基础信息
项目名称:bosun-monitor/bosun
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1716425761195950080/1716425787372601344
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| jwt-go 安全漏洞 | 授权检查缺失 | MPS-2020-13786 | CVE-2020-26160 | 高危 |
| Google Golang 资源管理错误漏洞 | MPS-2022-58307 | CVE-2022-41723 | 高危 | |
| Google Golang 资源管理错误漏洞 | 不加限制或调节的资源分配 | MPS-2022-58311 | CVE-2022-41727 | 中危 |
| Google Go 权限许可和访问控制问题漏洞 | 权限管理不当 | MPS-2022-9049 | CVE-2022-29526 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/dgrijalva/jwt-go | v3.2.0+incompatible | 4.0.0-preview1 | 间接依赖 | 建议修复 |
| golang.org/x/image | v0.0.0-20150916112557-baddd3465a05 | 0.5.0 | 间接依赖 | 建议修复 |
| golang.org/x/net | v0.0.0-20200226121028-0de0cce0169b | 0.17.0 | 直接依赖 | 建议修复 |
| golang.org/x/sys | v0.0.0-20190502145724-3ef323f4f1fd | 0.1.0 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 28 | 低 |
| Apache-2.0 | 14 | 低 |
| MIT | 34 | 低 |
| LGPL-3.0 | 1 | 中 |
| Unlicense | 2 | 低 |
| BSD-2-Clause | 8 | 低 |
| CC-BY-3.0 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/Azure/go-autorest | v11.1.0+incompatible | 直接依赖 | go |
| github.com/gorilla/mux | v0.0.0-20160920230813-757bef944d0f | 直接依赖 | go |
| typescript | 2.4.2 | 直接依赖 | npm |
| gopkg.in/asn1-ber.v1 | v1.0.0-20141119150059-9eae18c3681a | 间接依赖 | go |
| github.com/NYTimes/gziphandler | v0.0.0-20160419202541-63027b26b87e | 直接依赖 | go |
| github.com/prometheus/prometheus | v1.8.2-0.20190115164134-b639fe140c1f | 直接依赖 | go |
| github.com/kylebrandt/gohop | v0.0.0-20160712175359-f6dbeb38f6df | 直接依赖 | go |
| golang.org/x/net | v0.0.0-20200226121028-0de0cce0169b | 直接依赖 | go |
| golang.org/x/sync | v0.0.0-20190911185100-cd5d95a43a6e | 间接依赖 | go |
| github.com/GROpenSourceDev/go-ntlm-auth | v0.0.0-20160519083535-6314d66e1d8f | 直接依赖 | go |
| github.com/ugorji/go | v0.0.0-20151120143108-ea9cd21fa0bc | 间接依赖 | go |
| github.com/aws/aws-sdk-go | v1.31.12 | 直接依赖 | go |
| github.com/vdobler/chart | v0.0.0-20150914065344-293b01f8b75d | 直接依赖 | go |
| gopkg.in/olivere/elastic.v5 | v5.0.48 | 直接依赖 | go |
| github.com/mjibson/esc | v0.1.0 | 直接依赖 | go |
| github.com/facebookgo/subset | v0.0.0-20150612182917-8dac2c3c4870 | 间接依赖 | go |
| github.com/golang/groupcache | v0.0.0-20190702054246-869f871628b6 | 直接依赖 | go |
| golang.org/x/crypto | v0.0.0-20191011191535-87dc89f01550 | 间接依赖 | go |
| github.com/siddontang/goredis | v0.0.0-20150324035039-760763f78400 | 间接依赖 | go |
| gopkg.in/yaml.v1 | v1.0.0-20140924161607-9f9df34309c0 | 直接依赖 | go |
| github.com/gomodule/redigo | v2.0.0+incompatible | 间接依赖 | go |
| gopkg.in/fsnotify.v1 | v1.4.7 | 直接依赖 | go |
| github.com/mitchellh/go-homedir | v1.0.0 | 间接依赖 | go |
| github.com/prometheus/common | v0.1.0 | 直接依赖 | go |
| github.com/alicebob/gopher-json | v0.0.0-20180125190556-5a6b3ba71ee6 | 间接依赖 | go |
| github.com/aymerick/douceur | v0.2.1-0.20150827151352-7176f1467381 | 直接依赖 | go |
| github.com/prometheus/client_golang | v0.9.3-0.20190106165022-d2ead2588477 | 直接依赖 | go |
| github.com/siddontang/rdb | v0.0.0-20150307021120-fc89ed2e418d | 间接依赖 | go |
| github.com/StackExchange/mof | v0.0.0-20170227230456-cfc83d4047d1 | 直接依赖 | go |
| github.com/bradfitz/slice | v0.0.0-20140430145140-a665b5dbaad5 | 直接依赖 | go |
| github.com/llgcode/ps | v0.0.0-20150911083025-f1443b32eedb | 间接依赖 | go |
| github.com/gocarina/gocsv | v0.0.0-20190927101021-3ecffd272576 | 间接依赖 | go |
| github.com/kardianos/osext | v0.0.0-20160811001526-c2c54e542fb7 | 直接依赖 | go |
| github.com/golang/freetype | v0.0.0-20150924013838-f29eb116deb3 | 间接依赖 | go |
| github.com/captncraig/easyauth | v0.0.0-20171013131059-c6de284138cf | 直接依赖 | go |
| github.com/StackExchange/wmi | v0.0.0-20180725035823-b12b22c5341f | 直接依赖 | go |
| github.com/MiniProfiler/go | v0.0.0-20160719195834-3296d396d472 | 直接依赖 | go |
| github.com/godbus/dbus | v4.0.1-0.20160727174541-7a8c533d28e8+incompatible | 间接依赖 | go |
| github.com/jinzhu/now | v0.0.0-20151001141511-ce80572eb55a | 直接依赖 | go |
| github.com/dgrijalva/jwt-go | v3.2.0+incompatible | 间接依赖 | go |
| github.com/alicebob/miniredis | v2.5.0+incompatible | 间接依赖 | go |
| google.golang.org/api | v0.0.0-20180506000402-20530fd5d65a | 直接依赖 | go |
| golang.org/x/sys | v0.0.0-20190502145724-3ef323f4f1fd | 直接依赖 | go |
| github.com/facebookgo/freeport | v0.0.0-20150612182905-d4adf43b75b9 | 间接依赖 | go |
| github.com/jmoiron/jsonq | v0.0.0-20150511023944-e874b168d07e | 直接依赖 | go |
| github.com/gorilla/securecookie | v0.0.0-20161003051601-fa5329f91370 | 间接依赖 | go |
| github.com/garyburd/redigo | v0.0.0-20151219232044-836b6e58b335 | 直接依赖 | go |
| github.com/siddontang/ledisdb | v0.0.0-20190202134119-8ceb77e66a92 | 直接依赖 | go |
| github.com/BurntSushi/toml | v0.3.1 | 直接依赖 | go |
| golang.org/x/oauth2 | v0.0.0-20180821212333-d2e6202438be | 直接依赖 | go |
| gopkg.in/mgo.v2 | v2.0.0-20190816093944-a6b53ec6cb22 | 间接依赖 | go |
| github.com/jordan-wright/email | v0.0.0-20151016173557-f61123ea07e1 | 直接依赖 | go |
| github.com/llgcode/draw2d | v0.0.0-20151105134336-9ffe0e7eb54c | 间接依赖 | go |
| github.com/bosun-monitor/statusio | v0.0.0-20160516160816-ab1583139762 | 直接依赖 | go |
| github.com/andybalholm/cascadia | v0.0.0-20150730174459-3ad29d1ad1c4 | 间接依赖 | go |
| gopkg.in/check.v1 | v1.0.0-20180628173108-788fd7840127 | 间接依赖 | go |
| github.com/influxdata/influxdb | v1.6.3 | 直接依赖 | go |
| github.com/PuerkitoBio/goquery | v0.3.3-0.20150927202820-417cce822c7b | 间接依赖 | go |
| github.com/dimchansky/utfbom | v1.0.0 | 间接依赖 | go |
| golang.org/x/image | v0.0.0-20150916112557-baddd3465a05 | 间接依赖 | go |
| gopkg.in/ldap.v1 | v1.0.0-20150224155422-0041a4127039 | 间接依赖 | go |
| github.com/kylebrandt/boolq | v0.0.0-20160608164548-f869a7265c7e | 直接依赖 | go |
| github.com/gorilla/css | v0.0.0-20150317222238-a80e24ada269 | 间接依赖 | go |
| github.com/google/go-github | v0.0.0-20151126072848-44b1ede22d71 | 直接依赖 | go |
| github.com/stretchr/testify | v1.5.1 | 直接依赖 | go |
| github.com/mhenderson-so/azure-ea-billing | v0.0.0-20160829175629-4fd1a790460c | 直接依赖 | go |
| github.com/ryanuber/go-glob | v0.0.0-20160226084822-572520ed46db | 直接依赖 | go |
| github.com/google/cadvisor | v0.21.1-0.20160212224345-e9739af18411 | 直接依赖 | go |
| github.com/pelletier/go-toml | v1.6.0 | 间接依赖 | go |
| github.com/facebookgo/ensure | v0.0.0-20160127193407-b4ab57deab51 | 间接依赖 | go |
| github.com/google/go-querystring | v0.0.0-20151028211038-2a60fc2ba6c1 | 间接依赖 | go |
| github.com/yuin/gopher-lua | v0.0.0-20190514113301-1cd887cd7036 | 间接依赖 | go |
| github.com/tatsushid/go-fastping | v0.0.0-20150818125950-06cac0fecdc2 | 直接依赖 | go |
| github.com/justinas/alice | v0.0.0-20160910103822-1051eaf52fca | 直接依赖 | go |
| github.com/syndtr/goleveldb | v0.0.0-20150819051622-1a9d62f03ea9 | 间接依赖 | go |
| github.com/olivere/elastic/v7 | v7.0.17 | 直接依赖 | go |
| github.com/StackExchange/httpunit | v0.0.0-20190320172535-088c22a5342e | 直接依赖 | go |
| github.com/GaryBoone/GoStats | v0.0.0-20130122001700-1993eafbef57 | 直接依赖 | go |
| github.com/ajstarks/svgo | v0.0.0-20151117013546-fd2151ebabde | 直接依赖 | go |
| github.com/siddontang/go | v0.0.0-20150505004501-b151716326d7 | 间接依赖 | go |
| github.com/edsrzf/mmap-go | v0.0.0-20151128182504-903d080718bd | 间接依赖 | go |
| github.com/glendc/gopher-json | v0.0.0-20170414221815-dc4743023d0c | 间接依赖 | go |
| github.com/facebookgo/httpcontrol | v0.0.0-20150708234001-ccde4420e1fe | 直接依赖 | go |
| github.com/vmware/govmomi | v0.16.1-0.20180228032728-a2138329bbd1 | 直接依赖 | go |
| github.com/olivere/elastic | v6.1.23-0.20180523141205-33ad30f61610+incompatible | 直接依赖 | go |
| github.com/influxdata/influxql | v0.0.0-20180823200743-a7267bff5327 | 直接依赖 | go |
| github.com/gorilla/context | v1.1.1 | 间接依赖 | go |
| github.com/Azure/azure-sdk-for-go | v21.1.0+incompatible | 直接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 直接依赖 | go |
| github.com/coreos/go-systemd | v0.0.0-20160202211425-7b2428fec400 | 直接依赖 | go |
| github.com/facebookgo/stack | v0.0.0-20160209184415-751773369052 | 间接依赖 | go |
| github.com/cupcake/rdb | v0.0.0-20130607152045-3454dcabd33c | 间接依赖 | go |
| github.com/twinj/uuid | v0.0.0-20151029044442-89173bcdda19 | 直接依赖 | go |
| github.com/pmezard/go-difflib | v1.0.0 | 直接依赖 | go |
| gopkg.in/olivere/elastic.v3 | v3.0.56 | 直接依赖 | go |