基础信息
项目名称:dragonflyoss/Dragonfly
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1717287476380090368/1717287476417839104
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| 低危 | ||||
| fasthttp 安全漏洞 | 路径遍历 | MPS-2022-5051 | CVE-2022-21221 | 高危 |
| Google Golang 资源管理错误漏洞 | MPS-2022-58307 | CVE-2022-41723 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/valyala/fasthttp | v1.3.0 | 1.34.0 | 直接依赖 | 建议修复 |
| golang.org/x/net | v0.0.0-20190620200207-3b0461eec859 | 0.17.0 | 间接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 10 | 低 |
| Apache-2.0 | 17 | 低 |
| MIT | 13 | 低 |
| BSD-2-Clause | 7 | 低 |
| ISC | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/gorilla/schema | v1.1.0 | 直接依赖 | go |
| github.com/prometheus/client_golang | v0.9.3 | 直接依赖 | go |
| github.com/prashantv/gostub | v1.0.0 | 直接依赖 | go |
| github.com/stretchr/testify | v1.3.0 | 直接依赖 | go |
| github.com/openacid/low | v0.1.10 | 直接依赖 | go |
| github.com/HuKeping/rbtree | v0.0.0-20200208030951-29f0b79e84ed | 直接依赖 | go |
| github.com/sirupsen/logrus | v1.2.0 | 直接依赖 | go |
| gopkg.in/yaml.v2 | v2.2.8 | 直接依赖 | go |
| github.com/mitchellh/mapstructure | v1.1.2 | 直接依赖 | go |
| github.com/go-check/check | v0.0.0-20161208181325-20d25e280405 | 直接依赖 | go |
| github.com/go-openapi/jsonreference | v0.0.0-20161105162150-36d33bfe519e | 间接依赖 | go |
| github.com/go-openapi/runtime | v0.0.0-20170901133030-bf2ff8f71507 | 间接依赖 | go |
| gopkg.in/gcfg.v1 | v1.2.3 | 直接依赖 | go |
| github.com/go-openapi/strfmt | v0.0.0-20171222154016-4dd3d302e100 | 直接依赖 | go |
| github.com/asaskevich/govalidator | v0.0.0-20170903095215-73945b6115bf | 间接依赖 | go |
| github.com/mailru/easyjson | v0.0.0-20170902151237-2a92e673c9a6 | 间接依赖 | go |
| github.com/go-openapi/swag | v0.0.0-20170606142751-f3f9494671f9 | 直接依赖 | go |
| github.com/willf/bitset | v0.0.0-20190228212526-18bd95f470f9 | 直接依赖 | go |
| github.com/spf13/cobra | v0.0.0-20181021141114-fe5e611709b0 | 直接依赖 | go |
| github.com/go-openapi/analysis | v0.0.0-20170813233457-8ed83f2ea9f0 | 间接依赖 | go |
| github.com/russross/blackfriday | v0.0.0-20171011182219-6d1ef893fcb0 | 间接依赖 | go |
| gopkg.in/natefinch/lumberjack.v2 | v2.0.0 | 直接依赖 | go |
| github.com/pborman/uuid | v0.0.0-20180122190007-c65b2f87fee3 | 直接依赖 | go |
| github.com/golang/mock | v1.4.0 | 直接依赖 | go |
| github.com/spf13/viper | v1.4.0 | 直接依赖 | go |
| golang.org/x/net | v0.0.0-20190620200207-3b0461eec859 | 间接依赖 | go |
| github.com/gorilla/mux | v1.5.0 | 直接依赖 | go |
| github.com/go-openapi/jsonpointer | v0.0.0-20170102174223-779f45308c19 | 间接依赖 | go |
| github.com/go-openapi/spec | v0.0.0-20170811033243-3faa0055dbbf | 间接依赖 | go |
| github.com/go-openapi/validate | v0.0.0-20170705144413-8a82927c942c | 直接依赖 | go |
| golang.org/x/crypto | v0.0.0-20191011191535-87dc89f01550 | 间接依赖 | go |
| gopkg.in/mgo.v2 | v2.0.0-20160818020120-3f83fa500528 | 间接依赖 | go |
| github.com/magiconair/properties | v1.8.1 | 间接依赖 | go |
| github.com/cpuguy83/go-md2man | v1.0.7 | 间接依赖 | go |
| github.com/pkg/errors | v0.8.0 | 直接依赖 | go |
| github.com/PuerkitoBio/purell | v0.0.0-20170829232023-f619812e3caf | 间接依赖 | go |
| github.com/go-openapi/loads | v0.0.0-20170520182102-a80dea3052f0 | 间接依赖 | go |
| github.com/inconshreveable/mousetrap | v1.0.0 | 间接依赖 | go |
| github.com/valyala/fasthttp | v1.3.0 | 直接依赖 | go |
| github.com/spf13/afero | v1.2.2 | 直接依赖 | go |
| github.com/go-openapi/errors | v0.0.0-20170426151106-03cfca65330d | 直接依赖 | go |
| github.com/golang/groupcache | v0.0.0-20190129154638-5b532d6fd5ef | 直接依赖 | go |
| github.com/PuerkitoBio/urlesc | v0.0.0-20170810143723-de5bf2ad4578 | 间接依赖 | go |
| github.com/gorilla/context | v0.0.0-20181012153548-51ce91d2eadd | 间接依赖 | go |
| gopkg.in/warnings.v0 | v0.1.2 | 直接依赖 | go |
| github.com/spf13/jwalterweatherman | v1.1.0 | 间接依赖 | go |
| github.com/emirpasic/gods | v1.12.0 | 直接依赖 | go |