基础信息
项目名称:genuinetools/reg
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1718069825985183744/1718069826538831872
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| 低危 | ||||
| Libcontainer和Docker Engine 权限许可和访问控制漏洞 | 在文件访问前对链接解析不恰当(链接跟随) | MPS-2015-2409 | CVE-2015-3627 | 高危 |
| Docker Engine 权限许可和访问控制漏洞 | 权限、特权和访问控制 | MPS-2015-2412 | CVE-2015-3631 | 低危 |
| runc 操作系统命令注入漏洞 | OS命令注入 | MPS-2019-1548 | CVE-2019-5736 | 高危 |
| containerd CRI stream server 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-1898 | CVE-2022-23471 | 中危 |
| Google Golang 资源管理错误漏洞 | MPS-2022-58307 | CVE-2022-41723 | 高危 | |
| runc 权限许可和访问控制问题漏洞 | 缺省权限不正确 | MPS-2022-8563 | CVE-2022-29162 | 高危 |
| Google Go 权限许可和访问控制问题漏洞 | 权限管理不当 | MPS-2022-9049 | CVE-2022-29526 | 中危 |
| containerd 安全漏洞 | 不加限制或调节的资源分配 | MPS-2023-3769 | CVE-2023-25153 | 中危 |
| containerd容器内文件权限机制实现不当 | 将用户置入不正确的用户组 | MPS-2023-3789 | CVE-2023-25173 | 中危 |
| runc | 访问控制不当 | MPS-2023-8507 | CVE-2023-28642 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/opencontainers/runc | v0.1.1 | 1.1.5 | 间接依赖 | 建议修复 |
| golang.org/x/net | v0.0.0-20190311183353-d8887717615a | 0.17.0 | 直接依赖 | 建议修复 |
| github.com/docker/docker | v1.4.2-0.20190916154449-92cc603036dd | 1.6.1 | 直接依赖 | 建议修复 |
| github.com/containerd/containerd | v1.2.9 | 1.5.18 | 间接依赖 | 可选修复 |
| golang.org/x/sys | v0.0.0-20190215142949-d0b11bdaac8a | 0.1.0 | 直接依赖 | 可选修复 |
| golang.org/x/sys | v0.0.0-20190507160741-ecd444e8653b | 0.1.0 | 直接依赖 | 可选修复 |
| golang.org/x/sys | v0.0.0-20190422165155-953cdadca894 | 0.1.0 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 18 | 低 |
| Apache-2.0 | 18 | 低 |
| BSD-3-Clause | 15 | 低 |
| BSD-2-Clause | 1 | 低 |
| ISC | 1 | 低 |
| CC-BY-SA-4.0 | 1 | 中 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/Microsoft/go-winio | v0.4.14 | 间接依赖 | go |
| github.com/golang/glog | v0.0.0-20160126235308-23def4e6c14b | 直接依赖 | go |
| github.com/deckarep/golang-set | v1.7.1 | 间接依赖 | go |
| github.com/docker/distribution | v2.7.1+incompatible | 直接依赖 | go |
| gotest.tools | v2.2.0+incompatible | 间接依赖 | go |
| github.com/opencontainers/image-spec | v1.0.1 | 间接依赖 | go |
| github.com/Azure/go-ansiterm | v0.0.0-20170929234023-d6e3b3328b78 | 间接依赖 | go |
| golang.org/x/tools | v0.0.0-20190524140312-2c0ae7006135 | 直接依赖 | go |
| github.com/opencontainers/runc | v0.1.1 | 间接依赖 | go |
| github.com/pkg/errors | v0.8.1 | 直接依赖 | go |
| golang.org/x/sys | v0.0.0-20190422165155-953cdadca894 | 直接依赖 | go |
| golang.org/x/time | v0.0.0-20190308202827-9d24e82272b4 | 间接依赖 | go |
| github.com/genuinetools/pkg | v0.0.0-20181022210355-2fcf164d37cb | 直接依赖 | go |
| github.com/docker/cli | v0.0.0-20190913211141-95327f4e6241 | 直接依赖 | go |
| github.com/gorilla/mux | v1.7.3 | 直接依赖 | go |
| github.com/Microsoft/hcsshim | v0.8.6 | 间接依赖 | go |
| golang.org/x/oauth2 | v0.0.0-20180821212333-d2e6202438be | 直接依赖 | go |
| github.com/coreos/clair | v2.0.1-0.20190910143208-94150ab1f4ac+incompatible | 直接依赖 | go |
| github.com/peterhellberg/link | v1.0.0 | 直接依赖 | go |
| cloud.google.com/go | v0.26.0 | 间接依赖 | go |
| github.com/fernet/fernet-go | v0.0.0-20180830025343-9eac43b88a5e | 间接依赖 | go |
| github.com/google/go-cmp | v0.3.1 | 直接依赖 | go |
| github.com/client9/misspell | v0.3.4 | 直接依赖 | go |
| github.com/gogo/protobuf | v1.3.0 | 间接依赖 | go |
| github.com/docker/go-units | v0.4.0 | 间接依赖 | go |
| google.golang.org/grpc | v1.23.1 | 直接依赖 | go |
| golang.org/x/lint | v0.0.0-20190313153728-d0100b6bd8b3 | 直接依赖 | go |
| github.com/docker/docker | v1.4.2-0.20190916154449-92cc603036dd | 直接依赖 | go |
| github.com/mitchellh/go-wordwrap | v1.0.0 | 直接依赖 | go |
| github.com/konsorten/go-windows-terminal-sequences | v1.0.1 | 直接依赖 | go |
| golang.org/x/net | v0.0.0-20190311183353-d8887717615a | 直接依赖 | go |
| github.com/BurntSushi/toml | v0.3.1 | 间接依赖 | go |
| github.com/docker/docker-credential-helpers | v0.6.3 | 间接依赖 | go |
| github.com/sirupsen/logrus | v1.4.2 | 直接依赖 | go |
| golang.org/x/sys | v0.0.0-20190507160741-ecd444e8653b | 直接依赖 | go |
| github.com/golang/mock | v1.1.1 | 直接依赖 | go |
| github.com/stretchr/testify | v1.2.2 | 直接依赖 | go |
| golang.org/x/sys | v0.0.0-20190215142949-d0b11bdaac8a | 直接依赖 | go |
| github.com/morikuni/aec | v0.0.0-20170113033406-39771216ff4c | 间接依赖 | go |
| github.com/pmezard/go-difflib | v1.0.0 | 间接依赖 | go |
| github.com/golang/protobuf | v1.2.0 | 直接依赖 | go |
| github.com/containerd/containerd | v1.2.9 | 间接依赖 | go |
| github.com/google/go-cmp | v0.2.0 | 直接依赖 | go |
| github.com/grpc-ecosystem/grpc-gateway | v1.11.1 | 间接依赖 | go |
| github.com/sirupsen/logrus | v1.4.1 | 直接依赖 | go |
| github.com/docker/go-connections | v0.4.0 | 间接依赖 | go |
| google.golang.org/appengine | v1.1.0 | 间接依赖 | go |
| github.com/davecgh/go-spew | v1.1.1 | 间接依赖 | go |
| github.com/stretchr/objx | v0.1.1 | 间接依赖 | go |
| github.com/docker/libtrust | v0.0.0-20160708172513-aabc10ec26b7 | 间接依赖 | go |
| github.com/containerd/continuity | v0.0.0-20190827140505-75bee3e2ccb6 | 间接依赖 | go |
| github.com/shurcooL/httpfs | v0.0.0-20190707220628-8d4bc4ba7749 | 直接依赖 | go |
| google.golang.org/genproto | v0.0.0-20180817151627-c66870c02cf8 | 直接依赖 | go |
| github.com/opencontainers/go-digest | v1.0.0-rc1 | 直接依赖 | go |
| honnef.co/go/tools | v0.0.0-20190523083050-ea95bdfd59fc | 直接依赖 | go |