基础信息
项目名称:simonw/datasette
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1762344644770955265/1762344679877279744
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Python 安全漏洞 | ReDoS | MPS-2022-57238 | CVE-2022-40897 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| setuptools | 39.2.0 | 65.5.1 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 47 | 低 |
| BSD-3-Clause | 3 | 低 |
| 自定义许可证 | 1 | 低 |
| BSD-2-Clause | 1 | 低 |
| Apache-2.0 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| style-mod | 4.0.0 | 间接依赖 | npm |
| source-map | 0.6.1 | 间接依赖 | npm |
| app_client | 间接依赖 | pip | |
| click | 间接依赖 | pip | |
| @rollup/plugin-terser | 0.1.0 | 直接依赖 | npm |
| LoginEvent | 间接依赖 | pip | |
| picomatch | 2.3.1 | 间接依赖 | npm |
| asgiref | 间接依赖 | pip | |
| Dict | 间接依赖 | pip | |
| assert_permissions_checked | 间接依赖 | pip | |
| @jridgewell/resolve-uri | 3.1.0 | 间接依赖 | npm |
| prettier | 2.2.1 | 直接依赖 | npm |
| @lezer/lr | 1.2.4 | 间接依赖 | npm |
| @jridgewell/gen-mapping | 0.3.2 | 间接依赖 | npm |
| acorn | 8.8.1 | 间接依赖 | npm |
| Event | 间接依赖 | pip | |
| builtin-modules | 3.3.0 | 间接依赖 | npm |
| LogoutEvent | 间接依赖 | pip | |
| has | 1.0.3 | 间接依赖 | npm |
| namedtuple | 间接依赖 | pip | |
| Permission | 间接依赖 | pip | |
| @jridgewell/trace-mapping | 0.3.17 | 间接依赖 | npm |
| fsevents | 2.3.2 | 间接依赖 | npm |
| @jridgewell/sourcemap-codec | 1.4.14 | 间接依赖 | npm |
| rollup | 3.3.0 | 直接依赖 | npm |
| @rollup/pluginutils | 5.0.2 | 间接依赖 | npm |
| pluggy | 间接依赖 | pip | |
| function-bind | 1.1.1 | 间接依赖 | npm |
| NamedTuple | 间接依赖 | pip | |
| source-map-support | 0.5.21 | 间接依赖 | npm |
| hookimpl | 间接依赖 | pip | |
| w3c-keyname | 2.2.6 | 间接依赖 | npm |
| a | 间接依赖 | pip | |
| supports-preserve-symlinks-flag | 1.0.0 | 间接依赖 | npm |
| terser | 5.15.1 | 间接依赖 | npm |
| @codemirror/lint | 6.1.0 | 间接依赖 | npm |
| is-core-module | 2.11.0 | 间接依赖 | npm |
| add_cors_headers | 间接依赖 | pip | |
| @codemirror/commands | 6.1.2 | 间接依赖 | npm |
| @codemirror/language | 6.3.1 | 间接依赖 | npm |
| is-module | 1.0.0 | 间接依赖 | npm |
| deepmerge | 4.2.2 | 间接依赖 | npm |
| datasette | 间接依赖 | pip | |
| urlunparse | 间接依赖 | pip | |
| @jridgewell/set-array | 1.1.2 | 间接依赖 | npm |
| BadRequest | 间接依赖 | pip | |
| parse_qs | 间接依赖 | pip | |
| buffer-from | 1.1.2 | 间接依赖 | npm |
| @rollup/plugin-node-resolve | 15.0.1 | 直接依赖 | npm |
| @jridgewell/source-map | 0.3.2 | 间接依赖 | npm |
| codemirror | 6.0.1 | 直接依赖 | npm |
| @codemirror/state | 6.1.4 | 间接依赖 | npm |
| is-builtin-module | 3.2.0 | 间接依赖 | npm |
| @codemirror/search | 6.2.3 | 间接依赖 | npm |
| make_slot_function | 间接依赖 | pip | |
| @codemirror/lang-sql | 6.3.3 | 直接依赖 | npm |
| @types/estree | 1.0.0 | 间接依赖 | npm |
| OrderedDict | 间接依赖 | pip | |
| estree-walker | 2.0.2 | 间接依赖 | npm |
| setuptools | 39.2.0 | 间接依赖 | pip |
| @codemirror/view | 6.5.1 | 间接依赖 | npm |
| path-parse | 1.0.7 | 间接依赖 | npm |
| Any | 间接依赖 | pip | |
| commander | 2.20.3 | 间接依赖 | npm |
| @lezer/highlight | 1.1.2 | 间接依赖 | npm |
| crelt | 1.0.5 | 间接依赖 | npm |
| @lezer/common | 1.0.1 | 间接依赖 | npm |
| resolve | 1.22.1 | 间接依赖 | npm |
| @types/resolve | 1.20.2 | 间接依赖 | npm |
| Forbidden | 间接依赖 | pip | |
| @codemirror/autocomplete | 6.3.2 | 间接依赖 | npm |
| bs4 | 间接依赖 | pip |