基础信息
项目名称:chrislemke/ChatFred
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1716661658076184576/1716661659229618176
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Gin 安全漏洞 | 下载代码缺少完整性检查 | MPS-2023-9711 | CVE-2023-29401 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/gin-gonic/gin | v1.9.0 | 1.9.1 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 20 | 低 |
| MIT | 22 | 低 |
| BSD-3-Clause | 14 | 低 |
| 自定义许可证 | 12 | 低 |
| BSD-2-Clause | 3 | 低 |
| MPL-2.0 | 2 | 低 |
| GPL-3.0-or-later | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| random_string | 间接依赖 | pip | |
| abstractmethod | 间接依赖 | pip | |
| cloud.google.com/go/iam | v1.0.0 | 间接依赖 | go |
| deque | 间接依赖 | pip | |
| github.com/spf13/jwalterweatherman | v1.1.0 | 间接依赖 | go |
| github.com/mattn/go-isatty | v0.0.18 | 间接依赖 | go |
| is_coroutine | 间接依赖 | pip | |
| Enum | 间接依赖 | pip | |
| URL | 间接依赖 | pip | |
| Path | 间接依赖 | pip | |
| Always | 间接依赖 | pip | |
| frozenlist | 间接依赖 | pip | |
| WeakValueDictionary | 间接依赖 | pip | |
| Dict | 间接依赖 | pip | |
| parse_qs | 间接依赖 | pip | |
| github.com/spf13/cobra | v1.7.0 | 间接依赖 | go |
| Deque | 间接依赖 | pip | |
| is_windows | 间接依赖 | pip | |
| BaseCookie | 间接依赖 | pip | |
| ETag | 间接依赖 | pip | |
| but | 间接依赖 | pip | |
| Decimal | 间接依赖 | pip | |
| IPv4Address | 间接依赖 | pip | |
| asynccontextmanager | 间接依赖 | pip | |
| DeletableAPIResource | 间接依赖 | pip | |
| github.com/mitchellh/mapstructure | v1.5.0 | 间接依赖 | go |
| StreamConsumed | 间接依赖 | pip | |
| github.com/leodido/go-urn | v1.2.3 | 间接依赖 | go |
| field | 间接依赖 | pip | |
| Popen | 间接依赖 | pip | |
| Optional | 间接依赖 | pip | |
| Image | 间接依赖 | pip | |
| main | 间接依赖 | pip | |
| github.com/ugorji/go/codec | v1.2.11 | 间接依赖 | go |
| NetworkBackend | 间接依赖 | pip | |
| NetworkStream | 间接依赖 | pip | |
| util | 间接依赖 | pip | |
| plumbum | 间接依赖 | pip | |
| Representation | 间接依赖 | pip | |
| BaseCommand | 间接依赖 | pip | |
| AbstractAccessLogger | 间接依赖 | pip | |
| golang.org/x/crypto | v0.8.0 | 间接依赖 | go |
| google.golang.org/protobuf | v1.30.0 | 间接依赖 | go |
| MultiMapping | 间接依赖 | pip | |
| api_requestor | 间接依赖 | pip | |
| github.com/go-playground/validator/v10 | v10.12.0 | 间接依赖 | go |
| dataclass | 间接依赖 | pip | |
| contextmanager | 间接依赖 | pip | |
| __version__ | 间接依赖 | pip | |
| github.com/go-playground/universal-translator | v0.18.1 | 间接依赖 | go |
| ProcessLineTimedOut | 间接依赖 | pip | |
| github.com/wangjia184/sortedset | v0.0.0-20220209072355-af6d6d227aa7 | 间接依赖 | go |
| abspath | 间接依赖 | pip | |
| TYPE_CHECKING | 间接依赖 | pip | |
| ETAG_ANY | 间接依赖 | pip | |
| github.com/sirupsen/logrus | v1.9.0 | 间接依赖 | go |
| FunctionType | 间接依赖 | pip | |
| flet_core | 间接依赖 | pip | |
| urlsplit | 间接依赖 | pip | |
| Levenshtein | 间接依赖 | pip | |
| flet_runtime | 间接依赖 | pip | |
| github.com/gosimple/unidecode | v1.0.1 | 间接依赖 | go |
| commas | 间接依赖 | pip | |
| ascii_letters | 间接依赖 | pip | |
| BinaryIO | 间接依赖 | pip | |
| Request | 间接依赖 | pip | |
| WeakKeyDictionary | 间接依赖 | pip | |
| github.com/gin-gonic/contrib | v0.0.0-20221130124618-7e01895a63f2 | 间接依赖 | go |
| Event | 间接依赖 | pip | |
| github.com/gosimple/slug | v1.13.1 | 间接依赖 | go |
| iter_lines | 间接依赖 | pip | |
| SOCKET_OPTION | 间接依赖 | pip | |
| Hashable | 间接依赖 | pip | |
| SimpleCookie | 间接依赖 | pip | |
| Response | 间接依赖 | pip | |
| INFO | 间接依赖 | pip | |
| cell_magic | 间接依赖 | pip | |
| Environment | 间接依赖 | pip | |
| poolmanager | 间接依赖 | pip | |
| github.com/gin-gonic/gin | v1.9.0 | 间接依赖 | go |
| PathLike | 间接依赖 | pip | |
| IsDone | 间接依赖 | pip | |
| ConcreteCommand | 间接依赖 | pip | |
| github.com/flet-dev/flet/server | (devel) | 间接依赖 | go |
| openai | 间接依赖 | pip | |
| List | 间接依赖 | pip | |
| Border | 间接依赖 | pip | |
| CommandNotFound | 间接依赖 | pip | |
| Union | 间接依赖 | pip | |
| MutableMultiMapping | 间接依赖 | pip | |
| HeaderTypes | 间接依赖 | pip | |
| normalize_icon_type | 间接依赖 | pip | |
| AbstractSet | 间接依赖 | pip | |
| github.com/googleapis/gax-go/v2 | v2.8.0 | 间接依赖 | go |
| golang.org/x/sys | v0.7.0 | 间接依赖 | go |
| cast | 间接依赖 | pip | |
| Iterable | 间接依赖 | pip | |
| Magics | 间接依赖 | pip | |
| github.com/google/uuid | v1.3.0 | 间接依赖 | go |
| golang.org/x/net | v0.9.0 | 间接依赖 | go |
| colormasks | 间接依赖 | pip | |
| qrcode | 间接依赖 | pip | |
| partialmethod | 间接依赖 | pip | |
| FSUser | 间接依赖 | pip | |
| get_package_web_dir | 间接依赖 | pip | |
| Origin | 间接依赖 | pip | |
| github.com/hashicorp/hcl | v1.0.0 | 间接依赖 | go |
| NamedTuple | 间接依赖 | pip | |
| Handler | 间接依赖 | pip | |
| quote | 间接依赖 | pip | |
| cloud.google.com/go/compute/metadata | v0.2.3 | 间接依赖 | go |
| AnyStr | 间接依赖 | pip | |
| gopkg.in/ini.v1 | v1.67.0 | 间接依赖 | go |
| IPv4Interface | 间接依赖 | pip | |
| AsyncNetworkStream | 间接依赖 | pip | |
| ProcessExecutionError | 间接依赖 | pip | |
| github.com/google/go-cmp | v0.5.9 | 间接依赖 | go |
| CIMultiDict | 间接依赖 | pip | |
| ascii_lowercase | 间接依赖 | pip | |
| golang.org/x/text | v0.9.0 | 间接依赖 | go |
| Any | 间接依赖 | pip | |
| contents | 间接依赖 | pip | |
| AbstractStreamWriter | 间接依赖 | pip | |
| md5 | 间接依赖 | pip | |
| is_within_directory | 间接依赖 | pip | |
| golang.org/x/oauth2 | v0.7.0 | 间接依赖 | go |
| MutableMapping | 间接依赖 | pip | |
| encodings | 间接依赖 | pip | |
| github.com/spf13/viper | v1.15.0 | 间接依赖 | go |
| LANGUAGE_SUPPORTED_COUNT | 间接依赖 | pip | |
| github.com/spf13/pflag | v1.0.5 | 间接依赖 | go |
| DEBUG | 间接依赖 | pip | |
| AsyncIterable | 间接依赖 | pip | |
| date | 间接依赖 | pip | |
| go.opencensus.io | v0.24.0 | 间接依赖 | go |
| partial | 间接依赖 | pip | |
| github.com/gorilla/websocket | v1.5.0 | 间接依赖 | go |
| shquote | 间接依赖 | pip | |
| github.com/go-playground/locales | v0.14.1 | 间接依赖 | go |
| AsyncNetworkBackend | 间接依赖 | pip | |
| error | 间接依赖 | pip | |
| Mapping | 间接依赖 | pip | |
| moduledrawers | 间接依赖 | pip | |
| chain | 间接依赖 | pip | |
| islice | 间接依赖 | pip | |
| LUT | 间接依赖 | pip | |
| KO_NAMES | 间接依赖 | pip | |
| update_not_none | 间接依赖 | pip | |
| Awaitable | 间接依赖 | pip | |
| UpdateableAPIResource | 间接依赖 | pip | |
| where | 间接依赖 | pip | |
| PIPE | 间接依赖 | pip | |
| decorator | 间接依赖 | pip | |
| update_wrapper | 间接依赖 | pip | |
| CookieJar | 间接依赖 | pip | |
| base | 间接依赖 | pip | |
| sha1 | 间接依赖 | pip | |
| CompleteEvent | 间接依赖 | pip | |
| DefaultSelector | 间接依赖 | pip | |
| ImageDraw | 间接依赖 | pip | |
| a | 间接依赖 | pip | |
| BorderSide | 间接依赖 | pip | |
| github.com/golang/groupcache | v0.0.0-20210331224755-41bb18bfe9da | 间接依赖 | go |
| google.golang.org/api | v0.120.0 | 间接依赖 | go |
| github.com/google/s2a-go | v0.1.2 | 间接依赖 | go |
| github.com/spf13/afero | v1.9.5 | 间接依赖 | go |
| CIMultiDictProxy | 间接依赖 | pip | |
| Tuple | 间接依赖 | pip | |
| github.com/subosito/gotenv | v1.4.2 | 间接依赖 | go |
| Type | 间接依赖 | pip | |
| Completion | 间接依赖 | pip | |
| Iterator | 间接依赖 | pip | |
| questionary | 间接依赖 | pip | |
| prompt_toolkit | 间接依赖 | pip | |
| ABC | 间接依赖 | pip | |
| OrderedDict | 间接依赖 | pip | |
| google.golang.org/genproto | v0.0.0-20230410155749-daa745c078e1 | 间接依赖 | go |
| urlencode | 间接依赖 | pip | |
| EVENT_READ | 间接依赖 | pip | |
| Callable | 间接依赖 | pip | |
| github.com/googleapis/enterprise-certificate-proxy | v0.2.3 | 间接依赖 | go |
| Cookie | 间接依赖 | pip | |
| google.golang.org/grpc | v1.54.0 | 间接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.1 | 间接依赖 | go |
| colors | 间接依赖 | pip | |
| _Quoter | 间接依赖 | pip | |
| select_autoescape | 间接依赖 | pip | |
| github.com/rifflock/lfshook | v0.0.0-20180920164130-b9218ef580f5 | 间接依赖 | go |
| Generator | 间接依赖 | pip | |
| defaultdict | 间接依赖 | pip | |
| github.com/gomodule/redigo | v1.8.9 | 间接依赖 | go |
| cloud.google.com/go/secretmanager | v1.10.0 | 间接依赖 | go |
| AsyncIterator | 间接依赖 | pip | |
| wraps | 间接依赖 | pip | |
| IconFile | 间接依赖 | pip | |
| exceptions | 间接依赖 | pip | |
| local | 间接依赖 | pip | |
| closing | 间接依赖 | pip | |
| github.com/golang/protobuf | v1.5.3 | 间接依赖 | go |
| basename | 间接依赖 | pip | |
| parse_qsl | 间接依赖 | pip | |
| run_proc | 间接依赖 | pip | |
| github.com/spf13/cast | v1.5.0 | 间接依赖 | go |
| prepare_class | 间接依赖 | pip | |
| Sequence | 间接依赖 | pip | |
| github.com/magiconair/properties | v1.8.7 | 间接依赖 | go |
| is_macos | 间接依赖 | pip | |
| google.golang.org/appengine | v1.6.7 | 间接依赖 | go |
| Thread | 间接依赖 | pip | |
| github.com/fsnotify/fsnotify | v1.6.0 | 间接依赖 | go |
| Morsel | 间接依赖 | pip | |
| ListableAPIResource | 间接依赖 | pip | |
| _Unquoter | 间接依赖 | pip | |
| unquote | 间接依赖 | pip | |
| StreamClosed | 间接依赖 | pip | |
| github.com/pelletier/go-toml/v2 | v2.0.7 | 间接依赖 | go |
| urlparse | 间接依赖 | pip | |
| constants | 间接依赖 | pip | |
| github.com/gin-contrib/sse | v0.1.0 | 间接依赖 | go |
| IntFlag | 间接依赖 | pip | |
| CertTypes | 间接依赖 | pip | |
| InvalidOperation | 间接依赖 | pip |