基础信息
项目名称:thoughtbot/administrate
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1755494655994916864/1755494656087191552
此报告由Murphysec提供
漏洞列表
漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
---|---|---|---|---|
minimist 原型污染漏洞 | 原型污染 | MPS-2020-3516 | CVE-2020-7598 | 中危 |
minimist 安全漏洞 | 原型污染 | MPS-2021-38405 | CVE-2021-44906 | 严重 |
actioncable 存在信息暴露漏洞 | 未授权敏感信息泄露 | MPS-2022-15225 | 中危 | |
rack HTTP请求走私漏洞 | HTTP请求走私 | MPS-2022-15297 | 中危 |
缺陷组件
组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
---|---|---|---|---|
rack | 2.2.8 | 3.0.4.2 | 间接依赖 | 建议修复 |
minimist | 0.0.10 | 1.2.6 | 间接依赖 | 建议修复 |
actioncable | 7.0.7.2 | v7.1.0.beta1 | 间接依赖 | 可选修复 |
许可证风险
许可证类型 | 相关组件 | 许可证风险 |
---|---|---|
MIT | 124 | 低 |
BSD-3-Clause | 2 | 低 |
ISC | 16 | 低 |
Apache-2.0 | 2 | 低 |
CC0-1.0 | 2 | 低 |
Python-2.0 | 1 | 低 |
BSD-2-Clause | 2 | 低 |
SBOM清单
组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
---|---|---|---|
fastest-levenshtein | 1.0.16 | 间接依赖 | npm |
micromatch | 4.0.5 | 间接依赖 | npm |
has-flag | 4.0.0 | 间接依赖 | npm |
@babel/code-frame | 7.23.5 | 间接依赖 | npm |
rubocop-performance | 1.20.2 | 间接依赖 | bundler |
ansi-regex | 5.0.1 | 间接依赖 | npm |
database_cleaner-active_record | 2.1.0 | 间接依赖 | bundler |
rubocop-ast | 1.30.0 | 间接依赖 | bundler |
to-regex-range | 5.0.1 | 间接依赖 | npm |
mathml-tag-names | 2.1.3 | 间接依赖 | npm |
coderay | 1.1.3 | 间接依赖 | bundler |
string-width | 4.2.3 | 间接依赖 | npm |
stylelint-config-recommended-scss | 14.0.0 | 间接依赖 | npm |
rspec-support | 3.12.1 | 间接依赖 | bundler |
readdirp | 3.6.0 | 间接依赖 | npm |
websocket-extensions | 0.1.5 | 间接依赖 | bundler |
standard-performance | 1.3.1 | 间接依赖 | bundler |
parser | 3.2.2.4 | 间接依赖 | bundler |
dir-glob | 3.0.1 | 间接依赖 | npm |
chalk | 2.4.2 | 间接依赖 | npm |
global-modules | 2.0.0 | 间接依赖 | npm |
rubocop | 1.59.0 | 间接依赖 | bundler |
callsites | 3.1.0 | 间接依赖 | npm |
xpath | 3.2.0 | 间接依赖 | bundler |
color-name | 1.1.4 | 间接依赖 | npm |
jsbundling-rails | 1.3.0 | 间接依赖 | bundler |
is-fullwidth-code-point | 3.0.0 | 间接依赖 | npm |
source-map-js | 1.0.2 | 间接依赖 | npm |
braces | 3.0.2 | 间接依赖 | npm |
activesupport | 7.0.7.2 | 间接依赖 | bundler |
concurrent-ruby | 1.2.3 | 间接依赖 | bundler |
minimatch | 9.0.3 | 间接依赖 | npm |
selectize | 0.12.6 | 直接依赖 | npm |
fast-glob | 3.3.2 | 间接依赖 | npm |
hashdiff | 1.0.1 | 间接依赖 | bundler |
ansicolors | 0.2.1 | 间接依赖 | npm |
jackspeak | 2.3.6 | 间接依赖 | npm |
merge2 | 1.4.1 | 间接依赖 | npm |
kaminari-i18n | 0.5.0 | 间接依赖 | bundler |
picomatch | 2.3.1 | 间接依赖 | npm |
js-tokens | 4.0.0 | 间接依赖 | npm |
language_server-protocol | 3.17.0.3 | 间接依赖 | bundler |
foreground-child | 3.1.1 | 间接依赖 | npm |
kind-of | 6.0.3 | 间接依赖 | npm |
@nodelib/fs.scandir | 2.1.5 | 间接依赖 | npm |
@esbuild/android-x64 | 0.18.11 | 直接依赖 | npm |
postcss-resolve-nested-selector | 0.1.1 | 间接依赖 | npm |
@pkgjs/parseargs | 0.11.0 | 直接依赖 | npm |
globby | 11.1.0 | 间接依赖 | npm |
activestorage | 7.0.7.2 | 间接依赖 | bundler |
stylelint-order | 6.0.4 | 间接依赖 | npm |
standard-custom | 1.0.2 | 间接依赖 | bundler |
@esbuild/win32-x64 | 0.18.11 | 直接依赖 | npm |
fastq | 1.17.0 | 间接依赖 | npm |
net-protocol | 0.2.1 | 间接依赖 | bundler |
parse-json | 5.2.0 | 间接依赖 | npm |
colord | 2.9.3 | 间接依赖 | npm |
lodash | 4.17.21 | 间接依赖 | npm |
imurmurhash | 0.1.4 | 间接依赖 | npm |
faker | 3.2.3 | 间接依赖 | bundler |
i18n-tasks | 1.0.13 | 间接依赖 | bundler |
json-buffer | 3.0.1 | 间接依赖 | npm |
@csstools/css-parser-algorithms | 2.5.0 | 间接依赖 | npm |
@csstools/selector-specificity | 3.0.1 | 间接依赖 | npm |
ruby-progressbar | 1.13.0 | 间接依赖 | bundler |
websocket-driver | 0.7.5 | 间接依赖 | bundler |
rspec-rails | 6.1.0 | 间接依赖 | bundler |
humanize | 0.0.9 | 间接依赖 | npm |
pundit | 2.3.1 | 间接依赖 | bundler |
@esbuild/netbsd-x64 | 0.18.11 | 直接依赖 | npm |
mini_mime | 1.1.5 | 间接依赖 | bundler |
date | 3.3.3 | 间接依赖 | bundler |
standard | 1.33.0 | 间接依赖 | bundler |
rack | 2.2.8 | 间接依赖 | bundler |
net-smtp | 0.3.3 | 间接依赖 | bundler |
pry | 0.14.2 | 间接依赖 | bundler |
nanoid | 3.3.7 | 间接依赖 | npm |
rexml | 3.2.6 | 间接依赖 | bundler |
smart_properties | 1.17.0 | 间接依赖 | bundler |
require-from-string | 2.0.2 | 间接依赖 | npm |
redeyed | 1.0.1 | 间接依赖 | npm |
uglifier | 4.2.0 | 间接依赖 | bundler |
@esbuild/linux-riscv64 | 0.18.11 | 直接依赖 | npm |
diff-lcs | 1.5.0 | 间接依赖 | bundler |
fill-range | 7.0.1 | 间接依赖 | npm |
run-parallel | 1.2.0 | 间接依赖 | npm |
slice-ansi | 4.0.0 | 间接依赖 | npm |
esbuild | 0.18.11 | 直接依赖 | npm |
jquery-ujs | 1.2.3 | 直接依赖 | npm |
mdn-data | 2.0.30 | 间接依赖 | npm |
ansi-styles | 3.2.1 | 间接依赖 | npm |
error-ex | 1.3.2 | 间接依赖 | npm |
minimist | 0.0.10 | 间接依赖 | npm |
@esbuild/openbsd-x64 | 0.18.11 | 直接依赖 | npm |
rails-i18n | 7.0.8 | 间接依赖 | bundler |
cardinal | 1.0.0 | 间接依赖 | npm |
better_html | 2.0.2 | 间接依赖 | bundler |
supports-color | 5.5.0 | 间接依赖 | npm |
unicorn | 6.1.0 | 间接依赖 | bundler |
ini | 1.3.8 | 间接依赖 | npm |
kaminari-activerecord | 1.2.2 | 间接依赖 | bundler |
regexp_parser | 2.9.0 | 间接依赖 | bundler |
administrate | 间接依赖 | bundler | |
i18n | 1.14.1 | 间接依赖 | bundler |
async | 2.6.4 | 间接依赖 | npm |
jquery | 3.7.0 | 直接依赖 | npm |
racc | 1.7.3 | 间接依赖 | bundler |
binary-extensions | 2.2.0 | 间接依赖 | npm |
util-deprecate | 1.0.2 | 间接依赖 | npm |
launchy | 2.5.2 | 间接依赖 | bundler |
slash | 3.0.0 | 间接依赖 | npm |
postcss | 8.4.33 | 间接依赖 | npm |
postcss-value-parser | 4.2.0 | 间接依赖 | npm |
supports-color | 7.2.0 | 间接依赖 | npm |
ms | 2.1.2 | 间接依赖 | npm |
debug | 4.3.4 | 间接依赖 | npm |
which | 1.3.1 | 间接依赖 | npm |
wordwrap | 0.0.3 | 间接依赖 | npm |
loofah | 2.22.0 | 间接依赖 | bundler |
@esbuild/android-arm | 0.18.11 | 直接依赖 | npm |
resolve-from | 5.0.0 | 间接依赖 | npm |
@esbuild/linux-x64 | 0.18.11 | 直接依赖 | npm |
matrix | 0.4.2 | 间接依赖 | bundler |
actionmailbox | 7.0.7.2 | 间接依赖 | bundler |
nokogiri | 1.16.2 | 间接依赖 | bundler |
postcss-sorting | 8.0.2 | 间接依赖 | npm |
@esbuild/win32-arm64 | 0.18.11 | 直接依赖 | npm |
nio4r | 2.5.9 | 间接依赖 | bundler |
capybara | 3.40.0 | 间接依赖 | bundler |
zeitwerk | 2.6.12 | 间接依赖 | bundler |
flatted | 3.2.9 | 间接依赖 | npm |
@nodelib/fs.walk | 1.2.8 | 间接依赖 | npm |
parent-module | 1.0.1 | 间接依赖 | npm |
@esbuild/android-arm64 | 0.18.11 | 直接依赖 | npm |
actionview | 7.0.7.2 | 间接依赖 | bundler |
postcss-safe-parser | 7.0.0 | 间接依赖 | npm |
execjs | 2.8.1 | 间接依赖 | bundler |
is-binary-path | 2.1.0 | 间接依赖 | npm |
@csstools/css-tokenizer | 2.2.3 | 间接依赖 | npm |
rspec-mocks | 3.12.6 | 间接依赖 | bundler |
table | 6.8.1 | 间接依赖 | npm |
ansi-regex | 6.0.1 | 间接依赖 | npm |
@nodelib/fs.stat | 2.0.5 | 间接依赖 | npm |
@esbuild/linux-arm | 0.18.11 | 直接依赖 | npm |
net-imap | 0.3.6 | 间接依赖 | bundler |
database_cleaner-core | 2.0.1 | 间接依赖 | bundler |
immutable | 4.3.0 | 间接依赖 | npm |
optimist | 0.6.1 | 间接依赖 | npm |
globalid | 1.2.1 | 间接依赖 | bundler |
lint_roller | 1.1.0 | 间接依赖 | bundler |
@esbuild/freebsd-x64 | 0.18.11 | 直接依赖 | npm |
anymatch | 3.1.3 | 间接依赖 | npm |
actionpack | 7.0.7.2 | 间接依赖 | bundler |
kaminari-actionview | 1.2.2 | 间接依赖 | bundler |
env-paths | 2.2.1 | 间接依赖 | npm |
erubi | 1.12.0 | 间接依赖 | bundler |
isexe | 2.0.0 | 间接依赖 | npm |
minitest | 5.21.2 | 间接依赖 | bundler |
stylelint-scss | 6.1.0 | 间接依赖 | npm |
actioncable | 7.0.7.2 | 间接依赖 | bundler |
database_cleaner | 2.0.2 | 间接依赖 | bundler |
kaminari | 1.2.2 | 间接依赖 | bundler |
rake | 13.1.0 | 间接依赖 | bundler |
is-arrayish | 0.2.1 | 间接依赖 | npm |
kgio | 2.11.4 | 间接依赖 | bundler |
known-css-properties | 0.29.0 | 间接依赖 | npm |
mini_portile2 | 2.8.5 | 间接依赖 | bundler |
array-union | 2.1.0 | 间接依赖 | npm |
selenium-webdriver | 4.17.0 | 间接依赖 | bundler |
punycode | 2.3.1 | 间接依赖 | npm |
postcss-scss | 4.0.9 | 间接依赖 | npm |
file-entry-cache | 8.0.0 | 间接依赖 | npm |
@babel/highlight | 7.23.4 | 间接依赖 | npm |
lines-and-columns | 1.2.4 | 间接依赖 | npm |
actiontext | 7.0.7.2 | 间接依赖 | bundler |
builder | 3.2.4 | 间接依赖 | bundler |
postcss-selector-parser | 6.0.15 | 间接依赖 | npm |
actionmailer | 7.0.7.2 | 间接依赖 | bundler |
raindrops | 0.20.1 | 间接依赖 | bundler |
strip-ansi | 6.0.1 | 间接依赖 | npm |
@thoughtbot/stylelint-config | 4.0.0 | 直接依赖 | npm |
marcel | 1.0.2 | 间接依赖 | bundler |
railties | 7.0.7.2 | 间接依赖 | bundler |
picocolors | 1.0.0 | 间接依赖 | npm |
csv-parse | 4.16.3 | 间接依赖 | npm |
ammeter | 1.1.6 | 间接依赖 | bundler |
@esbuild/linux-ia32 | 0.18.11 | 直接依赖 | npm |
js-yaml | 4.1.0 | 间接依赖 | npm |
rubyzip | 2.3.2 | 间接依赖 | bundler |
ast | 2.4.2 | 间接依赖 | bundler |
path-type | 4.0.0 | 间接依赖 | npm |
@babel/helper-validator-identifier | 7.22.20 | 间接依赖 | npm |
stylelint-config-standard-scss | 13.0.0 | 间接依赖 | npm |
css-functions-list | 3.2.1 | 间接依赖 | npm |
rimraf | 5.0.5 | 间接依赖 | npm |
cosmiconfig | 9.0.0 | 间接依赖 | npm |
resolve-from | 4.0.0 | 间接依赖 | npm |
stylelint-declaration-block-no-ignored-properties | 2.8.0 | 间接依赖 | npm |
dotenv | 2.8.1 | 间接依赖 | bundler |
write-file-atomic | 5.0.1 | 间接依赖 | npm |
import-fresh | 3.3.0 | 间接依赖 | npm |
timeout | 0.4.0 | 间接依赖 | bundler |
crack | 0.4.5 | 间接依赖 | bundler |
glob | 10.3.10 | 间接依赖 | npm |
sprockets | 4.2.0 | 间接依赖 | bundler |
astral-regex | 2.0.0 | 间接依赖 | npm |
minipass | 7.0.4 | 间接依赖 | npm |
ignore | 5.3.1 | 间接依赖 | npm |
webmock | 3.19.1 | 间接依赖 | bundler |
rails | 7.0.7.2 | 间接依赖 | bundler |
tzinfo | 2.0.6 | 间接依赖 | bundler |
meow | 13.1.0 | 间接依赖 | npm |
json | 2.7.1 | 间接依赖 | bundler |
rails-dom-testing | 2.2.0 | 间接依赖 | bundler |
2.8.1 | 间接依赖 | bundler | |
appraisal | 2.5.0 | 间接依赖 | bundler |
highline | 2.1.0 | 间接依赖 | bundler |
@esbuild/sunos-x64 | 0.18.11 | 直接依赖 | npm |
@esbuild/linux-loong64 | 0.18.11 | 直接依赖 | npm |
argparse | 2.0.1 | 间接依赖 | npm |
stylelint-config-recommended | 14.0.0 | 间接依赖 | npm |
net-pop | 0.1.2 | 间接依赖 | bundler |
@esbuild/darwin-arm64 | 0.18.11 | 直接依赖 | npm |
addressable | 2.8.6 | 间接依赖 | bundler |
fast-deep-equal | 3.1.3 | 间接依赖 | npm |
cssesc | 3.0.0 | 间接依赖 | npm |
rails-html-sanitizer | 1.6.0 | 间接依赖 | bundler |
global-prefix | 3.0.0 | 间接依赖 | npm |
globjoin | 0.1.4 | 间接依赖 | npm |
dotenv-rails | 2.8.1 | 间接依赖 | bundler |
reusify | 1.0.4 | 间接依赖 | npm |
factory_bot | 6.4.5 | 间接依赖 | bundler |
unicode-display_width | 2.5.0 | 间接依赖 | bundler |
esprima | 3.0.0 | 间接依赖 | npm |
lodash.truncate | 4.4.2 | 间接依赖 | npm |
css-tree | 2.3.1 | 间接依赖 | npm |
ansi-styles | 4.3.0 | 间接依赖 | npm |
sentry-ruby | 5.16.1 | 间接依赖 | bundler |
signal-exit | 4.1.0 | 间接依赖 | npm |
rspec-core | 3.12.2 | 间接依赖 | bundler |
formulaic | 0.4.1 | 间接依赖 | bundler |
activerecord | 7.0.7.2 | 间接依赖 | bundler |
terminal-table | 3.0.2 | 间接依赖 | bundler |
is-extglob | 2.1.1 | 间接依赖 | npm |
@esbuild/linux-mips64el | 0.18.11 | 直接依赖 | npm |
svg-tags | 1.0.0 | 间接依赖 | npm |
keyv | 4.5.4 | 间接依赖 | npm |
chokidar | 3.5.3 | 间接依赖 | npm |
glob-parent | 5.1.2 | 间接依赖 | npm |
json-parse-even-better-errors | 2.3.1 | 间接依赖 | npm |
microplugin | 0.0.3 | 间接依赖 | npm |
parallel | 1.24.0 | 间接依赖 | bundler |
is-plain-object | 5.0.0 | 间接依赖 | npm |
sentry-rails | 5.16.1 | 间接依赖 | bundler |
fsevents | 2.3.2 | 直接依赖 | npm |
json-schema-traverse | 1.0.0 | 间接依赖 | npm |
stylelint-config-standard | 36.0.0 | 间接依赖 | npm |
factory_bot_rails | 6.4.3 | 间接依赖 | bundler |
rainbow | 3.1.1 | 间接依赖 | bundler |
administrate-field-image | 1.2.0 | 间接依赖 | bundler |
activemodel | 7.0.7.2 | 间接依赖 | bundler |
@csstools/media-query-list-parser | 2.1.7 | 间接依赖 | npm |
flat-cache | 4.0.0 | 间接依赖 | npm |
sprockets-rails | 3.4.2 | 间接依赖 | bundler |
path-scurry | 1.10.1 | 间接依赖 | npm |
activejob | 7.0.7.2 | 间接依赖 | bundler |
kaminari-core | 1.2.2 | 间接依赖 | bundler |
html-tags | 3.3.1 | 间接依赖 | npm |
method_source | 1.0.0 | 间接依赖 | bundler |
uri-js | 4.4.1 | 间接依赖 | npm |
sass | 1.63.6 | 直接依赖 | npm |
postcss-media-query-parser | 0.2.3 | 间接依赖 | npm |
crass | 1.0.6 | 间接依赖 | bundler |
@esbuild/win32-ia32 | 0.18.11 | 直接依赖 | npm |
stylelint | 16.2.1 | 直接依赖 | npm |
ajv | 8.12.0 | 间接依赖 | npm |
bundler | 间接依赖 | bundler | |
@esbuild/linux-arm64 | 0.18.11 | 直接依赖 | npm |
color-convert | 2.0.1 | 间接依赖 | npm |
is-number | 7.0.0 | 间接依赖 | npm |
@esbuild/freebsd-arm64 | 0.18.11 | 直接依赖 | npm |
supports-hyperlinks | 3.0.0 | 间接依赖 | npm |
shoulda-matchers | 6.1.0 | 间接依赖 | bundler |
queue-microtask | 1.2.3 | 间接依赖 | npm |
normalize-path | 3.0.0 | 间接依赖 | npm |
cssbundling-rails | 1.4.0 | 间接依赖 | bundler |
rack-test | 2.1.0 | 间接依赖 | bundler |
@esbuild/linux-ppc64 | 0.18.11 | 直接依赖 | npm |
balanced-match | 2.0.0 | 间接依赖 | npm |
rspec-expectations | 3.12.3 | 间接依赖 | bundler |
emoji-regex | 8.0.0 | 间接依赖 | npm |
strip-ansi | 7.1.0 | 间接依赖 | npm |
thor | 1.3.0 | 间接依赖 | bundler |
@esbuild/darwin-x64 | 0.18.11 | 直接依赖 | npm |
sifter | 0.5.4 | 间接依赖 | npm |
escape-string-regexp | 1.0.5 | 间接依赖 | npm |
public_suffix | 5.0.4 | 间接依赖 | bundler |
base64 | 0.2.0 | 间接依赖 | bundler |
@esbuild/linux-s390x | 0.18.11 | 直接依赖 | npm |
websocket | 1.2.10 | 间接依赖 | bundler |
is-glob | 4.0.3 | 间接依赖 | npm |