基础信息
项目名称:kplcloud/kplcloud
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1719540693911339008/1719540694599204864
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| jwt-go 安全漏洞 | 授权检查缺失 | MPS-2020-13786 | CVE-2020-26160 | 高危 |
| Gorilla Websocket 资源管理错误漏洞 | 拒绝服务 | MPS-2020-16819 | CVE-2020-27813 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/gorilla/websocket | v1.4.0 | 1.4.1 | 间接依赖 | 建议修复 |
| github.com/dgrijalva/jwt-go | v3.2.0+incompatible | 4.0.0-preview1 | 直接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| CC-BY-SA-4.0 | 1 | 中 |
| Apache-2.0 | 11 | 低 |
| MPL-2.0 | 2 | 低 |
| BSD-3-Clause | 14 | 低 |
| MIT | 13 | 低 |
| BSD-2-Clause | 6 | 低 |
| ISC | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/docker/spdystream | v0.0.0-20181023171402-6480d4af844c | 间接依赖 | go |
| github.com/prometheus/client_golang | v1.3.0 | 直接依赖 | go |
| github.com/go-sql-driver/mysql | v1.5.0 | 直接依赖 | go |
| github.com/gorilla/mux | v1.7.3 | 直接依赖 | go |
| golang.org/x/oauth2 | v0.0.0-20190226205417-e64efc72b421 | 直接依赖 | go |
| github.com/spf13/cobra | v0.0.5 | 直接依赖 | go |
| github.com/elazarl/goproxy | v0.0.0-20190703090003-6125c262ffb0 | 间接依赖 | go |
| github.com/lestrrat-go/file-rotatelogs | v2.2.0+incompatible | 直接依赖 | go |
| github.com/fastly/go-utils | v0.0.0-20180712184237-d95a45783239 | 间接依赖 | go |
| github.com/jtblin/go-ldap-client | v0.0.0-20170223121919-b73f66626b33 | 直接依赖 | go |
| github.com/googleapis/gnostic | v0.3.0 | 间接依赖 | go |
| k8s.io/client-go | v0.0.0-20180521144600-29ae1f00c3d8 | 直接依赖 | go |
| gopkg.in/guregu/null.v3 | v3.4.0 | 直接依赖 | go |
| github.com/icowan/redis-client | v0.1.3 | 直接依赖 | go |
| github.com/jinzhu/gorm | v1.9.16 | 直接依赖 | go |
| github.com/dgrijalva/jwt-go | v3.2.0+incompatible | 直接依赖 | go |
| github.com/hashicorp/consul/api | v1.3.0 | 直接依赖 | go |
| github.com/PuerkitoBio/goquery | v1.5.1 | 直接依赖 | go |
| gopkg.in/igm/sockjs-go.v2 | v2.0.1 | 直接依赖 | go |
| k8s.io/apimachinery | v0.0.0-20180515182440-31dade610c05 | 直接依赖 | go |
| gopkg.in/inf.v0 | v0.9.1 | 间接依赖 | go |
| golang.org/x/crypto | v0.0.0-20191205180655-e7c4368fe9dd | 直接依赖 | go |
| k8s.io/api | v0.0.0-20180521142803-feb48db456a5 | 直接依赖 | go |
| github.com/casbin/casbin | v1.9.1 | 直接依赖 | go |
| github.com/google/go-github/v26 | v26.1.3 | 直接依赖 | go |
| github.com/icowan/mysql-client | v0.1.0 | 直接依赖 | go |
| github.com/yijizhichang/wechat-sdk | v0.1.3 | 直接依赖 | go |
| github.com/kplcloud/request | v0.2.1 | 直接依赖 | go |
| github.com/go-kit/kit | v0.10.0 | 直接依赖 | go |
| gopkg.in/ldap.v2 | v2.5.1 | 间接依赖 | go |
| github.com/gorilla/websocket | v1.4.0 | 间接依赖 | go |
| github.com/streadway/amqp | v0.0.0-20190827072141-edfb9018d271 | 直接依赖 | go |
| github.com/casbin/gorm-adapter | v0.0.0-20190623160500-9d922cc6a7c5 | 直接依赖 | go |
| golang.org/x/time | v0.0.0-20191024005414-555d28b269f0 | 直接依赖 | go |
| github.com/go-redis/redis | v6.15.9+incompatible | 直接依赖 | go |
| github.com/ghodss/yaml | v1.0.0 | 直接依赖 | go |
| gopkg.in/asn1-ber.v1 | v1.0.0-20181015200546-f715ec2f112d | 间接依赖 | go |
| github.com/jehiah/go-strftime | v0.0.0-20171201141054-1d33003b3869 | 间接依赖 | go |
| github.com/icowan/config | v0.0.0-20200926110528-b95deb7acc31 | 直接依赖 | go |
| github.com/xanzy/go-gitlab | v0.18.0 | 直接依赖 | go |
| github.com/pkg/errors | v0.8.1 | 直接依赖 | go |
| github.com/imdario/mergo | v0.3.7 | 间接依赖 | go |
| github.com/tebeka/strftime | v0.1.3 | 间接依赖 | go |
| github.com/elazarl/goproxy/ext | v0.0.0-20190703090003-6125c262ffb0 | 间接依赖 | go |
| gopkg.in/yaml.v2 | v2.3.0 | 直接依赖 | go |
| github.com/lestrrat-go/strftime | v0.0.0-20190725011945-5c849dd2c51d | 间接依赖 | go |
| github.com/igm/sockjs-go | v2.0.1+incompatible | 间接依赖 | go |
| github.com/google/uuid | v1.1.1 | 直接依赖 | go |
| github.com/howeyc/gopass | v0.0.0-20170109162249-bf9dde6d0d2c | 间接依赖 | go |