基础信息
项目名称:AntonioMeireles/homebridge-vieramatic
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1715865974129426432/1715865974666297344
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| fast-xml-parser 安全漏洞 | ReDoS | MPS-x6q9-lbdv | CVE-2023-34104 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| fast-xml-parser | 4.2.2 | 4.2.4 | 间接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 61 | 低 |
| BSD-2-Clause | 1 | 低 |
| ISC | 1 | 低 |
| BSD-3-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| @babel/runtime | 7.21.5 | 间接依赖 | npm |
| json-buffer | 3.0.1 | 间接依赖 | npm |
| mimic-response | 3.1.0 | 间接依赖 | npm |
| @restart/hooks | 0.4.9 | 间接依赖 | npm |
| fast-xml-parser | 4.2.2 | 间接依赖 | npm |
| resolve-alpn | 1.2.1 | 间接依赖 | npm |
| @fortawesome/react-fontawesome | 0.2.0 | 间接依赖 | npm |
| @preact/compat | 17.1.2 | 间接依赖 | npm |
| warning | 4.0.3 | 间接依赖 | npm |
| object-assign | 4.1.1 | 间接依赖 | npm |
| @types/react | 18.2.6 | 间接依赖 | npm |
| @popperjs/core | 2.11.7 | 间接依赖 | npm |
| uncontrollable | 7.2.1 | 间接依赖 | npm |
| csstype | 3.1.2 | 间接依赖 | npm |
| jsonfile | 6.1.0 | 间接依赖 | npm |
| @types/http-cache-semantics | 4.0.1 | 间接依赖 | npm |
| @hookstate/core | 4.0.1 | 间接依赖 | npm |
| http-cache-semantics | 4.1.1 | 间接依赖 | npm |
| prop-types | 15.8.1 | 间接依赖 | npm |
| quick-lru | 5.1.1 | 间接依赖 | npm |
| graceful-fs | 4.2.11 | 间接依赖 | npm |
| http2-wrapper | 2.2.0 | 间接依赖 | npm |
| react-lifecycles-compat | 3.0.4 | 间接依赖 | npm |
| react-transition-group | 4.4.5 | 间接依赖 | npm |
| js-tokens | 4.0.0 | 间接依赖 | npm |
| react-bootstrap | 1.6.7 | 间接依赖 | npm |
| keyv | 4.5.2 | 间接依赖 | npm |
| @homebridge/plugin-ui-utils | 0.0.19 | 间接依赖 | npm |
| @sindresorhus/is | 5.3.0 | 间接依赖 | npm |
| get-stream | 6.0.1 | 间接依赖 | npm |
| react-overlays | 5.2.1 | 间接依赖 | npm |
| cacheable-lookup | 7.0.0 | 间接依赖 | npm |
| preact | 10.13.2 | 间接依赖 | npm |
| lowercase-keys | 3.0.0 | 间接依赖 | npm |
| decompress-response | 6.0.0 | 间接依赖 | npm |
| @szmarczak/http-timer | 5.0.1 | 间接依赖 | npm |
| got | 12.6.0 | 间接依赖 | npm |
| classnames | 2.3.2 | 间接依赖 | npm |
| prop-types-extra | 1.1.1 | 间接依赖 | npm |
| @types/scheduler | 0.16.3 | 间接依赖 | npm |
| mimic-response | 4.0.0 | 间接依赖 | npm |
| @types/react-transition-group | 4.4.6 | 间接依赖 | npm |
| invariant | 2.2.4 | 间接依赖 | npm |
| strnum | 1.0.5 | 间接依赖 | npm |
| html-entities | 2.3.3 | 间接依赖 | npm |
| loose-envify | 1.4.0 | 间接依赖 | npm |
| @types/warning | 3.0.0 | 间接依赖 | npm |
| dequal | 2.0.3 | 间接依赖 | npm |
| defer-to-connect | 2.0.1 | 间接依赖 | npm |
| regenerator-runtime | 0.13.11 | 间接依赖 | npm |
| cacheable-request | 10.2.10 | 间接依赖 | npm |
| fs-extra | 11.1.1 | 间接依赖 | npm |
| normalize-url | 8.0.0 | 间接依赖 | npm |
| @restart/context | 2.1.4 | 间接依赖 | npm |
| react-is | 16.13.1 | 间接依赖 | npm |
| responselike | 3.0.0 | 间接依赖 | npm |
| @fortawesome/fontawesome-svg-core | 6.4.0 | 间接依赖 | npm |
| form-data-encoder | 2.1.4 | 间接依赖 | npm |
| p-cancelable | 3.0.0 | 间接依赖 | npm |
| @types/invariant | 2.2.35 | 间接依赖 | npm |
| readline-sync | 1.4.10 | 间接依赖 | npm |
| dom-helpers | 5.2.1 | 间接依赖 | npm |
| @fortawesome/fontawesome-common-types | 6.4.0 | 间接依赖 | npm |
| @types/prop-types | 15.7.5 | 间接依赖 | npm |
| universalify | 2.0.0 | 间接依赖 | npm |