基础信息
项目名称:c121914yu/FastGPT
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721033483140272128/1721033483194798080
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| NumPy 代码问题漏洞 | 空指针取消引用 | MPS-2021-32278 | CVE-2021-41495 | 中危 |
| Google Golang 资源管理错误漏洞 | MPS-2022-58307 | CVE-2022-41723 | 高危 | |
| Google Golang 资源管理错误漏洞 | 拒绝服务 | MPS-c8am-hbny | CVE-2023-39325 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| golang.org/x/net | v0.5.0 | 0.17.0 | 间接依赖 | 建议修复 |
| numpy | 1.24.3 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 11 | 低 |
| MIT | 14 | 低 |
| ISC | 2 | 低 |
| Apache-2.0 | 3 | 低 |
| 自定义许可证 | 1 | 低 |
| BSD-2-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| sentence_transformers | 2.2.2 | 间接依赖 | pip |
| scikit_learn | 1.2.2 | 间接依赖 | pip |
| github.com/insomniacslk/dhcp | v0.0.0-20221215072855-de60144f33f8 | 间接依赖 | go |
| go.etcd.io/bbolt | v1.3.6 | 间接依赖 | go |
| libc.so.6 | 间接依赖 | ||
| github.com/ajg/form | v1.5.1 | 间接依赖 | go |
| github.com/gohugoio/hugo-mod-bootstrap-scss/v5 | v5.20300.20003 | 间接依赖 | go |
| golang.org/x/exp | v0.0.0-20220303212507-bbda1eaf7a17 | 间接依赖 | go |
| libdl.so.2 | 间接依赖 | ||
| github.com/oschwald/maxminddb-golang | v1.10.0 | 间接依赖 | go |
| fastapi | 0.99.1 | 间接依赖 | pip |
| github.com/mdlayher/netlink | v1.7.2-0.20221213171556-9881fafed8c7 | 间接依赖 | go |
| pydantic | 1.10.7 | 间接依赖 | pip |
| github.com/oschwald/geoip2-golang | v1.8.0 | 间接依赖 | go |
| starlette | 0.27.0 | 间接依赖 | pip |
| gopkg.in/yaml.v3 | v3.0.1 | 间接依赖 | go |
| uvicorn | 0.21.1 | 间接依赖 | pip |
| transformers | 4.31.0 | 间接依赖 | pip |
| fastapi | 0.101.1 | 间接依赖 | pip |
| github.com/go-chi/cors | v1.2.1 | 间接依赖 | go |
| golang.org/x/sys | v0.4.0 | 间接依赖 | go |
| github.com/go-chi/render | v1.0.2 | 间接依赖 | go |
| golang.org/x/sync | v0.1.0 | 间接依赖 | go |
| numpy | 1.24.3 | 间接依赖 | pip |
| libz.so.1 | 间接依赖 | ||
| github.com/josharian/native | v1.1.0 | 间接依赖 | go |
| go.uber.org/atomic | v1.10.0 | 间接依赖 | go |
| github.com/sirupsen/logrus | v1.9.0 | 间接依赖 | go |
| torch | 2.0 | 间接依赖 | pip |
| sse_starlette | 1.6.5 | 间接依赖 | pip |
| tiktoken | 0.4.0 | 间接依赖 | pip |
| github.com/samber/lo | v1.37.0 | 间接依赖 | go |
| github.com/go-chi/chi/v5 | v5.0.8 | 间接依赖 | go |
| github.com/gofrs/uuid | v4.4.0+incompatible | 间接依赖 | go |
| github.com/mdlayher/socket | v0.4.0 | 间接依赖 | go |
| github.com/miekg/dns | v1.1.50 | 间接依赖 | go |
| go.uber.org/automaxprocs | v1.5.1 | 间接依赖 | go |
| transformers | 4.30.2 | 间接依赖 | pip |
| golang.org/x/net | v0.5.0 | 间接依赖 | go |
| github.com/gorilla/websocket | v1.5.0 | 间接依赖 | go |
| github.com/colinwilson/lotusdocs | v0.1.0 | 间接依赖 | go |
| github.com/u-root/uio | v0.0.0-20221213070652-c3537552635f | 间接依赖 | go |
| uvicorn | 0.23.2 | 间接依赖 | pip |
| torch | 2.0.1 | 间接依赖 | pip |
| golang.org/x/crypto | v0.5.0 | 间接依赖 | go |
| golang.org/x/text | v0.6.0 | 间接依赖 | go |