基础信息
项目名称:Kevin234/PDF-Guru
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1755433463089205248/1755433463152119808
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| follow-redirects | 输入验证不恰当 | MPS-2023-5153 | CVE-2023-26159 | 高危 |
| Google Golang 资源管理错误漏洞 | 不加限制或调节的资源分配 | MPS-c8am-hbny | CVE-2023-39325 | 高危 |
| SSH协议前缀截断攻击(Terrapin攻击) | 安全相关信息的截断 | MPS-nv0f-qtib | CVE-2023-48795 | 中危 |
| Axios XSRF-TOKEN CSRF漏洞 | 侵犯隐私 | MPS-v3q7-sjd2 | CVE-2023-45857 | 高危 |
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| follow-redirects | 1.15.2 | 1.15.4 | 间接依赖 | 强烈建议修复 |
| axios | 1.4.0 | 1.6.0 | 间接依赖 | 建议修复 |
| golang.org/x/crypto | v0.1.0 | 0.17.0 | 间接依赖 | 建议修复 |
| golang.org/x/net | v0.7.0 | 0.17.0 | 间接依赖 | 可选修复 |
| postcss | 8.4.24 | 8.4.31 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 85 | 低 |
| BSD-3-Clause | 10 | 低 |
| ISC | 2 | 低 |
| Apache-2.0 | 3 | 低 |
| BSD-2-Clause | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/go-ole/go-ole | v1.2.6 | 间接依赖 | go |
| github.com/leaanthony/slicer | v1.5.0 | 间接依赖 | go |
| @ant-design/colors | 6.0.0 | 间接依赖 | npm |
| github.com/valyala/fasttemplate | v1.2.1 | 间接依赖 | go |
| @vue/reactivity-transform | 3.3.4 | 间接依赖 | npm |
| golang.org/x/text | v0.7.0 | 间接依赖 | go |
| PaddleOCR | 间接依赖 | pip | |
| golang.org/x/crypto | v0.1.0 | 间接依赖 | go |
| follow-redirects | 1.15.2 | 间接依赖 | npm |
| mime-db | 1.52.0 | 间接依赖 | npm |
| picocolors | 1.0.0 | 间接依赖 | npm |
| @ctrl/tinycolor | 3.6.0 | 间接依赖 | npm |
| estree-walker | 2.0.2 | 间接依赖 | npm |
| nanopop | 2.3.0 | 间接依赖 | npm |
| @ant-design/icons-svg | 4.2.1 | 间接依赖 | npm |
| github.com/tkrajina/go-reflector | v0.5.5 | 间接依赖 | go |
| pdfrw | 0.4 | 间接依赖 | pip |
| source-map-js | 1.0.2 | 间接依赖 | npm |
| vue3-colorpicker | 2.1.6 | 间接依赖 | npm |
| @vue/devtools-api | 6.5.0 | 间接依赖 | npm |
| @aesoper/normal-utils | 0.1.5 | 间接依赖 | npm |
| @vue/compiler-sfc | 3.3.4 | 间接依赖 | npm |
| @jridgewell/sourcemap-codec | 1.4.15 | 间接依赖 | npm |
| warning | 4.0.3 | 间接依赖 | npm |
| golang.org/x/exp | v0.0.0-20220303212507-bbda1eaf7a17 | 间接依赖 | go |
| github.com/labstack/echo/v4 | v4.9.0 | 间接依赖 | go |
| nanoid | 3.3.6 | 间接依赖 | npm |
| Union | 间接依赖 | pip | |
| v-perfect-signature | 1.2.1 | 间接依赖 | npm |
| github.com/wailsapp/wails/v2 | v2.5.1 | 直接依赖 | go |
| add_doc_background_by_image | 间接依赖 | pip | |
| resize-observer-polyfill | 1.5.1 | 间接依赖 | npm |
| golang.org/x/sys | v0.5.0 | 间接依赖 | go |
| lodash | 4.17.21 | 间接依赖 | npm |
| List | 间接依赖 | pip | |
| shallow-equal | 1.2.1 | 间接依赖 | npm |
| perfect-freehand | 1.2.0 | 间接依赖 | npm |
| golang.org/x/image | v0.5.0 | 间接依赖 | go |
| @types/web-bluetooth | 0.0.17 | 间接依赖 | npm |
| github.com/pkg/errors | v0.9.1 | 直接依赖 | go |
| compute-scroll-into-view | 1.0.20 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| @vue/compiler-core | 3.3.4 | 间接依赖 | npm |
| @babel/runtime | 7.22.5 | 间接依赖 | npm |
| golang.org/x/net | v0.7.0 | 间接依赖 | go |
| postcss | 8.4.24 | 间接依赖 | npm |
| @babel/parser | 7.22.5 | 间接依赖 | npm |
| github.com/leaanthony/gosod | v1.0.3 | 间接依赖 | go |
| github.com/bep/debounce | v1.2.1 | 间接依赖 | go |
| github.com/rivo/uniseg | v0.4.4 | 间接依赖 | go |
| loose-envify | 1.4.0 | 间接依赖 | npm |
| vue-demi | 0.14.5 | 间接依赖 | npm |
| async-validator | 4.2.5 | 间接依赖 | npm |
| vue | 3.3.4 | 间接依赖 | npm |
| dom-align | 1.12.4 | 间接依赖 | npm |
| github.com/google/uuid | v1.1.2 | 间接依赖 | go |
| github.com/mattn/go-runewidth | v0.0.14 | 间接依赖 | go |
| @vue/runtime-core | 3.3.4 | 间接依赖 | npm |
| asynckit | 0.4.0 | 间接依赖 | npm |
| delayed-stream | 1.0.0 | 间接依赖 | npm |
| lightvue | 1.5.1 | 间接依赖 | npm |
| github.com/pdfcpu/pdfcpu | v0.4.1 | 直接依赖 | go |
| github.com/samber/lo | v1.27.1 | 间接依赖 | go |
| @ant-design/icons-vue | 6.1.0 | 间接依赖 | npm |
| github.com/hhrutter/tiff | v1.0.0 | 间接依赖 | go |
| core-js | 3.31.0 | 间接依赖 | npm |
| github.com/labstack/gommon | v0.3.1 | 间接依赖 | go |
| gradient-parser | 1.0.2 | 间接依赖 | npm |
| @simonwep/pickr | 1.8.2 | 间接依赖 | npm |
| remove_header_and_footer | 间接依赖 | pip | |
| combined-stream | 1.0.8 | 间接依赖 | npm |
| is-plain-object | 3.0.1 | 间接依赖 | npm |
| tinycolor2 | 1.6.0 | 间接依赖 | npm |
| PPStructure | 间接依赖 | pip | |
| @vue/reactivity | 3.3.4 | 间接依赖 | npm |
| dom-scroll-into-view | 2.0.1 | 间接依赖 | npm |
| axios | 1.4.0 | 间接依赖 | npm |
| create_header_and_footer_mask | 间接依赖 | pip | |
| pinia | 2.1.4 | 间接依赖 | npm |
| @vueuse/metadata | 10.2.1 | 间接依赖 | npm |
| vue-types | 3.0.2 | 间接依赖 | npm |
| @vue/compiler-ssr | 3.3.4 | 间接依赖 | npm |
| github.com/mattn/go-isatty | v0.0.14 | 间接依赖 | go |
| @vueuse/shared | 10.2.1 | 间接依赖 | npm |
| mime-types | 2.1.35 | 间接依赖 | npm |
| scroll-into-view-if-needed | 2.2.31 | 间接依赖 | npm |
| array-tree-filter | 2.1.0 | 间接依赖 | npm |
| Tuple | 间接依赖 | pip | |
| github.com/pkg/browser | v0.0.0-20210706143420-7d21f8c997e2 | 间接依赖 | go |
| proxy-from-env | 1.1.0 | 间接依赖 | npm |
| github.com/wailsapp/mimetype | v1.4.1 | 间接依赖 | go |
| @vue/server-renderer | 3.3.4 | 间接依赖 | npm |
| @vue/compiler-dom | 3.3.4 | 间接依赖 | npm |
| @vue/shared | 3.3.4 | 间接依赖 | npm |
| @vue/runtime-dom | 3.3.4 | 间接依赖 | npm |
| github.com/valyala/bytebufferpool | v1.0.0 | 间接依赖 | go |
| github.com/leaanthony/go-ansi-parser | v1.0.1 | 间接依赖 | go |
| @vueuse/core | 10.2.1 | 间接依赖 | npm |
| dayjs | 1.11.8 | 间接依赖 | npm |
| csstype | 3.1.2 | 间接依赖 | npm |
| github.com/mattn/go-colorable | v0.1.11 | 间接依赖 | go |
| ant-design-vue | 3.2.20 | 间接依赖 | npm |
| regenerator-runtime | 0.13.11 | 间接依赖 | npm |
| vue-types | 4.2.1 | 间接依赖 | npm |
| magic-string | 0.30.0 | 间接依赖 | npm |
| form-data | 4.0.0 | 间接依赖 | npm |
| @popperjs/core | 2.11.8 | 间接依赖 | npm |
| gopkg.in/yaml.v2 | v2.4.0 | 间接依赖 | go |
| github.com/jchv/go-winloader | v0.0.0-20210711035445-715c2860da7e | 间接依赖 | go |
| lodash-es | 4.17.21 | 间接依赖 | npm |
| github.com/sirupsen/logrus | v1.9.3 | 直接依赖 | go |
| github.com/hhrutter/lzw | v1.0.0 | 间接依赖 | go |
| add_doc_background_by_color | 间接依赖 | pip |