基础信息
项目名称:xjd2020/fastcms
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1715411265945124864/1715411266003845120
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Google Guava 不可信数据的反序列化漏洞 | 不加限制或调节的资源分配 | MPS-2018-5515 | CVE-2018-10237 | 中危 |
| Apache Commons Beanutils 存在不可信数据的反序列化漏洞 | 反序列化 | MPS-2019-10233 | CVE-2019-10086 | 高危 |
| Spring Framework | 反序列化 | MPS-2020-0057 | CVE-2016-1000027 | 严重 |
| Google Guava 访问控制错误漏洞 | 关键资源权限分配不当 | MPS-2020-17429 | CVE-2020-8908 | 低危 |
| Apache Commons Compress 安存在拒绝服务漏洞 | 不加限制或调节的资源分配 | MPS-2021-10550 | CVE-2021-35517 | 高危 |
| Apache Commons Compress 存在拒绝服务漏洞 | 不加限制或调节的资源分配 | MPS-2021-10551 | CVE-2021-35516 | 高危 |
| Apache Commons Compress 存在拒绝服务漏洞 | 不加限制或调节的资源分配 | MPS-2021-10564 | CVE-2021-36090 | 高危 |
| Apache Commons Compress 无限循环漏洞 | 不可达退出条件的循环(无限循环) | MPS-2021-10565 | CVE-2021-35515 | 高危 |
| Fastjson | 反序列化 | MPS-2022-11320 | CVE-2022-25845 | 高危 |
| MyBatis-Plus orderBy方法存在SQL注入漏洞 | SQL注入 | MPS-2022-4629 | CVE-2022-25517 | 严重 |
| snakeYAML | 拒绝服务 | MPS-2022-5144 | CVE-2022-25857 | 高危 |
| Bouncy Castle | 密码学问题 | MPS-2022-54305 | 中危 | |
| snakeYAML | 栈缓冲区溢出 | MPS-2022-56040 | CVE-2022-38751 | 中危 |
| snakeYAML | 栈缓冲区溢出 | MPS-2022-56041 | CVE-2022-38752 | 低危 |
| snakeYAML | 栈缓冲区溢出 | MPS-2022-56051 | CVE-2022-38750 | 中危 |
| snakeYAML | 拒绝服务 | MPS-2022-56081 | CVE-2022-38749 | 中危 |
| SnakeYAML | 栈缓冲区溢出 | MPS-2022-58478 | CVE-2022-41854 | 中危 |
| FasterXML jackson-databind 小于2.14.0-rc1拒绝服务漏洞 | 拒绝服务 | MPS-2022-58653 | CVE-2022-42003 | 中危 |
| Spring Security通配符路由绕过漏洞 | 关键资源权限分配不当 | MPS-2022-62832 | CVE-2023-20860 | 高危 |
| Spring 处理 SpEL 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-62833 | CVE-2023-20861 | 中危 |
| Spring Security Logout实现不当 | 会话固定 | MPS-2022-62834 | CVE-2023-20862 | 中危 |
| Spring Expression 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-62835 | CVE-2023-20863 | 高危 |
| Spring Boot 欢迎页功能拒绝服务风险 | 拒绝服务 | MPS-2022-62855 | CVE-2023-20883 | 高危 |
| Oracle MySQL Server存在未明漏洞 | MPS-2022-68556 | CVE-2023-21971 | 中危 | |
| snakeYAML | 反序列化 | MPS-2022-9425 | CVE-2022-1471 | 高危 |
| 【存在争议】MybatisPlus | SQL注入 | MPS-2023-3977 | CVE-2023-25330 | 高危 |
| word-wrap 安全漏洞 | ReDoS | MPS-2023-5109 | CVE-2023-26115 | 高危 |
| tough-cookie 安全漏洞 | 原型污染 | MPS-2023-5130 | CVE-2023-26136 | 严重 |
| netplex json-smart 安全漏洞 | 未经控制的递归 | MPS-2023-7760 | CVE-2023-1370 | 高危 |
| pf4j project路径遍历漏洞 | 路径遍历 | MPS-46ry-z7h3 | CVE-2023-40828 | 高危 |
| pf4j project路径遍历漏洞 | 路径遍历 | MPS-5jv0-o3cr | CVE-2023-40826 | 高危 |
| Apache Tomcat http请求走私漏洞 | 输入验证不恰当 | MPS-b5of-dwyh | CVE-2023-45648 | 中危 |
| tough-cookie | 原型污染 | MPS-esyq-56vx | 中危 | |
| Apache Tomcat 安全漏洞 | 清理环节不完整 | MPS-hz9y-jtfe | CVE-2023-42795 | 中危 |
| Bouncy Castle 信任管理问题漏洞 | 证书验证不恰当 | MPS-i6w7-d48e | CVE-2023-33201 | 中危 |
| pf4j project路径遍历漏洞 | 路径遍历 | MPS-iycx-fqkh | CVE-2023-40827 | 高危 |
| Spring Security 路径匹配漏洞 | 不恰当实现的标准安全检查 | MPS-j3nx-691g | CVE-2023-34034 | 严重 |
| Apache Tomcat 安全漏洞 | 清理环节不完整 | MPS-l8rt-k2nh | CVE-2023-42794 | 高危 |
| Guava | 创建拥有不安全权限的临时文件 | MPS-mfku-xzh3 | CVE-2023-2976 | 中危 |
| Apache Tomcat FORM 重定向漏洞 | 跨站重定向 | MPS-uy56-j8e4 | CVE-2023-41080 | 低危 |
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
| 【存在争议】FasterXML jackson-databind 代码问题漏洞 | 不加限制或调节的资源分配 | MPS-z1bx-p8y2 | CVE-2023-35116 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| org.springframework:spring-webmvc | 5.3.24 | 6.0.7 | 间接依赖 | 建议修复 |
| org.apache.commons:commons-compress | 1.20 | 1.24.0 | 直接依赖 | 建议修复 |
| org.springframework.security:spring-security-web | 5.7.6 | 6.1.2 | 间接依赖 | 建议修复 |
| com.fasterxml.jackson.core:jackson-databind | 2.13.4.2 | 2.14.0-rc1 | 直接依赖 | 建议修复 |
| org.apache.tomcat.embed:tomcat-embed-core | 9.0.70 | 11.0.0-m6 | 间接依赖 | 建议修复 |
| com.google.guava:guava | 20.0 | 32.0.0-jre | 间接依赖 | 建议修复 |
| com.mysql:mysql-connector-j | 8.0.31 | 8.0.33 | 直接依赖 | 建议修复 |
| word-wrap | 1.2.3 | 1.2.4 | 间接依赖 | 建议修复 |
| org.springframework:spring-web | 5.3.24 | 6.0.0 | 间接依赖 | 建议修复 |
| com.baomidou:mybatis-plus-core | 3.5.1 | 间接依赖 | 建议修复 | |
| net.minidev:json-smart | 2.4.8 | 2.4.9 | 间接依赖 | 建议修复 |
| org.yaml:snakeyaml | 1.30 | 2.0 | 间接依赖 | 建议修复 |
| commons-beanutils:commons-beanutils | 1.9.3 | 1.9.4 | 直接依赖 | 建议修复 |
| com.baomidou:mybatis-plus-extension | 3.5.1 | 间接依赖 | 建议修复 | |
| com.alibaba:fastjson | 1.2.73 | 1.2.83 | 间接依赖 | 建议修复 |
| tough-cookie | 4.1.2 | 4.1.3 | 间接依赖 | 建议修复 |
| org.springframework.boot:spring-boot-autoconfigure | 2.7.7 | 3.0.7 | 直接依赖 | 可选修复 |
| postcss | 8.4.23 | 8.4.31 | 间接依赖 | 可选修复 |
| com.google.guava:guava | 30.0-jre | 32.0.0-jre | 间接依赖 | 可选修复 |
| org.bouncycastle:bcprov-jdk15on | 1.68 | 1.69 | 间接依赖 | 可选修复 |
| org.springframework:spring-expression | 5.3.24 | 6.0.8 | 间接依赖 | 可选修复 |
| org.springframework:spring-core | 5.3.24 | 6.0.7 | 间接依赖 | 可选修复 |
| org.pf4j:pf4j | 3.7.0 | 3.10.0 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 229 | 低 |
| Apache-2.0 | 124 | 低 |
| GPL-2.0-or-later | 37 | 低 |
| BSD-2-Clause | 8 | 低 |
| LGPL-2.1 | 1 | 中 |
| MPL-1.1 | 1 | 低 |
| BSD-3-Clause | 10 | 低 |
| EPL-1.0 | 2 | 低 |
| 自定义许可证 | 10 | 低 |
| ISC | 12 | 低 |
| EPL-2.0 | 3 | 低 |
| WTFPL | 1 | 低 |
| 0BSD | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| @uppy/xhr-upload | 2.1.3 | 间接依赖 | npm |
| com.fastcms:fastcms-email-starter | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| com.baomidou:mybatis-plus | 3.5.1 | 间接依赖 | maven |
| vue-demi | 0.13.11 | 间接依赖 | npm |
| org.apache.commons:commons-lang3 | 3.12.0 | 间接依赖 | maven |
| org.springframework.security:spring-security-oauth2-core | 5.7.6 | 间接依赖 | maven |
| @ckeditor/ckeditor5-markdown-gfm | 38.0.1 | 间接依赖 | npm |
| io.prometheus:simpleclient_tracer_common | 0.15.0 | 间接依赖 | maven |
| org.springframework.security:spring-security-config | 5.7.6 | 间接依赖 | maven |
| com.github.jsqlparser:jsqlparser | 4.3 | 间接依赖 | maven |
| dom7 | 3.0.0 | 间接依赖 | npm |
| @babel/plugin-syntax-jsx | 7.21.4 | 间接依赖 | npm |
| lodash.foreach | 4.5.0 | 间接依赖 | npm |
| vue-i18n | 9.2.2 | 间接依赖 | npm |
| wildcard | 1.1.2 | 间接依赖 | npm |
| @vue/compiler-ssr | 3.3.4 | 间接依赖 | npm |
| io.jsonwebtoken:jjwt-api | 0.11.2 | 直接依赖 | maven |
| org.apache.lucene:lucene-analyzers-common | 8.1.0 | 直接依赖 | maven |
| @codemirror/lang-html | 6.4.4 | 间接依赖 | npm |
| screenfull | 6.0.2 | 间接依赖 | npm |
| tiny-emitter | 2.1.0 | 间接依赖 | npm |
| data-urls | 2.0.0 | 间接依赖 | npm |
| browser-process-hrtime | 1.0.0 | 间接依赖 | npm |
| org.springframework.security:spring-security-oauth2-jose | 5.7.6 | 间接依赖 | maven |
| @babel/helper-annotate-as-pure | 7.18.6 | 间接依赖 | npm |
| com.github.stephenc.jcip:jcip-annotations | 1.0-1 | 间接依赖 | maven |
| is-hotkey | 0.2.0 | 间接依赖 | npm |
| decimal.js | 10.4.3 | 间接依赖 | npm |
| nanoid | 3.3.6 | 间接依赖 | npm |
| slate | 0.72.8 | 间接依赖 | npm |
| tr46 | 2.1.0 | 间接依赖 | npm |
| @lezer/css | 1.1.2 | 间接依赖 | npm |
| side-channel | 1.0.4 | 间接依赖 | npm |
| org.springframework.security:spring-security-core | 5.7.6 | 间接依赖 | maven |
| @uppy/utils | 4.1.3 | 间接依赖 | npm |
| @interactjs/snappers | 1.10.17 | 间接依赖 | npm |
| org.springframework.security:spring-security-oauth2-client | 5.7.6 | 间接依赖 | maven |
| http-proxy-agent | 4.0.1 | 间接依赖 | npm |
| color-convert | 2.0.1 | 间接依赖 | npm |
| net.minidev:json-smart | 2.4.8 | 间接依赖 | maven |
| @ckeditor/ckeditor5-ckfinder | 38.0.1 | 间接依赖 | npm |
| @wangeditor/core | 1.1.19 | 间接依赖 | npm |
| org.springframework:spring-jcl | 5.3.24 | 间接依赖 | maven |
| org.javassist:javassist | 3.21.0-GA | 间接依赖 | maven |
| @interactjs/interactjs | 1.10.17 | 间接依赖 | npm |
| tough-cookie | 4.1.2 | 间接依赖 | npm |
| mime-db | 1.52.0 | 间接依赖 | npm |
| org.springframework:spring-tx | 5.3.24 | 间接依赖 | maven |
| @intlify/core-base | 9.2.2 | 间接依赖 | npm |
| optionator | 0.8.3 | 间接依赖 | npm |
| vue-demi | 0.14.5 | 间接依赖 | npm |
| ch.qos.logback:logback-classic | 1.2.11 | 间接依赖 | maven |
| org.springframework:spring-websocket | 5.3.24 | 间接依赖 | maven |
| immer | 9.0.21 | 间接依赖 | npm |
| com.github.binarywang:weixin-java-miniapp | 4.5.0 | 直接依赖 | maven |
| io.github.x-stream:mxparser | 1.2.2 | 间接依赖 | maven |
| org.apache.httpcomponents:httpcore | 4.4.16 | 间接依赖 | maven |
| function-bind | 1.1.1 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-jdbc | 2.7.7 | 间接依赖 | maven |
| net.minidev:accessors-smart | 2.4.8 | 间接依赖 | maven |
| @ckeditor/ckeditor5-core | 38.0.1 | 间接依赖 | npm |
| @wangeditor/upload-image-module | 1.0.2 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-tomcat | 2.7.7 | 间接依赖 | maven |
| com.fasterxml:classmate | 1.5.1 | 间接依赖 | maven |
| color-parse | 1.4.2 | 间接依赖 | npm |
| echarts-wordcloud | 2.1.0 | 间接依赖 | npm |
| @lezer/lr | 1.3.6 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-autoconfigure | 2.7.7 | 直接依赖 | maven |
| @jridgewell/sourcemap-codec | 1.4.15 | 间接依赖 | npm |
| mime-types | 2.1.35 | 间接依赖 | npm |
| @ckeditor/ckeditor5-ui | 38.0.1 | 间接依赖 | npm |
| universalify | 0.2.0 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-cache | 2.7.7 | 直接依赖 | maven |
| @uppy/store-default | 2.1.1 | 间接依赖 | npm |
| @ckeditor/ckeditor5-autoformat | 38.0.1 | 间接依赖 | npm |
| com.fastcms:fastcms-common | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| org.mybatis:mybatis-spring | 2.0.6 | 间接依赖 | maven |
| delayed-stream | 1.0.0 | 间接依赖 | npm |
| com.fastcms:fastcms-core | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| @sxzz/popperjs-es | 2.11.7 | 间接依赖 | npm |
| countup.js | 2.6.2 | 间接依赖 | npm |
| es6-symbol | 3.1.3 | 间接依赖 | npm |
| com.fastcms:fastcms-wechat-starter | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| lodash.debounce | 4.0.8 | 间接依赖 | npm |
| org.springframework.boot:spring-boot | 2.7.7 | 间接依赖 | maven |
| com.zaxxer:HikariCP | 4.0.3 | 间接依赖 | maven |
| cssom | 0.4.4 | 间接依赖 | npm |
| org.checkerframework:checker-qual | 3.5.0 | 间接依赖 | maven |
| lodash.camelcase | 4.3.0 | 间接依赖 | npm |
| com.google.j2objc:j2objc-annotations | 1.3 | 间接依赖 | maven |
| @wangeditor/code-highlight | 1.0.3 | 间接依赖 | npm |
| lodash.toarray | 4.4.0 | 间接依赖 | npm |
| @codemirror/theme-one-dark | 6.1.2 | 间接依赖 | npm |
| vanilla-colorful | 0.7.2 | 间接依赖 | npm |
| org.latencyutils:LatencyUtils | 2.0.3 | 间接依赖 | maven |
| cssom | 0.3.8 | 间接依赖 | npm |
| io.prometheus:simpleclient | 0.15.0 | 间接依赖 | maven |
| org.apache.commons:commons-compress | 1.20 | 直接依赖 | maven |
| org.springframework.boot:spring-boot-starter | 2.7.7 | 间接依赖 | maven |
| com.fastcms:fastcms-oauth2-starter | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| @wangeditor/list-module | 1.0.5 | 间接依赖 | npm |
| com.google.guava:listenablefuture | 9999.0-empty-to-avoid-conflict-with-guava | 间接依赖 | maven |
| @ckeditor/ckeditor5-paste-from-office | 38.0.1 | 间接依赖 | npm |
| w3c-hr-time | 1.0.2 | 间接依赖 | npm |
| com.baomidou:mybatis-plus-core | 3.5.1 | 间接依赖 | maven |
| type | 2.7.2 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-web | 2.7.7 | 直接依赖 | maven |
| com.fasterxml.jackson.core:jackson-core | 2.13.4 | 直接依赖 | maven |
| word-wrap | 1.2.3 | 间接依赖 | npm |
| @babel/types | 7.22.0 | 间接依赖 | npm |
| commons-collections:commons-collections | 3.2.2 | 间接依赖 | maven |
| vue | 3.3.4 | 间接依赖 | npm |
| ssr-window | 3.0.0 | 间接依赖 | npm |
| @ckeditor/ckeditor5-table | 38.0.1 | 间接依赖 | npm |
| org.springframework:spring-beans | 5.3.24 | 间接依赖 | maven |
| @types/web-bluetooth | 0.0.16 | 间接依赖 | npm |
| @floating-ui/dom | 1.2.8 | 间接依赖 | npm |
| qs | 6.11.2 | 间接依赖 | npm |
| @ckeditor/ckeditor5-build-classic | 38.0.1 | 间接依赖 | npm |
| org.hibernate.validator:hibernate-validator | 6.2.5.Final | 间接依赖 | maven |
| vue-clipboard3 | 2.0.0 | 间接依赖 | npm |
| com.baomidou:mybatis-plus-generator | 3.5.1 | 直接依赖 | maven |
| org.hdrhistogram:HdrHistogram | 2.1.12 | 间接依赖 | maven |
| com.fasterxml.jackson.module:jackson-module-parameter-names | 2.13.4 | 间接依赖 | maven |
| io.micrometer:micrometer-registry-prometheus | 1.9.6 | 直接依赖 | maven |
| is-potential-custom-element-name | 1.0.1 | 间接依赖 | npm |
| @interactjs/inertia | 1.10.17 | 间接依赖 | npm |
| has-proto | 1.0.1 | 间接依赖 | npm |
| mitt | 3.0.0 | 间接依赖 | npm |
| ckeditor5 | 38.0.1 | 间接依赖 | npm |
| form-data | 4.0.0 | 间接依赖 | npm |
| batch-processor | 1.0.0 | 间接依赖 | npm |
| @ckeditor/ckeditor5-link | 38.0.1 | 间接依赖 | npm |
| mime-match | 1.0.2 | 间接依赖 | npm |
| @element-plus/icons-vue | 2.1.0 | 间接依赖 | npm |
| clipboard | 2.0.11 | 间接依赖 | npm |
| @vueuse/metadata | 9.13.0 | 间接依赖 | npm |
| @uppy/companion-client | 2.2.2 | 间接依赖 | npm |
| org.springframework:spring-context | 5.3.24 | 间接依赖 | maven |
| com.alibaba:fastjson | 1.2.73 | 间接依赖 | maven |
| jsplumb | 2.15.6 | 间接依赖 | npm |
| @ckeditor/ckeditor5-upload | 38.0.1 | 间接依赖 | npm |
| lodash.clonedeep | 4.5.0 | 间接依赖 | npm |
| escape-html | 1.0.3 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-aop | 2.7.7 | 直接依赖 | maven |
| escodegen | 2.0.0 | 间接依赖 | npm |
| com.fasterxml.jackson.core:jackson-annotations | 2.13.4 | 直接依赖 | maven |
| preact | 10.15.0 | 间接依赖 | npm |
| webidl-conversions | 6.1.0 | 间接依赖 | npm |
| @ckeditor/ckeditor5-widget | 38.0.1 | 间接依赖 | npm |
| whatwg-encoding | 1.0.5 | 间接依赖 | npm |
| @interactjs/core | 1.10.17 | 间接依赖 | npm |
| org.dom4j:dom4j | 2.1.3 | 间接依赖 | maven |
| @babel/runtime | 7.22.0 | 间接依赖 | npm |
| ms | 2.1.2 | 间接依赖 | npm |
| @ckeditor/ckeditor5-watchdog | 38.0.1 | 间接依赖 | npm |
| @ckeditor/ckeditor5-heading | 38.0.1 | 间接依赖 | npm |
| proxy-from-env | 1.1.0 | 间接依赖 | npm |
| @lezer/html | 1.3.4 | 间接依赖 | npm |
| io.micrometer:micrometer-registry-elastic | 1.9.6 | 直接依赖 | maven |
| @vue/reactivity-transform | 3.3.4 | 间接依赖 | npm |
| xmlpull:xmlpull | 1.1.3.1 | 间接依赖 | maven |
| @ckeditor/ckeditor5-enter | 38.0.1 | 间接依赖 | npm |
| org.tuckey:urlrewritefilter | 4.0.4 | 直接依赖 | maven |
| @interactjs/interact | 1.10.17 | 间接依赖 | npm |
| org.springframework.security:spring-security-web | 5.7.6 | 间接依赖 | maven |
| estraverse | 5.3.0 | 间接依赖 | npm |
| vue-grid-layout | 3.0.0-beta1 | 间接依赖 | npm |
| echarts-gl | 2.0.9 | 间接依赖 | npm |
| com.fastcms:fastcms-mybatis-starter | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| @ckeditor/ckeditor5-engine | 38.0.1 | 间接依赖 | npm |
| nwsapi | 2.2.4 | 间接依赖 | npm |
| zrender | 5.4.3 | 间接依赖 | npm |
| net.sf.ehcache:ehcache | 2.10.9.2 | 直接依赖 | maven |
| element-resize-detector | 1.2.4 | 间接依赖 | npm |
| delegate | 3.2.0 | 间接依赖 | npm |
| jakarta.annotation:jakarta.annotation-api | 1.3.5 | 间接依赖 | maven |
| com.thoughtworks.xstream:xstream | 1.4.20 | 间接依赖 | maven |
| com.baomidou:mybatis-plus-annotation | 3.5.1 | 直接依赖 | maven |
| com.fasterxml.jackson.datatype:jackson-datatype-jsr310 | 2.13.4 | 间接依赖 | maven |
| org.apache.httpcomponents:httpmime | 4.5.14 | 间接依赖 | maven |
| @interactjs/auto-start | 1.10.17 | 间接依赖 | npm |
| slate-history | 0.66.0 | 间接依赖 | npm |
| pinia | 2.1.3 | 间接依赖 | npm |
| follow-redirects | 1.15.2 | 间接依赖 | npm |
| @interactjs/pointer-events | 1.10.17 | 间接依赖 | npm |
| html-void-elements | 2.0.1 | 间接依赖 | npm |
| com.nimbusds:content-type | 2.2 | 间接依赖 | maven |
| @floating-ui/core | 1.2.6 | 间接依赖 | npm |
| io.jsonwebtoken:jjwt-jackson | 0.11.2 | 直接依赖 | maven |
| agent-base | 6.0.2 | 间接依赖 | npm |
| is-url | 1.2.4 | 间接依赖 | npm |
| js-cookie | 3.0.5 | 间接依赖 | npm |
| vue-codemirror | 6.1.1 | 间接依赖 | npm |
| js-table2excel | 1.1.2 | 间接依赖 | npm |
| org.bouncycastle:bcprov-jdk15on | 1.68 | 间接依赖 | maven |
| @types/event-emitter | 0.3.3 | 间接依赖 | npm |
| @vue/runtime-core | 3.3.4 | 间接依赖 | npm |
| @babel/plugin-transform-react-jsx | 7.22.0 | 间接依赖 | npm |
| esprima | 4.0.1 | 间接依赖 | npm |
| org.pf4j:pf4j | 3.7.0 | 直接依赖 | maven |
| requires-port | 1.0.0 | 间接依赖 | npm |
| io.prometheus:simpleclient_tracer_otel | 0.15.0 | 间接依赖 | maven |
| org.aspectj:aspectjweaver | 1.9.7 | 间接依赖 | maven |
| org.springframework:spring-jdbc | 5.3.24 | 间接依赖 | maven |
| xmlchars | 2.2.0 | 间接依赖 | npm |
| has | 1.0.3 | 间接依赖 | npm |
| @ckeditor/ckeditor5-essentials | 38.0.1 | 间接依赖 | npm |
| io.jsonwebtoken:jjwt-impl | 0.11.2 | 直接依赖 | maven |
| namespace-emitter | 2.0.1 | 间接依赖 | npm |
| @vueuse/core | 9.13.0 | 间接依赖 | npm |
| @ckeditor/ckeditor5-theme-lark | 38.0.1 | 间接依赖 | npm |
| turndown | 6.0.0 | 间接依赖 | npm |
| org.springframework.security:spring-security-crypto | 5.7.6 | 间接依赖 | maven |
| print-js | 1.6.0 | 间接依赖 | npm |
| prismjs | 1.29.0 | 间接依赖 | npm |
| parse5 | 6.0.1 | 间接依赖 | npm |
| marked | 4.0.12 | 间接依赖 | npm |
| @codemirror/state | 6.2.1 | 间接依赖 | npm |
| org.reflections:reflections | 0.9.11 | 直接依赖 | maven |
| acorn-walk | 7.2.0 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-websocket | 2.7.7 | 直接依赖 | maven |
| com.fastcms:fastcms-cms | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| event-emitter | 0.3.5 | 间接依赖 | npm |
| html-encoding-sniffer | 2.0.1 | 间接依赖 | npm |
| com.github.zafarkhaja:java-semver | 0.9.0 | 间接依赖 | maven |
| good-listener | 1.2.2 | 间接依赖 | npm |
| commons-codec:commons-codec | 1.15 | 间接依赖 | maven |
| postcss | 8.4.23 | 间接依赖 | npm |
| tiny-warning | 1.0.3 | 间接依赖 | npm |
| next-tick | 1.1.0 | 间接依赖 | npm |
| com.fastcms:fastcms-templates | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| picocolors | 1.0.0 | 间接依赖 | npm |
| com.nimbusds:lang-tag | 1.6 | 间接依赖 | maven |
| punycode | 2.3.0 | 间接依赖 | npm |
| claygl | 1.3.0 | 间接依赖 | npm |
| source-map | 0.6.1 | 间接依赖 | npm |
| call-bind | 1.0.2 | 间接依赖 | npm |
| org.apache.lucene:lucene-memory | 8.1.0 | 间接依赖 | maven |
| jakarta.validation:jakarta.validation-api | 2.0.2 | 间接依赖 | maven |
| com.fastcms:fastcms-payment-starter | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| @interactjs/modifiers | 1.10.17 | 间接依赖 | npm |
| snabbdom | 3.5.1 | 间接依赖 | npm |
| acorn | 7.4.1 | 间接依赖 | npm |
| lodash-unified | 1.0.3 | 间接依赖 | npm |
| @ckeditor/ckeditor5-cloud-services | 38.0.1 | 间接依赖 | npm |
| lodash.isequal | 4.5.0 | 间接依赖 | npm |
| @types/lodash-es | 4.17.7 | 间接依赖 | npm |
| @ctrl/tinycolor | 3.6.0 | 间接依赖 | npm |
| type | 1.2.0 | 间接依赖 | npm |
| org.springframework:spring-web | 5.3.24 | 间接依赖 | maven |
| @wangeditor/editor-for-vue | 5.1.12 | 间接依赖 | npm |
| @ckeditor/ckeditor5-list | 38.0.1 | 间接依赖 | npm |
| @intlify/shared | 9.2.2 | 间接依赖 | npm |
| ws | 7.5.9 | 间接依赖 | npm |
| scroll-into-view-if-needed | 2.2.31 | 间接依赖 | npm |
| echarts | 5.4.2 | 间接依赖 | npm |
| has-symbols | 1.0.3 | 间接依赖 | npm |
| resize-observer-polyfill | 1.5.1 | 间接依赖 | npm |
| ch.qos.logback:logback-core | 1.2.11 | 间接依赖 | maven |
| @interactjs/utils | 1.10.17 | 间接依赖 | npm |
| org.slf4j:log4j-over-slf4j | 1.7.36 | 直接依赖 | maven |
| com.baomidou:mybatis-plus-extension | 3.5.1 | 间接依赖 | maven |
| com.github.whvcse:easy-captcha | 1.6.2 | 直接依赖 | maven |
| @wangeditor/table-module | 1.1.4 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-configuration-processor | 2.7.7 | 直接依赖 | maven |
| com.github.binarywang:weixin-java-common | 4.5.0 | 间接依赖 | maven |
| turndown-plugin-gfm | 1.0.2 | 间接依赖 | npm |
| org.apache.httpcomponents:httpclient | 4.5.14 | 间接依赖 | maven |
| @ckeditor/ckeditor5-editor-classic | 38.0.1 | 间接依赖 | npm |
| es5-ext | 0.10.62 | 间接依赖 | npm |
| org.apache.tomcat.embed:tomcat-embed-el | 9.0.70 | 间接依赖 | maven |
| @codemirror/lint | 6.2.2 | 间接依赖 | npm |
| @vue/compiler-dom | 3.3.4 | 间接依赖 | npm |
| memoize-one | 6.0.0 | 间接依赖 | npm |
| saxes | 5.0.1 | 间接依赖 | npm |
| com.fastcms:fastcms-plugin-starter | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| ext | 1.7.0 | 间接依赖 | npm |
| estree-walker | 2.0.2 | 间接依赖 | npm |
| commons-io:commons-io | 2.7 | 直接依赖 | maven |
| org.springframework:spring-webmvc | 5.3.24 | 间接依赖 | maven |
| org.springframework.boot:spring-boot-starter-validation | 2.7.7 | 直接依赖 | maven |
| @vue/compiler-sfc | 3.3.4 | 间接依赖 | npm |
| @codemirror/autocomplete | 6.7.1 | 间接依赖 | npm |
| @wangeditor/basic-modules | 1.1.7 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-mail | 2.7.7 | 直接依赖 | maven |
| io.micrometer:micrometer-registry-influx | 1.9.6 | 直接依赖 | maven |
| color-name | 1.1.4 | 间接依赖 | npm |
| org.bouncycastle:bcpkix-jdk15on | 1.68 | 间接依赖 | maven |
| org.apache.logging.log4j:log4j-api | 2.17.2 | 间接依赖 | maven |
| domexception | 2.0.1 | 间接依赖 | npm |
| splitpanes | 3.1.5 | 间接依赖 | npm |
| jsdom | 16.7.0 | 间接依赖 | npm |
| qrcodejs2-fixes | 0.0.2 | 间接依赖 | npm |
| @tootallnate/once | 1.1.2 | 间接依赖 | npm |
| crelt | 1.0.6 | 间接依赖 | npm |
| @ckeditor/ckeditor5-block-quote | 38.0.1 | 间接依赖 | npm |
| org.slf4j:slf4j-api | 1.7.36 | 直接依赖 | maven |
| esutils | 2.0.3 | 间接依赖 | npm |
| org.jboss.logging:jboss-logging | 3.4.3.Final | 间接依赖 | maven |
| safer-buffer | 2.1.2 | 间接依赖 | npm |
| org.slf4j:jcl-over-slf4j | 1.7.36 | 直接依赖 | maven |
| debug | 4.3.4 | 间接依赖 | npm |
| commons-lang:commons-lang | 2.6 | 直接依赖 | maven |
| select | 1.1.2 | 间接依赖 | npm |
| com.nimbusds:nimbus-jose-jwt | 9.22 | 间接依赖 | maven |
| deep-is | 0.1.4 | 间接依赖 | npm |
| @types/lodash | 4.14.195 | 间接依赖 | npm |
| form-data | 3.0.1 | 间接依赖 | npm |
| source-map-js | 1.0.2 | 间接依赖 | npm |
| org.apache.logging.log4j:log4j-to-slf4j | 2.17.2 | 间接依赖 | maven |
| org.apache.lucene:lucene-highlighter | 8.1.0 | 直接依赖 | maven |
| @vue/runtime-dom | 3.3.4 | 间接依赖 | npm |
| w3c-keyname | 2.2.7 | 间接依赖 | npm |
| @vue/compiler-core | 3.3.4 | 间接依赖 | npm |
| org.apache.tomcat.embed:tomcat-embed-core | 9.0.70 | 间接依赖 | maven |
| @ckeditor/ckeditor5-clipboard | 38.0.1 | 间接依赖 | npm |
| com.sun.mail:jakarta.mail | 1.6.7 | 间接依赖 | maven |
| @vueuse/shared | 9.13.0 | 间接依赖 | npm |
| org.springframework:spring-core | 5.3.24 | 间接依赖 | maven |
| @ckeditor/ckeditor5-indent | 38.0.1 | 间接依赖 | npm |
| org.springframework:spring-aop | 5.3.24 | 间接依赖 | maven |
| @wangeditor/editor | 5.1.23 | 间接依赖 | npm |
| @ckeditor/ckeditor5-basic-styles | 38.0.1 | 间接依赖 | npm |
| @wangeditor/video-module | 1.1.4 | 间接依赖 | npm |
| org.ow2.asm:asm | 9.1 | 间接依赖 | maven |
| io.micrometer:micrometer-core | 1.9.6 | 间接依赖 | maven |
| @interactjs/offset | 1.10.17 | 间接依赖 | npm |
| tslib | 2.3.0 | 间接依赖 | npm |
| @ckeditor/ckeditor5-ckbox | 38.0.1 | 间接依赖 | npm |
| symbol-tree | 3.2.4 | 间接依赖 | npm |
| i18next | 20.6.1 | 间接依赖 | npm |
| org.apache.tomcat.embed:tomcat-embed-websocket | 9.0.70 | 间接依赖 | maven |
| @babel/helper-module-imports | 7.21.4 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-logging | 2.7.7 | 间接依赖 | maven |
| vue3-ace-editor | 2.2.2 | 间接依赖 | npm |
| com.google.guava:guava | 20.0 | 间接依赖 | maven |
| @codemirror/lang-css | 6.2.0 | 间接依赖 | npm |
| lodash | 4.17.21 | 间接依赖 | npm |
| com.sun.activation:jakarta.activation | 1.2.2 | 间接依赖 | maven |
| @vue/devtools-api | 6.5.0 | 间接依赖 | npm |
| com.fastcms:fastcms-service | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| @ckeditor/ckeditor5-media-embed | 38.0.1 | 间接依赖 | npm |
| @interactjs/dev-tools | 1.10.17 | 间接依赖 | npm |
| cropperjs | 1.5.13 | 间接依赖 | npm |
| object-inspect | 1.12.3 | 间接依赖 | npm |
| dayjs | 1.11.7 | 间接依赖 | npm |
| element-plus | 2.3.5 | 间接依赖 | npm |
| org.slf4j:jul-to-slf4j | 1.7.36 | 直接依赖 | maven |
| mitt | 2.1.0 | 间接依赖 | npm |
| @intlify/message-compiler | 9.2.2 | 间接依赖 | npm |
| @babel/helper-validator-identifier | 7.19.1 | 间接依赖 | npm |
| @interactjs/auto-scroll | 1.10.17 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-freemarker | 2.7.7 | 直接依赖 | maven |
| style-mod | 4.0.3 | 间接依赖 | npm |
| @ckeditor/ckeditor5-image | 38.0.1 | 间接依赖 | npm |
| org.apache.lucene:lucene-sandbox | 8.1.0 | 间接依赖 | maven |
| xml-name-validator | 3.0.0 | 间接依赖 | npm |
| com.mysql:mysql-connector-j | 8.0.31 | 直接依赖 | maven |
| org.springframework.boot:spring-boot-starter-json | 2.7.7 | 间接依赖 | maven |
| csstype | 3.1.2 | 间接依赖 | npm |
| to-fast-properties | 2.0.0 | 间接依赖 | npm |
| org.apache.lucene:lucene-analyzers-smartcn | 8.1.0 | 直接依赖 | maven |
| vue-router | 4.2.1 | 间接依赖 | npm |
| @vue/server-renderer | 3.3.4 | 间接依赖 | npm |
| sortablejs | 1.15.0 | 间接依赖 | npm |
| org.springframework:spring-messaging | 5.3.24 | 间接依赖 | maven |
| is-plain-object | 5.0.0 | 间接依赖 | npm |
| @lezer/common | 1.0.3 | 间接依赖 | npm |
| @ckeditor/ckeditor5-undo | 38.0.1 | 间接依赖 | npm |
| org.zeroturnaround:zt-zip | 1.15 | 直接依赖 | maven |
| @codemirror/lang-javascript | 6.1.9 | 间接依赖 | npm |
| abab | 2.0.6 | 间接依赖 | npm |
| asynckit | 0.4.0 | 间接依赖 | npm |
| @ckeditor/ckeditor5-adapter-ckfinder | 38.0.1 | 间接依赖 | npm |
| webidl-conversions | 5.0.0 | 间接依赖 | npm |
| normalize-wheel-es | 1.2.0 | 间接依赖 | npm |
| acorn-globals | 6.0.0 | 间接依赖 | npm |
| @uppy/core | 2.3.4 | 间接依赖 | npm |
| com.google.code.findbugs:jsr305 | 3.0.2 | 间接依赖 | maven |
| org.springframework:spring-context-support | 5.3.24 | 间接依赖 | maven |
| @ckeditor/ckeditor5-paragraph | 38.0.1 | 间接依赖 | npm |
| lodash.throttle | 4.1.1 | 间接依赖 | npm |
| @ckeditor/ckeditor5-utils | 38.0.1 | 间接依赖 | npm |
| @ckeditor/ckeditor5-editor-decoupled | 38.0.1 | 间接依赖 | npm |
| @ckeditor/ckeditor5-easy-image | 38.0.1 | 间接依赖 | npm |
| @interactjs/reflow | 1.10.17 | 间接依赖 | npm |
| @intlify/devtools-if | 9.2.2 | 间接依赖 | npm |
| org.apache.lucene:lucene-queryparser | 8.1.0 | 直接依赖 | maven |
| regenerator-runtime | 0.13.11 | 间接依赖 | npm |
| psl | 1.9.0 | 间接依赖 | npm |
| @interactjs/types | 1.10.17 | 间接依赖 | npm |
| org.jsoup:jsoup | 1.15.3 | 直接依赖 | maven |
| org.freemarker:freemarker | 2.3.31 | 直接依赖 | maven |
| @transloadit/prettier-bytes | 0.0.7 | 间接依赖 | npm |
| async-validator | 4.2.5 | 间接依赖 | npm |
| iconv-lite | 0.4.24 | 间接依赖 | npm |
| @ckeditor/ckeditor5-typing | 38.0.1 | 间接依赖 | npm |
| get-intrinsic | 1.2.1 | 间接依赖 | npm |
| @lezer/highlight | 1.1.6 | 间接依赖 | npm |
| @codemirror/commands | 6.2.4 | 间接依赖 | npm |
| lodash-es | 4.17.21 | 间接依赖 | npm |
| com.google.zxing:core | 3.3.1 | 间接依赖 | maven |
| @codemirror/view | 6.13.0 | 间接依赖 | npm |
| com.google.guava:failureaccess | 1.0.1 | 间接依赖 | maven |
| org.apache.lucene:lucene-core | 8.1.0 | 直接依赖 | maven |
| @ckeditor/ckeditor5-alignment | 38.0.1 | 间接依赖 | npm |
| nprogress | 0.2.0 | 间接依赖 | npm |
| ace-builds | 1.22.0 | 间接依赖 | npm |
| com.github.binarywang:weixin-java-mp | 4.5.0 | 直接依赖 | maven |
| @babel/helper-plugin-utils | 7.21.5 | 间接依赖 | npm |
| org.mybatis:mybatis | 3.5.9 | 间接依赖 | maven |
| @interactjs/actions | 1.10.17 | 间接依赖 | npm |
| org.apache.lucene:lucene-queries | 8.1.0 | 间接依赖 | maven |
| @intlify/vue-devtools | 9.2.2 | 间接依赖 | npm |
| d | 1.0.1 | 间接依赖 | npm |
| com.fastcms:fastcms-lucene-starter | 0.1.6-SNAPSHOT | 直接依赖 | maven |
| https-proxy-agent | 5.0.1 | 间接依赖 | npm |
| com.google.code.gson:gson | 2.9.1 | 间接依赖 | maven |
| fast-levenshtein | 2.0.6 | 间接依赖 | npm |
| cssstyle | 2.3.0 | 间接依赖 | npm |
| org.yaml:snakeyaml | 1.30 | 间接依赖 | maven |
| acorn | 8.8.2 | 间接依赖 | npm |
| org.springframework:spring-expression | 5.3.24 | 间接依赖 | maven |
| querystringify | 2.2.0 | 间接依赖 | npm |
| w3c-xmlserializer | 2.0.0 | 间接依赖 | npm |
| combined-stream | 1.0.8 | 间接依赖 | npm |
| com.google.errorprone:error_prone_annotations | 2.3.4 | 间接依赖 | maven |
| @vue/shared | 3.3.4 | 间接依赖 | npm |
| compute-scroll-into-view | 1.0.20 | 间接依赖 | npm |
| com.nimbusds:oauth2-oidc-sdk | 9.35 | 间接依赖 | maven |
| axios | 1.4.0 | 间接依赖 | npm |
| com.google.guava:guava | 30.0-jre | 间接依赖 | maven |
| com.fasterxml.jackson.core:jackson-databind | 2.13.4.2 | 直接依赖 | maven |
| es6-iterator | 2.0.3 | 间接依赖 | npm |
| commons-logging:commons-logging | 1.2 | 间接依赖 | maven |
| url-parse | 1.5.10 | 间接依赖 | npm |
| @babel/helper-string-parser | 7.21.5 | 间接依赖 | npm |
| io.prometheus:simpleclient_common | 0.15.0 | 间接依赖 | maven |
| @babel/parser | 7.22.0 | 间接依赖 | npm |
| net.coobird:thumbnailator | 0.4.8 | 直接依赖 | maven |
| @lezer/javascript | 1.4.3 | 间接依赖 | npm |
| @codemirror/language | 6.7.0 | 间接依赖 | npm |
| com.egzosn:pay-java-common | 2.14.3-b2 | 直接依赖 | maven |
| @ckeditor/ckeditor5-source-editing | 38.0.1 | 间接依赖 | npm |
| @vue/reactivity | 3.3.4 | 间接依赖 | npm |
| magic-string | 0.30.0 | 间接依赖 | npm |
| @ckeditor/ckeditor5-select-all | 38.0.1 | 间接依赖 | npm |
| com.baomidou:mybatis-plus-boot-starter | 3.5.1 | 直接依赖 | maven |
| whatwg-url | 8.7.0 | 间接依赖 | npm |
| whatwg-mimetype | 2.3.0 | 间接依赖 | npm |
| org.springframework.boot:spring-boot-starter-oauth2-client | 2.7.7 | 直接依赖 | maven |
| org.springframework.boot:spring-boot-starter-security | 2.7.7 | 直接依赖 | maven |
| com.fasterxml.jackson.datatype:jackson-datatype-jdk8 | 2.13.4 | 间接依赖 | maven |
| io.prometheus:simpleclient_tracer_otel_agent | 0.15.0 | 间接依赖 | maven |
| commons-beanutils:commons-beanutils | 1.9.3 | 直接依赖 | maven |