基础信息
项目名称:dalonghahaha/Asgard
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1717016995672408064/1717016995999563776
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Gin-Gonic Gin 环境问题漏洞 | HTTP请求走私 | MPS-2021-5932 | CVE-2020-28483 | 高危 |
| github.com/gin-gonic/gin 存在日志输出的转义处理不恰当漏洞 | 日志输出的转义处理不恰当 | MPS-2022-13361 | 中危 | |
| gin 存在安全漏洞 | 注入 | MPS-2022-52767 | CVE-2020-36567 | 中危 |
| Google Go 权限许可和访问控制问题漏洞 | 权限管理不当 | MPS-2022-9049 | CVE-2022-29526 | 中危 |
| Gin-Gonic Gin 输入验证错误漏洞 | 输入验证不恰当 | MPS-2023-5119 | CVE-2023-26125 | 高危 |
| Gin 安全漏洞 | 下载代码缺少完整性检查 | MPS-2023-9711 | CVE-2023-29401 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/gin-gonic/gin | v1.5.0 | 1.9.1 | 直接依赖 | 建议修复 |
| golang.org/x/sys | v0.0.0-20200523222454-059865788121 | 0.1.0 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 19 | 低 |
| BSD-3-Clause | 12 | 低 |
| Apache-2.0 | 8 | 低 |
| Unlicense | 1 | 低 |
| BSD-2-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/patrickmn/go-cache | v2.1.0+incompatible | 直接依赖 | go |
| github.com/json-iterator/go | v1.1.9 | 间接依赖 | go |
| github.com/fsnotify/fsnotify | v1.4.9 | 间接依赖 | go |
| sigs.k8s.io/yaml | v1.2.0 | 间接依赖 | go |
| github.com/coreos/etcd | v3.3.18+incompatible | 直接依赖 | go |
| github.com/foolin/goview | v0.2.0 | 直接依赖 | go |
| go.uber.org/zap | v1.13.0 | 间接依赖 | go |
| github.com/go-ole/go-ole | v1.2.4 | 间接依赖 | go |
| github.com/golang/groupcache | v0.0.0-20191227052852-215e87163ea7 | 间接依赖 | go |
| github.com/dalonghahaha/avenger | v0.0.0-20200529073728-6d3abb1db7e1 | 直接依赖 | go |
| github.com/pelletier/go-toml | v1.8.0 | 间接依赖 | go |
| github.com/spf13/jwalterweatherman | v1.1.0 | 间接依赖 | go |
| github.com/grpc-ecosystem/go-grpc-middleware | v1.1.0 | 直接依赖 | go |
| gopkg.in/ini.v1 | v1.57.0 | 间接依赖 | go |
| github.com/shirou/gopsutil | v2.19.11+incompatible | 直接依赖 | go |
| golang.org/x/crypto | v0.0.0-20191011191535-87dc89f01550 | 间接依赖 | go |
| github.com/golang/protobuf | v1.3.2 | 直接依赖 | go |
| github.com/coreos/go-systemd | v0.0.0-20191104093116-d3cd4ed1dbcf | 间接依赖 | go |
| github.com/spf13/viper | v1.7.0 | 直接依赖 | go |
| github.com/grpc-ecosystem/grpc-gateway | v1.12.1 | 间接依赖 | go |
| github.com/sirupsen/logrus | v1.6.0 | 间接依赖 | go |
| github.com/gogo/protobuf | v1.3.1 | 间接依赖 | go |
| google.golang.org/grpc | v1.26.0 | 直接依赖 | go |
| golang.org/x/sys | v0.0.0-20200523222454-059865788121 | 间接依赖 | go |
| github.com/logrusorgru/aurora | v0.0.0-20200102142835-e9ef32dff381 | 间接依赖 | go |
| github.com/gin-gonic/gin | v1.5.0 | 直接依赖 | go |
| github.com/prometheus/client_golang | v1.3.0 | 间接依赖 | go |
| github.com/robfig/cron/v3 | v3.0.0 | 直接依赖 | go |
| go.etcd.io/bbolt | v1.3.3 | 间接依赖 | go |
| github.com/mitchellh/mapstructure | v1.3.1 | 间接依赖 | go |
| github.com/google/uuid | v1.1.1 | 间接依赖 | go |
| github.com/spf13/pflag | v1.0.5 | 间接依赖 | go |
| github.com/spf13/cobra | v0.0.5 | 直接依赖 | go |
| github.com/spf13/cast | v1.3.1 | 间接依赖 | go |
| golang.org/x/time | v0.0.0-20191024005414-555d28b269f0 | 间接依赖 | go |
| github.com/StackExchange/wmi | v0.0.0-20190523213315-cbe66965904d | 间接依赖 | go |
| github.com/jinzhu/gorm | v1.9.11 | 直接依赖 | go |
| github.com/coreos/bbolt | v1.3.3 | 间接依赖 | go |
| github.com/shirou/w32 | v0.0.0-20160930032740-bb4de0191aa4 | 间接依赖 | go |
| github.com/stretchr/testify | v1.5.1 | 间接依赖 | go |
| github.com/go-redis/redis/v7 | v7.2.0 | 间接依赖 | go |