基础信息
项目名称:aws/aws-app-mesh-examples
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1720808394562387968/1720808394633691136
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| gunicorn 存在HTTP请求的解释不一致性(HTTP请求私运)漏洞 | HTTP请求走私 | MPS-2022-14935 | 中危 | |
| Google Golang 资源管理错误漏洞 | 拒绝服务 | MPS-c8am-hbny | CVE-2023-39325 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| golang.org/x/net | v0.7.0 | 0.17.0 | 直接依赖 | 可选修复 |
| golang.org/x/net | v0.12.0 | 0.17.0 | 间接依赖 | 可选修复 |
| gunicorn | 19.9.0 | 19.10.0 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 68 | 低 |
| BSD-3-Clause | 13 | 低 |
| MIT | 13 | 低 |
| ISC | 1 | 低 |
| 0BSD | 1 | 低 |
| BSD-2-Clause | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| @aws-sdk/util-buffer-from | 3.310.0 | 间接依赖 | npm |
| github.com/DATA-DOG/go-sqlmock | v1.3.3 | 间接依赖 | go |
| @aws-sdk/util-base64 | 3.310.0 | 间接依赖 | npm |
| @aws-sdk/querystring-parser | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/middleware-retry | 3.347.0 | 间接依赖 | npm |
| github.com/cihub/seelog | v0.0.0-20151216151435-d2c6e5aa9fbf | 间接依赖 | go |
| golang.org/x/net | v0.12.0 | 间接依赖 | go |
| @aws-sdk/shared-ini-file-loader | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/util-defaults-mode-browser | 3.347.0 | 间接依赖 | npm |
| github.com/valyala/fasthttp | v1.44.0 | 间接依赖 | go |
| gopkg.in/yaml.v2 | v2.4.0 | 间接依赖 | go |
| google.golang.org/protobuf | v1.31.0 | 直接依赖 | go |
| @aws-sdk/util-body-length-node | 3.310.0 | 间接依赖 | npm |
| @aws-sdk/util-uri-escape | 3.310.0 | 间接依赖 | npm |
| cfn-response-promise | 1.1.0 | 直接依赖 | npm |
| github.com/klauspost/compress | v1.15.15 | 间接依赖 | go |
| github.com/stretchr/testify | v1.7.0 | 间接依赖 | go |
| bowser | 2.11.0 | 间接依赖 | npm |
| golang.org/x/text | v0.11.0 | 间接依赖 | go |
| @aws-sdk/util-body-length-browser | 3.310.0 | 间接依赖 | npm |
| @aws-sdk/credential-provider-ini | 3.350.0 | 间接依赖 | npm |
| @aws-sdk/node-http-handler | 3.350.0 | 间接依赖 | npm |
| @aws-crypto/util | 3.0.0 | 间接依赖 | npm |
| @aws-sdk/token-providers | 3.350.0 | 间接依赖 | npm |
| strnum | 1.0.5 | 间接依赖 | npm |
| @aws-sdk/smithy-client | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/middleware-serde | 3.347.0 | 间接依赖 | npm |
| gunicorn | 19.9.0 | 间接依赖 | pip |
| @aws-sdk/util-locate-window | 3.310.0 | 间接依赖 | npm |
| google.golang.org/grpc | v1.56.2 | 直接依赖 | go |
| @smithy/protocol-http | 1.0.1 | 间接依赖 | npm |
| @aws-crypto/sha256-browser | 3.0.0 | 间接依赖 | npm |
| @aws-sdk/util-endpoints | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/util-waiter | 3.347.0 | 间接依赖 | npm |
| github.com/aws/aws-sdk-go | v1.44.209 | 间接依赖 | go |
| @aws-sdk/url-parser | 3.347.0 | 间接依赖 | npm |
| Flask | 间接依赖 | pip | |
| flask | 间接依赖 | pip | |
| @aws-sdk/protocol-http | 3.347.0 | 间接依赖 | npm |
| tslib | 2.5.3 | 间接依赖 | npm |
| @aws-sdk/middleware-endpoint | 3.347.0 | 间接依赖 | npm |
| github.com/valyala/bytebufferpool | v1.0.0 | 间接依赖 | go |
| github.com/aws/aws-xray-sdk-go | v1.6.0 | 直接依赖 | go |
| @aws-sdk/client-sso-oidc | 3.350.0 | 间接依赖 | npm |
| @aws-sdk/util-utf8 | 3.310.0 | 间接依赖 | npm |
| @aws-sdk/eventstream-codec | 3.347.0 | 间接依赖 | npm |
| github.com/stretchr/testify | v1.8.1 | 间接依赖 | go |
| @aws-sdk/middleware-host-header | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/middleware-user-agent | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/property-provider | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/middleware-sdk-sts | 3.347.0 | 间接依赖 | npm |
| github.com/jmespath/go-jmespath | v0.4.0 | 间接依赖 | go |
| @aws-sdk/util-middleware | 3.347.0 | 间接依赖 | npm |
| google.golang.org/genproto | v0.0.0-20230706204954-ccb25ca9f130 | 间接依赖 | go |
| @aws-crypto/ie11-detection | 3.0.0 | 间接依赖 | npm |
| @aws-sdk/middleware-stack | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/abort-controller | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/client-sts | 3.350.0 | 间接依赖 | npm |
| @aws-sdk/credential-provider-web-identity | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/client-sso | 3.350.0 | 间接依赖 | npm |
| golang.org/x/net | v0.7.0 | 直接依赖 | go |
| @aws-sdk/config-resolver | 3.347.0 | 间接依赖 | npm |
| @smithy/types | 1.0.0 | 间接依赖 | npm |
| @aws-sdk/util-hex-encoding | 3.310.0 | 间接依赖 | npm |
| @aws-sdk/querystring-builder | 3.347.0 | 间接依赖 | npm |
| @aws-crypto/supports-web-crypto | 3.0.0 | 间接依赖 | npm |
| @aws-sdk/middleware-content-length | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/service-error-classification | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/fetch-http-handler | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/credential-provider-imds | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/credential-provider-sso | 3.350.0 | 间接依赖 | npm |
| @aws-sdk/util-utf8-browser | 3.259.0 | 间接依赖 | npm |
| @aws-sdk/util-user-agent-browser | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/credential-provider-node | 3.350.0 | 间接依赖 | npm |
| @aws-crypto/sha256-js | 3.0.0 | 间接依赖 | npm |
| @aws-sdk/signature-v4 | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/credential-provider-process | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/credential-provider-env | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/util-config-provider | 3.310.0 | 间接依赖 | npm |
| golang.org/x/sys | v0.10.0 | 间接依赖 | go |
| @aws-sdk/is-array-buffer | 3.310.0 | 间接依赖 | npm |
| requirements.txt | 间接依赖 | pip | |
| github.com/pkg/errors | v0.9.1 | 直接依赖 | go |
| fast-xml-parser | 4.2.4 | 间接依赖 | npm |
| @aws-crypto/crc32 | 3.0.0 | 间接依赖 | npm |
| github.com/aws/aws-xray-sdk-go | v0.9.4 | 直接依赖 | go |
| @aws-sdk/invalid-dependency | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/types | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/node-config-provider | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/middleware-logger | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/client-app-mesh | 3.350.0 | 直接依赖 | npm |
| github.com/andybalholm/brotli | v1.0.5 | 间接依赖 | go |
| @aws-sdk/hash-node | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/middleware-recursion-detection | 3.347.0 | 间接依赖 | npm |
| @aws-sdk/client-cloudwatch | 3.350.0 | 直接依赖 | npm |
| github.com/google/uuid | v1.1.2 | 直接依赖 | go |
| github.com/DATA-DOG/go-sqlmock | v1.5.0 | 间接依赖 | go |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20230711160842-782d3b101e98 | 间接依赖 | go |
| github.com/golang/protobuf | v1.5.3 | 直接依赖 | go |
| @aws-sdk/util-defaults-mode-node | 3.347.0 | 间接依赖 | npm |
| request | 间接依赖 | pip | |
| github.com/kr/pretty | v0.1.0 | 间接依赖 | go |
| @aws-sdk/util-user-agent-node | 3.347.0 | 间接依赖 | npm |
| uuid | 8.3.2 | 间接依赖 | npm |
| @aws-sdk/util-retry | 3.347.0 | 间接依赖 | npm |
| gopkg.in/check.v1 | v1.0.0-20190902080502-41f04d3bba15 | 间接依赖 | go |
| github.com/gorilla/mux | v1.8.0 | 直接依赖 | go |
| @aws-sdk/middleware-signing | 3.347.0 | 间接依赖 | npm |