基础信息
项目名称:rapidpro/rapidpro
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1755530696136593408/1755530697436827648
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| nanoid | 不正确的类型转换 | MPS-2021-19605 | CVE-2021-23566 | 中危 |
| minimist 安全漏洞 | 原型污染 | MPS-2021-38405 | CVE-2021-44906 | 严重 |
| jasmine-core 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-12948 | 低危 | |
| terser 安全漏洞 | ReDoS | MPS-2022-5145 | CVE-2022-25858 | 高危 |
| node-semver 安全漏洞 | ReDoS | MPS-2022-5166 | CVE-2022-25883 | 高危 |
| minimatch 资源管理错误漏洞 | 拒绝服务 | MPS-2022-59845 | CVE-2022-3517 | 高危 |
| Luxon 存在Redos漏洞 | ReDoS | MPS-2022-69796 | CVE-2023-22467 | 中危 |
| Webpack 安全漏洞 | MPS-2023-7721 | CVE-2023-28154 | 严重 | |
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| minimist | 1.2.5 | 1.2.6 | 间接依赖 | 建议修复 |
| webpack | 5.37.1 | 5.76.0 | 直接依赖 | 建议修复 |
| nanoid | 3.1.23 | 3.1.31 | 间接依赖 | 建议修复 |
| minimatch | 3.0.4 | 3.0.5 | 间接依赖 | 建议修复 |
| terser | 5.7.0 | 5.14.2 | 间接依赖 | 建议修复 |
| semver | 7.3.5 | 7.5.2 | 间接依赖 | 可选修复 |
| jasmine-core | 2.5.0 | 3.1.0 | 直接依赖 | 可选修复 |
| luxon | 2.4.0 | 2.5.2 | 间接依赖 | 可选修复 |
| postcss | 8.3.0 | 8.4.31 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| ISC | 13 | 低 |
| MIT | 161 | 低 |
| BSD-3-Clause | 13 | 低 |
| AGPL-3.0 | 1 | 高 |
| BSD-2-Clause | 8 | 低 |
| 自定义许可证 | 2 | 低 |
| Apache | 1 | 低 |
| Apache-2.0 | 6 | 低 |
| Unlicense | 2 | 低 |
| 0BSD | 1 | 低 |
| LGPL-3.0 | 1 | 中 |
| LGPL-3.0-only | 1 | 低 |
| CC-BY-4.0 | 1 | 低 |
| AGPL-3.0-only | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| asdict | 间接依赖 | pip | |
| BaseClaimNumberMixin | 间接依赖 | pip | |
| inflight | 1.0.6 | 间接依赖 | npm |
| @webassemblyjs/wast-printer | 1.11.0 | 间接依赖 | npm |
| watchpack | 2.2.0 | 间接依赖 | npm |
| function-bind | 1.1.1 | 间接依赖 | npm |
| promise | 7.3.1 | 间接依赖 | npm |
| parse_qs | 间接依赖 | pip | |
| balanced-match | 1.0.2 | 间接依赖 | npm |
| PredictionClient | 间接依赖 | pip | |
| color-convert | 1.9.3 | 间接依赖 | npm |
| inherits | 2.0.4 | 间接依赖 | npm |
| ContactImport | 间接依赖 | pip | |
| asap | 2.0.6 | 间接依赖 | npm |
| Index | 间接依赖 | pip | |
| postcss-import | 14.0.2 | 直接依赖 | npm |
| sprintf-js | 1.0.3 | 间接依赖 | npm |
| UpdateTelChannelForm | 间接依赖 | pip | |
| @nyaruka/flow-editor | 1.18.2 | 直接依赖 | npm |
| @types/eslint-scope | 3.7.0 | 间接依赖 | npm |
| ajv | 6.12.6 | 间接依赖 | npm |
| mime-types | 2.1.30 | 间接依赖 | npm |
| leaflet | 1.5.1 | 间接依赖 | npm |
| Channel | 间接依赖 | pip | |
| schema-utils | 3.0.0 | 间接依赖 | npm |
| minimist | 1.2.5 | 间接依赖 | npm |
| detective | 5.2.0 | 间接依赖 | npm |
| mkdirp | 0.5.5 | 间接依赖 | npm |
| ExportContactsTask | 间接依赖 | pip | |
| TwilioException | 间接依赖 | pip | |
| smartmin | 间接依赖 | pip | |
| json-schema-traverse | 0.4.1 | 间接依赖 | npm |
| source-map-support | 0.5.19 | 间接依赖 | npm |
| mixins | 间接依赖 | pip | |
| xtend | 4.0.2 | 间接依赖 | npm |
| jest-worker | 26.6.2 | 间接依赖 | npm |
| path-type | 4.0.0 | 间接依赖 | npm |
| uri-js | 4.4.1 | 间接依赖 | npm |
| ContactField | 间接依赖 | pip | |
| OrgRole | 间接依赖 | pip | |
| resolve | 1.20.0 | 间接依赖 | npm |
| AuthoringClient | 间接依赖 | pip | |
| ignore_logger | 间接依赖 | pip | |
| fraction.js | 4.1.1 | 间接依赖 | npm |
| @webassemblyjs/helper-buffer | 1.11.0 | 间接依赖 | npm |
| ClaimView | 间接依赖 | pip | |
| object-assign | 4.1.1 | 间接依赖 | npm |
| source-list-map | 2.0.1 | 间接依赖 | npm |
| HttpResponse | 间接依赖 | pip | |
| SmartReadView | 间接依赖 | pip | |
| truncate | 间接依赖 | pip | |
| AuthenticatedExternalCallbackClaimView | 间接依赖 | pip | |
| import-fresh | 3.3.0 | 间接依赖 | npm |
| didyoumean | 1.2.1 | 间接依赖 | npm |
| SmartTemplateView | 间接依赖 | pip | |
| BaseCommand | 间接依赖 | pip | |
| simple-swizzle | 0.2.2 | 间接依赖 | npm |
| twilio | 间接依赖 | pip | |
| is_uuid | 间接依赖 | pip | |
| tiny-lru | 8.0.2 | 间接依赖 | npm |
| randombytes | 2.1.0 | 间接依赖 | npm |
| ContactURN | 间接依赖 | pip | |
| acorn-node | 1.8.2 | 间接依赖 | npm |
| MockEventStream | 间接依赖 | pip | |
| wrappy | 1.0.2 | 间接依赖 | npm |
| marked | 4.0.10 | 间接依赖 | npm |
| argparse | 1.0.10 | 间接依赖 | npm |
| lodash | 4.17.21 | 间接依赖 | npm |
| lit-element | 2.5.1 | 间接依赖 | npm |
| @babel/helper-validator-identifier | 7.14.0 | 间接依赖 | npm |
| Count | 间接依赖 | pip | |
| @webassemblyjs/ieee754 | 1.11.0 | 间接依赖 | npm |
| @babel/highlight | 7.14.0 | 间接依赖 | npm |
| django_redis | 间接依赖 | pip | |
| tapable | 2.2.0 | 间接依赖 | npm |
| generics | 间接依赖 | pip | |
| graceful-fs | 4.2.6 | 间接依赖 | npm |
| Intent | 间接依赖 | pip | |
| es-module-lexer | 0.4.1 | 间接依赖 | npm |
| @xtuc/ieee754 | 1.2.0 | 间接依赖 | npm |
| highlight.js | 10.7.2 | 间接依赖 | npm |
| terser-webpack-plugin | 5.1.2 | 间接依赖 | npm |
| @babel/code-frame | 7.12.13 | 间接依赖 | npm |
| ChannelType | 间接依赖 | pip | |
| path-parse | 1.0.7 | 间接依赖 | npm |
| connection | 间接依赖 | pip | |
| image-size | 0.9.7 | 间接依赖 | npm |
| InputWidget | 间接依赖 | pip | |
| CommandError | 间接依赖 | pip | |
| mock_open | 间接依赖 | pip | |
| @fullhuman/postcss-purgecss | 3.1.3 | 间接依赖 | npm |
| color-name | 1.1.3 | 间接依赖 | npm |
| queue-microtask | 1.2.3 | 直接依赖 | npm |
| cosmiconfig | 7.0.0 | 间接依赖 | npm |
| error-ex | 1.3.2 | 间接依赖 | npm |
| reverse | 间接依赖 | pip | |
| color | 3.1.3 | 间接依赖 | npm |
| postcss-js | 3.0.3 | 间接依赖 | npm |
| TwilioRestException | 间接依赖 | pip | |
| jsonfile | 6.1.0 | 间接依赖 | npm |
| TreeForeignKey | 间接依赖 | pip | |
| ClearSessionToken | 间接依赖 | pip | |
| SmartminTest | 间接依赖 | pip | |
| SmartModelActionView | 间接依赖 | pip | |
| parent-module | 1.0.1 | 间接依赖 | npm |
| @webassemblyjs/helper-wasm-section | 1.11.0 | 间接依赖 | npm |
| fast-json-stable-stringify | 2.1.0 | 间接依赖 | npm |
| postcss-selector-parser | 6.0.6 | 间接依赖 | npm |
| humanize-duration-ts | 2.1.1 | 间接依赖 | npm |
| packaging | 间接依赖 | pip | |
| MPTTModel | 间接依赖 | pip | |
| re_path | 间接依赖 | pip | |
| LoggingIntegration | 间接依赖 | pip | |
| Contact | 间接依赖 | pip | |
| color-string | 1.5.5 | 间接依赖 | npm |
| @types/trusted-types | 2.0.2 | 直接依赖 | npm |
| p-limit | 3.1.0 | 间接依赖 | npm |
| @webassemblyjs/wasm-edit | 1.11.0 | 间接依赖 | npm |
| safe-buffer | 5.2.1 | 间接依赖 | npm |
| source-map | 0.5.7 | 间接依赖 | npm |
| Engine | 间接依赖 | pip | |
| at-least-node | 1.0.0 | 间接依赖 | npm |
| @webassemblyjs/leb128 | 1.11.0 | 间接依赖 | npm |
| fast-deep-equal | 3.1.3 | 间接依赖 | npm |
| ClaimViewMixin | 间接依赖 | pip | |
| lit-html | 1.4.1 | 间接依赖 | npm |
| HttpResponseRedirect | 间接依赖 | pip | |
| JSONField | 间接依赖 | pip | |
| object-hash | 2.2.0 | 间接依赖 | npm |
| Org | 间接依赖 | pip | |
| prr | 1.0.1 | 间接依赖 | npm |
| random_string | 间接依赖 | pip | |
| Group | 间接依赖 | pip | |
| Notification | 间接依赖 | pip | |
| Client | 间接依赖 | pip | |
| jsonlgz_iterate | 间接依赖 | pip | |
| reduce-css-calc | 2.1.8 | 间接依赖 | npm |
| DependencyMixin | 间接依赖 | pip | |
| status | 间接依赖 | pip | |
| @webassemblyjs/ast | 1.11.0 | 间接依赖 | npm |
| yallist | 4.0.0 | 间接依赖 | npm |
| punycode | 2.1.1 | 间接依赖 | npm |
| webpack-sources | 2.2.0 | 间接依赖 | npm |
| MultiPolygon | 间接依赖 | pip | |
| @webassemblyjs/wasm-parser | 1.11.0 | 间接依赖 | npm |
| html-tags | 3.1.0 | 间接依赖 | npm |
| terser | 5.7.0 | 间接依赖 | npm |
| uuid4 | 间接依赖 | pip | |
| @webassemblyjs/floating-point-hex-parser | 1.11.0 | 间接依赖 | npm |
| AuthenticatedExternalClaimView | 间接依赖 | pip | |
| less | 2.7.1 | 直接依赖 | npm |
| source-map-js | 0.6.2 | 间接依赖 | npm |
| CalledProcessError | 间接依赖 | pip | |
| estraverse | 4.3.0 | 间接依赖 | npm |
| @types/estree | 0.0.47 | 间接依赖 | npm |
| geojson | 0.5.0 | 间接依赖 | npm |
| json-parse-even-better-errors | 2.3.1 | 间接依赖 | npm |
| postcss-functions | 3.0.0 | 间接依赖 | npm |
| is-arrayish | 0.2.1 | 间接依赖 | npm |
| init | 间接依赖 | pip | |
| @lit/reactive-element | 1.4.1 | 间接依赖 | npm |
| once | 1.4.0 | 间接依赖 | npm |
| webpack | 5.37.1 | 直接依赖 | npm |
| JsonResponse | 间接依赖 | pip | |
| ResthookSubscriber | 间接依赖 | pip | |
| electron-to-chromium | 1.3.739 | 间接依赖 | npm |
| jasmine-core | 2.5.0 | 直接依赖 | npm |
| @xtuc/long | 4.2.2 | 间接依赖 | npm |
| @types/json-schema | 7.0.7 | 间接依赖 | npm |
| override_settings | 间接依赖 | pip | |
| enhanced-resolve | 5.8.2 | 间接依赖 | npm |
| watch | 0.13.0 | 直接依赖 | npm |
| APIToken | 间接依赖 | pip | |
| robloach/component-installer | * | 间接依赖 | composer |
| mime-db | 1.47.0 | 间接依赖 | npm |
| @webassemblyjs/helper-api-error | 1.11.0 | 间接依赖 | npm |
| exceptions | 间接依赖 | pip | |
| PropertyMock | 间接依赖 | pip | |
| lines-and-columns | 1.1.6 | 间接依赖 | npm |
| User | 间接依赖 | pip | |
| eslint-scope | 5.1.1 | 间接依赖 | npm |
| glob-to-regexp | 0.4.1 | 间接依赖 | npm |
| patch | 间接依赖 | pip | |
| HttpResponseForbidden | 间接依赖 | pip | |
| chalk | 2.4.2 | 间接依赖 | npm |
| cssesc | 3.0.0 | 间接依赖 | npm |
| @webassemblyjs/wasm-opt | 1.11.0 | 间接依赖 | npm |
| Lower | 间接依赖 | pip | |
| commander | 6.2.1 | 间接依赖 | npm |
| node-emoji | 1.10.0 | 间接依赖 | npm |
| @fortawesome/fontawesome-free | 5.15.3 | 间接依赖 | npm |
| modern-normalize | 1.1.0 | 间接依赖 | npm |
| Sum | 间接依赖 | pip | |
| timedelta | 间接依赖 | pip | |
| lit | 2.2.0 | 间接依赖 | npm |
| SelectWidget | 间接依赖 | pip | |
| Fore | 间接依赖 | pip | |
| postcss-nested | 5.0.5 | 间接依赖 | npm |
| fa-icons | 0.2.0 | 直接依赖 | npm |
| tslib | 1.14.1 | 间接依赖 | npm |
| postcss | 8.3.0 | 间接依赖 | npm |
| TembaTest | 间接依赖 | pip | |
| ClientError | 间接依赖 | pip | |
| SmartminTestMixin | 间接依赖 | pip | |
| @types/eslint | 7.2.11 | 间接依赖 | npm |
| HTTPServer | 间接依赖 | pip | |
| ClassifierType | 间接依赖 | pip | |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| Context | 间接依赖 | pip | |
| @types/node | 15.6.1 | 间接依赖 | npm |
| bower | 1.8.8 | 直接依赖 | npm |
| chrome-trace-event | 1.0.3 | 间接依赖 | npm |
| models | 间接依赖 | pip | |
| colorette | 1.2.2 | 间接依赖 | npm |
| read-cache | 1.0.0 | 间接依赖 | npm |
| defined | 1.0.0 | 间接依赖 | npm |
| bytes | 3.1.0 | 间接依赖 | npm |
| parse-json | 5.2.0 | 间接依赖 | npm |
| postcss-simple-vars | 6.0.3 | 直接依赖 | npm |
| node-releases | 1.1.72 | 间接依赖 | npm |
| semver | 7.3.5 | 间接依赖 | npm |
| yaml | 1.10.2 | 间接依赖 | npm |
| glob | 7.1.7 | 间接依赖 | npm |
| UpdateChannelForm | 间接依赖 | pip | |
| queue | 6.0.2 | 间接依赖 | npm |
| has-flag | 3.0.0 | 间接依赖 | npm |
| purgecss | 3.1.3 | 间接依赖 | npm |
| escape-string-regexp | 1.0.5 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| resolve-from | 4.0.0 | 间接依赖 | npm |
| yocto-queue | 0.1.0 | 间接依赖 | npm |
| fs.realpath | 1.0.0 | 间接依赖 | npm |
| normalize-range | 0.1.2 | 间接依赖 | npm |
| react | 16.13.1 | 间接依赖 | npm |
| get_connection | 间接依赖 | pip | |
| merge-stream | 2.0.0 | 间接依赖 | npm |
| supports-color | 5.5.0 | 间接依赖 | npm |
| SmartView | 间接依赖 | pip | |
| pretty-hrtime | 1.0.3 | 间接依赖 | npm |
| ansi-styles | 3.2.1 | 间接依赖 | npm |
| escalade | 3.1.1 | 间接依赖 | npm |
| autolinker | 3.14.3 | 间接依赖 | npm |
| @types/parse-json | 4.0.0 | 间接依赖 | npm |
| Upper | 间接依赖 | pip | |
| remarkable | 2.0.1 | 间接依赖 | npm |
| nanoid | 3.1.23 | 间接依赖 | npm |
| @webassemblyjs/utf8 | 1.11.0 | 间接依赖 | npm |
| minimatch | 3.0.4 | 间接依赖 | npm |
| @webassemblyjs/helper-numbers | 1.11.0 | 间接依赖 | npm |
| universalify | 2.0.0 | 间接依赖 | npm |
| UpdateForm | 间接依赖 | pip | |
| BaseHTTPRequestHandler | 间接依赖 | pip | |
| autoprefixer | 10.2.5 | 直接依赖 | npm |
| postcss-loader | 5.3.0 | 直接依赖 | npm |
| URN | 间接依赖 | pip | |
| rest_framework | 间接依赖 | pip | |
| quote | 间接依赖 | pip | |
| callsites | 3.1.0 | 间接依赖 | npm |
| ajv-keywords | 3.5.2 | 间接依赖 | npm |
| elasticsearch | 间接依赖 | pip | |
| json-parse-better-errors | 1.0.2 | 间接依赖 | npm |
| call | 间接依赖 | pip | |
| @webassemblyjs/wasm-gen | 1.11.0 | 间接依赖 | npm |
| path-is-absolute | 1.0.1 | 间接依赖 | npm |
| mime | 1.6.0 | 间接依赖 | npm |
| scheduler | 0.19.1 | 间接依赖 | npm |
| camelcase-css | 2.0.1 | 间接依赖 | npm |
| UUID | 间接依赖 | pip | |
| temba | 间接依赖 | pip | |
| date | 间接依赖 | pip | |
| lru-cache | 6.0.0 | 间接依赖 | npm |
| translation | 间接依赖 | pip | |
| ALL_COUNTRIES | 间接依赖 | pip | |
| buffer-from | 1.1.1 | 间接依赖 | npm |
| MockResponse | 间接依赖 | pip | |
| @webassemblyjs/helper-wasm-bytecode | 1.11.0 | 间接依赖 | npm |
| css-unit-converter | 1.1.2 | 间接依赖 | npm |
| pify | 2.3.0 | 间接依赖 | npm |
| Q | 间接依赖 | pip | |
| acorn-walk | 7.2.0 | 间接依赖 | npm |
| Polygon | 间接依赖 | pip | |
| concat-map | 0.0.1 | 间接依赖 | npm |
| brace-expansion | 1.1.11 | 间接依赖 | npm |
| events | 3.3.0 | 间接依赖 | npm |
| timezone | 间接依赖 | pip | |
| errno | 0.1.8 | 间接依赖 | npm |
| neo-async | 2.6.2 | 间接依赖 | npm |
| caniuse-lite | 1.0.30001230 | 间接依赖 | npm |
| prop-types | 15.7.2 | 间接依赖 | npm |
| is-core-module | 2.4.0 | 间接依赖 | npm |
| TestCase | 间接依赖 | pip | |
| acorn | 7.4.1 | 间接依赖 | npm |
| loader-runner | 4.2.0 | 间接依赖 | npm |
| tailwindcss | 2.0.4 | 直接依赖 | npm |
| loose-envify | 1.4.0 | 间接依赖 | npm |
| Resthook | 间接依赖 | pip | |
| has | 1.0.3 | 间接依赖 | npm |
| NotificationCount | 间接依赖 | pip | |
| django | 间接依赖 | pip | |
| serialize-javascript | 3.1.0 | 间接依赖 | npm |
| react-is | 16.13.1 | 间接依赖 | npm |
| Mock | 间接依赖 | pip | |
| postcss-value-parser | 4.1.0 | 间接依赖 | npm |
| dataclass | 间接依赖 | pip | |
| postcss-scss | 3.0.5 | 直接依赖 | npm |
| SmartFormView | 间接依赖 | pip | |
| urlencode | 间接依赖 | pip | |
| check_call | 间接依赖 | pip | |
| esrecurse | 4.3.0 | 间接依赖 | npm |
| browserslist | 4.16.6 | 间接依赖 | npm |
| gettext_lazy | 间接依赖 | pip | |
| klona | 2.0.4 | 间接依赖 | npm |
| fs-extra | 9.1.0 | 间接依赖 | npm |
| luxon | 2.4.0 | 间接依赖 | npm |
| react-dom | 16.13.1 | 间接依赖 | npm |
| EmailMultiAlternatives | 间接依赖 | pip | |
| ContactGroup | 间接依赖 | pip | |
| MockS3Client | 间接依赖 | pip | |
| FileAndHash | 间接依赖 | pip | |
| lodash.toarray | 4.4.0 | 间接依赖 | npm |
| @nyaruka/temba-components | 0.32.4 | 直接依赖 | npm |
| ExternalURLField | 间接依赖 | pip |