439 CVE-2021-21353 严重
Andrey Sitnik postcss 拒绝服务漏洞 拒绝服务 MPS-2021-4549 CVE-2021-23368 中危
postcss 存在正则表达式拒绝服务漏洞 拒绝服务 MPS-2021-5409 CVE-2021-23382 中危
uglify-js ReDoS MPS-2022-14112 中危
node-semver 安全漏洞 ReDoS MPS-2022-5166 CVE-2022-25883 高危
loader-utils 安全漏洞 不正确的正则表达式 MPS-2022-53512 CVE-2022-37599 高危
loader-utils 安全漏洞 不正确的正则表达式 MPS-2022-53516 CVE-2022-37603 高危
minimatch 资源管理错误漏洞 拒绝服务 MPS-2022-59845 CVE-2022-3517 高危
Tauri 原型污染漏洞 原型污染 MPS-2022-65568 CVE-2022-46175 高危
PostCSS 安全漏洞 注入 MPS-y3tx-jzms CVE-2023-44270 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
json5 0.5.1 1.0.2 间接依赖 建议修复
loader-utils 0.2.17 1.4.2 间接依赖 建议修复
postcss 7.0.35 8.4.31 间接依赖 建议修复
minimatch 3.0.4 3.0.5 间接依赖 建议修复
pug 2.0.4 3.0.1 间接依赖 建议修复
semver 5.7.2 7.5.2 间接依赖 可选修复
uglify-js 2.8.29 3.14.3 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
MIT 240
BSD-3-Clause 3
BSD-2-Clause 3
ISC 18
Apache-2.0 3
CC-BY-4.0 1
0BSD 1
CC0-1.0 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
@babel/plugin-syntax-import-attributes 7.23.3 间接依赖 npm
@babel/plugin-transform-duplicate-keys 7.23.3 间接依赖 npm
generic-names 1.0.3 间接依赖 npm
@babel/helper-hoist-variables 7.22.5 间接依赖 npm
@babel/template 7.22.15 间接依赖 npm
vue-runtime-helpers 1.1.2 间接依赖 npm
big.js 3.2.0 间接依赖 npm
@babel/plugin-syntax-import-meta 7.10.4 间接依赖 npm
stylus 0.54.8 间接依赖 npm
@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression 7.23.3 间接依赖 npm
indexes-of 1.0.1 间接依赖 npm
estree-walker 0.6.1 间接依赖 npm
@vue/component-compiler 4.2.3 间接依赖 npm
@babel/runtime 7.23.6 间接依赖 npm
@babel/plugin-transform-async-generator-functions 7.23.7 间接依赖 npm
@babel/plugin-syntax-private-property-in-object 7.14.5 间接依赖 npm
babylon 6.18.0 间接依赖 npm
@babel/plugin-transform-arrow-functions 7.23.3 间接依赖 npm
@babel/plugin-syntax-json-strings 7.8.3 间接依赖 npm
source-map 0.7.3 间接依赖 npm
@babel/helper-environment-visitor 7.22.20 间接依赖 npm
prr 1.0.1 间接依赖 npm
unicode-property-aliases-ecmascript 2.1.0 间接依赖 npm
chokidar 3.5.1 间接依赖 npm
@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining 7.23.3 间接依赖 npm
js-stringify 1.0.2 间接依赖 npm
@babel/plugin-syntax-export-namespace-from 7.8.3 间接依赖 npm
builtin-modules 3.3.0 间接依赖 npm
uglify-js 2.8.29 间接依赖 npm
color-convert 1.9.3 间接依赖 npm
has 1.0.3 间接依赖 npm
he 1.2.0 间接依赖 npm
anymatch 3.1.1 间接依赖 npm
@ampproject/remapping 2.2.0 间接依赖 npm
@babel/plugin-transform-nullish-coalescing-operator 7.23.4 间接依赖 npm
escalade 3.1.1 间接依赖 npm
acorn-globals 3.1.0 间接依赖 npm
rollup 2.79.1 直接依赖 npm
util-deprecate 1.0.2 间接依赖 npm
@babel/plugin-syntax-top-level-await 7.14.5 间接依赖 npm
strip-ansi 3.0.1 直接依赖 npm
source-map-resolve 0.5.3 间接依赖 npm
graceful-fs 4.2.6 间接依赖 npm
@babel/plugin-transform-object-super 7.23.3 间接依赖 npm
pretix 间接依赖 pip
postcss 7.0.35 间接依赖 npm
is-extglob 2.1.1 间接依赖 npm
safer-buffer 2.1.2 间接依赖 npm
pug-runtime 2.0.5 间接依赖 npm
@babel/types 7.23.6 间接依赖 npm
@babel/plugin-transform-member-expression-literals 7.23.3 间接依赖 npm
void-elements 2.0.1 间接依赖 npm
@babel/plugin-transform-logical-assignment-operators 7.23.4 间接依赖 npm
convert-source-map 2.0.0 间接依赖 npm
promise 7.3.1 间接依赖 npm
@babel/plugin-transform-destructuring 7.23.3 间接依赖 npm
@babel/plugin-transform-modules-commonjs 7.23.3 间接依赖 npm
@babel/plugin-transform-shorthand-properties 7.23.3 间接依赖 npm
@jridgewell/set-array 1.1.0 间接依赖 npm
native-request 1.0.8 间接依赖 npm
css-parse 2.0.0 间接依赖 npm
@babel/plugin-transform-sticky-regex 7.23.3 间接依赖 npm
token-stream 0.0.1 间接依赖 npm
@rollup/plugin-babel 6.0.4 直接依赖 npm
@babel/helper-replace-supers 7.22.20 间接依赖 npm
once 1.4.0 间接依赖 npm
sourcemap-codec 1.4.8 间接依赖 npm
jstransformer 1.0.0 间接依赖 npm
@babel/plugin-transform-json-strings 7.23.4 间接依赖 npm
color-name 1.1.3 间接依赖 npm
normalize-path 3.0.0 间接依赖 npm
@babel/plugin-transform-exponentiation-operator 7.23.3 间接依赖 npm
vue 2.7.16 直接依赖 npm
pug-linker 3.0.6 间接依赖 npm
uglify-to-browserify 1.0.2 间接依赖 npm
@babel/plugin-transform-optional-catch-binding 7.23.4 间接依赖 npm
@babel/helper-skip-transparent-expression-wrappers 7.22.5 间接依赖 npm
@babel/plugin-syntax-object-rest-spread 7.8.3 间接依赖 npm
@jridgewell/trace-mapping 0.3.17 间接依赖 npm
supports-preserve-symlinks-flag 1.0.0 间接依赖 npm
glob 7.1.6 间接依赖 npm
node-releases 2.0.14 间接依赖 npm
fsevents 2.3.2 间接依赖 npm
pug-filters 3.1.1 间接依赖 npm
errno 0.1.8 间接依赖 npm
fs.realpath 1.0.0 间接依赖 npm
supports-color 6.1.0 间接依赖 npm
yargs 3.10.0 间接依赖 npm
@babel/helper-remap-async-to-generator 7.22.20 间接依赖 npm
@babel/plugin-syntax-logical-assignment-operators 7.10.4 间接依赖 npm
@babel/plugin-transform-block-scoping 7.23.4 间接依赖 npm
@babel/plugin-transform-function-name 7.23.3 间接依赖 npm
@babel/plugin-transform-classes 7.23.5 间接依赖 npm
@babel/plugin-transform-numeric-separator 7.23.4 间接依赖 npm
prettier 1.19.1 间接依赖 npm
@babel/parser 7.23.6 间接依赖 npm
@babel/plugin-transform-class-properties 7.23.3 间接依赖 npm
@babel/helpers 7.23.7 间接依赖 npm
@babel/helper-simple-access 7.22.5 间接依赖 npm
pug-parser 5.0.1 间接依赖 npm
@babel/plugin-transform-unicode-escapes 7.23.3 间接依赖 npm
yallist 2.1.2 间接依赖 npm
js-base64 2.6.4 直接依赖 npm
electron-to-chromium 1.4.615 间接依赖 npm
debug 4.3.1 间接依赖 npm
@babel/plugin-transform-unicode-sets-regex 7.23.3 间接依赖 npm
is-promise 2.2.2 间接依赖 npm
rollup-plugin-vue 5.1.9 直接依赖 npm
@babel/plugin-transform-template-literals 7.23.3 间接依赖 npm
@babel/helper-module-imports 7.22.15 间接依赖 npm
js-tokens 4.0.0 间接依赖 npm
is-what 3.12.0 间接依赖 npm
path-parse 1.0.7 间接依赖 npm
@babel/plugin-syntax-import-assertions 7.23.3 间接依赖 npm
@types/babylon 6.16.5 间接依赖 npm
has-flag 3.0.0 间接依赖 npm
@babel/plugin-syntax-numeric-separator 7.10.4 间接依赖 npm
to-fast-properties 1.0.3 间接依赖 npm
@babel/plugin-transform-reserved-words 7.23.3 间接依赖 npm
postcss-modules-sync 1.0.0 间接依赖 npm
constantinople 3.1.2 间接依赖 npm
pug-walk 1.1.8 间接依赖 npm
readdirp 3.5.0 间接依赖 npm
character-parser 2.2.0 间接依赖 npm
emojis-list 2.1.0 间接依赖 npm
caniuse-lite 1.0.30001570 间接依赖 npm
sass 1.32.7 间接依赖 npm
fill-range 7.0.1 间接依赖 npm
babel-plugin-polyfill-regenerator 0.5.4 间接依赖 npm
braces 3.0.2 间接依赖 npm
path-is-absolute 1.0.1 间接依赖 npm
@babel/helper-function-name 7.23.0 间接依赖 npm
browserslist 4.22.2 间接依赖 npm
binary-extensions 2.2.0 间接依赖 npm
regenerate 1.4.2 间接依赖 npm
@babel/plugin-transform-dotall-regex 7.23.3 间接依赖 npm
@babel/plugin-transform-optional-chaining 7.23.4 间接依赖 npm
uniq 1.0.1 间接依赖 npm
django 间接依赖 pip
esutils 2.0.3 间接依赖 npm
nanoid 3.3.7 直接依赖 npm
minimatch 3.0.4 间接依赖 npm
pug-attrs 2.0.4 间接依赖 npm
@babel/helper-annotate-as-pure 7.22.5 间接依赖 npm
@babel/code-frame 7.23.5 间接依赖 npm
is-glob 4.0.1 间接依赖 npm
unicode-match-property-value-ecmascript 2.1.0 间接依赖 npm
@babel/plugin-transform-computed-properties 7.23.3 间接依赖 npm
regjsparser 0.9.1 间接依赖 npm
loader-utils 0.2.17 间接依赖 npm
@babel/plugin-syntax-unicode-sets-regex 7.18.6 间接依赖 npm
@types/estree 1.0.0 间接依赖 npm
babel-plugin-polyfill-corejs2 0.4.7 间接依赖 npm
picomatch 2.3.1 间接依赖 npm
@babel/helper-compilation-targets 7.23.6 间接依赖 npm
@babel/compat-data 7.23.5 间接依赖 npm
@babel/plugin-proposal-private-property-in-object 7.21.0-placeholder-for-preset-env.2 间接依赖 npm
inflight 1.0.6 间接依赖 npm
@babel/plugin-transform-unicode-regex 7.23.3 间接依赖 npm
chalk 2.4.2 间接依赖 npm
sax 1.2.4 间接依赖 npm
@babel/plugin-transform-property-literals 7.23.3 间接依赖 npm
@rollup/plugin-node-resolve 15.2.3 直接依赖 npm
css 2.2.4 间接依赖 npm
css-selector-tokenizer 0.7.3 间接依赖 npm
@babel/helper-create-class-features-plugin 7.23.6 间接依赖 npm
babel-plugin-polyfill-corejs3 0.8.7 间接依赖 npm
@babel/plugin-transform-private-property-in-object 7.23.4 间接依赖 npm
@babel/plugin-syntax-nullish-coalescing-operator 7.8.3 间接依赖 npm
@babel/plugin-transform-block-scoped-functions 7.23.3 间接依赖 npm
@babel/helper-split-export-declaration 7.22.6 间接依赖 npm
resolve 1.22.1 间接依赖 npm
pug-lexer 4.1.0 间接依赖 npm
doctypes 1.1.0 间接依赖 npm
@babel/plugin-transform-parameters 7.23.3 间接依赖 npm
@babel/plugin-syntax-optional-chaining 7.8.3 间接依赖 npm
gensync 1.0.0-beta.2 间接依赖 npm
@babel/preset-modules 0.1.6-no-external-plugins 间接依赖 npm
@babel/plugin-syntax-class-properties 7.12.13 间接依赖 npm
pug-strip-comments 1.0.4 间接依赖 npm
@babel/helper-optimise-call-expression 7.22.5 间接依赖 npm
postcss-modules-scope 1.1.0 间接依赖 npm
ansi-regex 2.1.1 间接依赖 npm
@babel/helper-validator-identifier 7.22.20 间接依赖 npm
@babel/plugin-syntax-optional-catch-binding 7.8.3 间接依赖 npm
wrappy 1.0.2 间接依赖 npm
deepmerge 4.2.2 间接依赖 npm
@babel/plugin-transform-async-to-generator 7.23.3 间接依赖 npm
@babel/plugin-syntax-dynamic-import 7.8.3 间接依赖 npm
brace-expansion 1.1.11 间接依赖 npm
csstype 3.1.0 间接依赖 npm
@babel/generator 7.23.6 间接依赖 npm
@babel/core 7.23.7 直接依赖 npm
pseudomap 1.0.2 间接依赖 npm
object-assign 4.1.1 间接依赖 npm
@babel/plugin-transform-new-target 7.23.3 间接依赖 npm
pify 4.0.1 间接依赖 npm
@jridgewell/gen-mapping 0.1.1 间接依赖 npm
ms 2.0.0 间接依赖 npm
@babel/helper-create-regexp-features-plugin 7.22.15 间接依赖 npm
is-binary-path 2.1.0 间接依赖 npm
is-expression 3.0.0 间接依赖 npm
with 5.1.1 间接依赖 npm
@babel/helper-plugin-utils 7.22.5 间接依赖 npm
picocolors 1.0.0 间接依赖 npm
tslib 1.14.1 间接依赖 npm
@babel/plugin-transform-named-capturing-groups-regex 7.22.5 间接依赖 npm
semver 5.7.2 间接依赖 npm
@babel/plugin-transform-typeof-symbol 7.23.3 间接依赖 npm
fastparse 1.1.2 间接依赖 npm
@babel/helper-define-polyfill-provider 0.4.4 间接依赖 npm
rollup-pluginutils 2.8.2 间接依赖 npm
core-js-compat 3.35.0 间接依赖 npm
pug-code-gen 2.0.3 间接依赖 npm
mkdirp 1.0.4 间接依赖 npm
cssesc 3.0.0 间接依赖 npm
@types/babel-types 7.0.9 间接依赖 npm
vue-template-compiler 2.7.16 直接依赖 npm
globals 11.12.0 间接依赖 npm
@babel/traverse 7.23.7 间接依赖 npm
@vue/compiler-sfc 2.7.16 间接依赖 npm
bluebird 3.7.2 间接依赖 npm
@babel/plugin-transform-dynamic-import 7.23.4 间接依赖 npm
@babel/plugin-transform-modules-umd 7.23.3 间接依赖 npm
@babel/plugin-transform-object-rest-spread 7.23.4 间接依赖 npm
@babel/plugin-transform-modules-amd 7.23.3 间接依赖 npm
consolidate 0.15.1 间接依赖 npm
source-map-js 1.0.2 直接依赖 npm
glob-parent 5.1.2 间接依赖 npm
unicode-canonical-property-names-ecmascript 2.0.0 间接依赖 npm
jsesc 2.5.2 间接依赖 npm
vue-template-es2015-compiler 1.9.1 间接依赖 npm
regexpu-core 5.3.2 间接依赖 npm
clean-css 4.2.3 间接依赖 npm
lru-cache 4.1.5 间接依赖 npm
icss-replace-symbols 1.1.0 间接依赖 npm
escape-string-regexp 1.0.5 间接依赖 npm
is-core-module 2.11.0 间接依赖 npm
@babel/plugin-transform-literals 7.23.3 间接依赖 npm
update-browserslist-db 1.0.13 间接依赖 npm
pug-error 1.3.3 间接依赖 npm
@vue/component-compiler-utils 3.2.0 间接依赖 npm
make-dir 2.1.0 间接依赖 npm
ansi-styles 3.2.1 间接依赖 npm
@babel/plugin-transform-regenerator 7.23.3 间接依赖 npm
de-indent 1.0.2 间接依赖 npm
@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly 7.23.7 间接依赖 npm
@babel/helper-module-transforms 7.23.3 间接依赖 npm
copy-anything 2.0.3 间接依赖 npm
@babel/regjsgen 0.8.0 间接依赖 npm
less 3.13.1 间接依赖 npm
@babel/highlight 7.23.4 间接依赖 npm
@babel/plugin-transform-for-of 7.23.6 间接依赖 npm
image-size 0.5.5 间接依赖 npm
@jridgewell/resolve-uri 3.1.0 间接依赖 npm
@babel/plugin-syntax-async-generators 7.8.4 间接依赖 npm
@babel/plugin-transform-unicode-property-regex 7.23.3 间接依赖 npm
querystring 0.2.1 间接依赖 npm
merge-source-map 1.1.0 间接依赖 npm
urix 0.1.0 间接依赖 npm
@rollup/pluginutils 5.0.2 间接依赖 npm
hash-sum 1.0.2 间接依赖 npm
has-ansi 2.0.0 直接依赖 npm
is-regex 1.1.2 间接依赖 npm
@babel/plugin-syntax-class-static-block 7.14.5 间接依赖 npm
regenerator-transform 0.15.2 间接依赖 npm
pug-load 2.0.12 间接依赖 npm
string-hash 1.1.3 间接依赖 npm
@babel/plugin-transform-export-namespace-from 7.23.4 间接依赖 npm
@babel/plugin-transform-spread 7.23.3 间接依赖 npm
@babel/preset-env 7.23.7 直接依赖 npm
json5 0.5.1 间接依赖 npm
enchant 间接依赖 pip
@babel/plugin-transform-class-static-block 7.23.4 间接依赖 npm
postcss-selector-parser 6.0.4 间接依赖 npm
lodash.debounce 4.0.8 间接依赖 npm
@babel/helper-wrap-function 7.22.20 间接依赖 npm
regenerate-unicode-properties 10.1.0 间接依赖 npm
babel-types 6.26.0 间接依赖 npm
mime 1.6.0 间接依赖 npm
is-module 1.0.0 间接依赖 npm
postcss-modules-local-by-default 1.2.0 间接依赖 npm
@types/resolve 1.20.2 间接依赖 npm
@babel/plugin-transform-modules-systemjs 7.23.3 间接依赖 npm
@babel/helper-builder-binary-assignment-operator-visitor 7.22.15 间接依赖 npm
@babel/plugin-transform-private-methods 7.23.3 间接依赖 npm
@babel/helper-validator-option 7.23.5 间接依赖 npm
@babel/helper-string-parser 7.23.4 间接依赖 npm
@babel/helper-member-expression-to-functions 7.23.0 间接依赖 npm
is-builtin-module 3.2.1 间接依赖 npm
inherits 2.0.4 间接依赖 npm
function-bind 1.1.1 间接依赖 npm
magic-string 0.25.7 间接依赖 npm
unicode-match-property-ecmascript 2.0.0 间接依赖 npm
pug 2.0.4 间接依赖 npm
regenerator-runtime 0.11.1 间接依赖 npm
@jridgewell/sourcemap-codec 1.4.14 间接依赖 npm
(0)
上一篇 2024年1月29日
下一篇 2024年1月30日

相关推荐

  • YonghaoXu/RPNet 软件分析报告

    基础信息 项目名称:YonghaoXu/RPNet 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1720243277550104576/1720243277722071040 此报告由Murphysec提供 漏洞…

    软件分析 2023年11月3日
    0
  • hfg-gmuend/openmoji 软件分析报告

    基础信息 项目名称:hfg-gmuend/openmoji 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718574997433008128/1718574997474951168 此报告由Murphysec提…

    软件分析 2023年10月29日
    0
  • hotosm/tasking-manager 软件分析报告

    基础信息 项目名称:hotosm/tasking-manager 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718663704149098496/1718663704191041536 此报告由Murphys…

    软件分析 2023年10月30日
    0
  • google/uis-rnn 软件分析报告

    基础信息 项目名称:google/uis-rnn 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718294609556979712/1718294609632477184 此报告由Murphysec提供 漏洞列…

    软件分析 2023年10月28日
    0
  • caoym/phprs 软件分析报告

    基础信息 项目名称:caoym/phprs 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721052424386379776/1721052424428322816 此报告由Murphysec提供 漏洞列表 暂…

    软件分析 2023年11月5日
    0