基础信息
项目名称:xxjwxc/shares
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721602352213483520/1721602352939098112
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Google Golang 资源管理错误漏洞 | MPS-2022-58307 | CVE-2022-41723 | 高危 | |
| Go-Yaml 安全漏洞 | 反序列化 | MPS-2022-8233 | CVE-2022-28948 | 高危 |
| Google Go 权限许可和访问控制问题漏洞 | 权限管理不当 | MPS-2022-9049 | CVE-2022-29526 | 中危 |
| Gin-Gonic Gin 输入验证错误漏洞 | 输入验证不恰当 | MPS-2023-5119 | CVE-2023-26125 | 高危 |
| Gin 安全漏洞 | 下载代码缺少完整性检查 | MPS-2023-9711 | CVE-2023-29401 | 中危 |
| Google Golang 资源管理错误漏洞 | 拒绝服务 | MPS-c8am-hbny | CVE-2023-39325 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| gopkg.in/yaml.v3 | v3.0.0-20200313102051-9f266ea9e77c | 3.0.0 | 间接依赖 | 建议修复 |
| github.com/gin-gonic/gin | v1.7.7 | 1.9.1 | 直接依赖 | 建议修复 |
| golang.org/x/net | v0.0.0-20220520000938-2e3eb7b945c2 | 0.17.0 | 间接依赖 | 建议修复 |
| gopkg.in/yaml.v3 | v3.0.0-20210107192922-496545a6307b | 3.0.0 | 直接依赖 | 建议修复 |
| golang.org/x/sys | v0.0.0-20220519141025-dcacdad47464 | 0.1.0 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 35 | 低 |
| Apache-2.0 | 13 | 低 |
| BSD-3-Clause | 14 | 低 |
| MPL-2.0 | 1 | 低 |
| BSD-2-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/mozillazg/go-pinyin | v0.19.0 | 直接依赖 | go |
| github.com/gin-gonic/gin | v1.7.7 | 直接依赖 | go |
| github.com/xxjwxc/ginrpc | v0.0.0-20220416151621-d2a2864d29f4 | 直接依赖 | go |
| github.com/go-playground/universal-translator | v0.17.0 | 间接依赖 | go |
| golang.org/x/xerrors | v0.0.0-20220517211312-f3a8303e98df | 间接依赖 | go |
| github.com/jinzhu/now | v1.1.2 | 间接依赖 | go |
| api-ms-win-crt-stdio-l1-1-0.dll | 间接依赖 | ||
| github.com/golang-sql/civil | v0.0.0-20190719163853-cb61b32ac6fe | 间接依赖 | go |
| github.com/miekg/dns | v1.1.49 | 间接依赖 | go |
| github.com/gookit/color | v1.5.0 | 间接依赖 | go |
| golang.org/x/crypto | v0.0.0-20210322153248-0c34fe9e7dc2 | 间接依赖 | go |
| gorm.io/gorm | v1.21.4 | 间接依赖 | go |
| github.com/nsf/termbox-go | v0.0.0-20200418040025-38ba6e5628f1 | 间接依赖 | go |
| github.com/gmsec/goplugins | v0.0.0-20220510122305-f8eb57238301 | 直接依赖 | go |
| gopkg.in/go-playground/validator.v9 | v9.30.2 | 间接依赖 | go |
| github.com/mattn/go-sqlite3 | v2.0.1+incompatible | 间接依赖 | go |
| go.uber.org/multierr | v1.1.0 | 间接依赖 | go |
| github.com/denisenkom/go-mssqldb | v0.9.0 | 间接依赖 | go |
| golang.org/x/sys | v0.0.0-20220519141025-dcacdad47464 | 间接依赖 | go |
| go.uber.org/zap | v1.21.0 | 间接依赖 | go |
| github.com/spf13/pflag | v1.0.3 | 间接依赖 | go |
| VCRUNTIME140.dll | 间接依赖 | ||
| golang.org/x/crypto | v0.0.0-20220518034528-6f7dac969898 | 间接依赖 | go |
| github.com/gmsec/micro | v0.0.0-20210702092856-15091f6bcc57 | 直接依赖 | go |
| gorm.io/datatypes | v1.0.1 | 直接依赖 | go |
| github.com/gookit/color | v1.2.5 | 间接依赖 | go |
| github.com/mattn/go-runewidth | v0.0.9 | 间接依赖 | go |
| github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/asr | v1.0.310 | 直接依赖 | go |
| github.com/gmsec/micro | v0.0.0-20211022114905-169485e6fedf | 直接依赖 | go |
| api-ms-win-crt-heap-l1-1-0.dll | 间接依赖 | ||
| github.com/go-playground/validator/v10 | v10.11.0 | 间接依赖 | go |
| github.com/xxjwxc/gormt | (devel) | 间接依赖 | go |
| COMCTL32.dll | 间接依赖 | ||
| github.com/nicksnyder/go-i18n/v2 | v2.0.3 | 间接依赖 | go |
| go.uber.org/atomic | v1.4.0 | 间接依赖 | go |
| github.com/ugorji/go | v1.2.7 | 间接依赖 | go |
| github.com/go-playground/locales | v0.13.0 | 间接依赖 | go |
| github.com/spf13/cobra | v1.0.0 | 间接依赖 | go |
| github.com/go-sql-driver/mysql | v1.5.0 | 间接依赖 | go |
| github.com/xxjwxc/public | v0.0.0-20220427083745-2dca406fd512 | 直接依赖 | go |
| github.com/mattn/go-isatty | v0.0.14 | 间接依赖 | go |
| google.golang.org/grpc | v1.36.0 | 直接依赖 | go |
| github.com/json-iterator/go | v1.1.12 | 间接依赖 | go |
| api-ms-win-crt-math-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-crt-runtime-l1-1-0.dll | 间接依赖 | ||
| google.golang.org/protobuf | v1.28.0 | 直接依赖 | go |
| MSVCP140.dll | 间接依赖 | ||
| github.com/jinzhu/inflection | v1.0.0 | 间接依赖 | go |
| github.com/prometheus/client_golang | v1.11.0 | 直接依赖 | go |
| golang.org/x/text | v0.3.3 | 间接依赖 | go |
| golang.org/x/net | v0.0.0-20220520000938-2e3eb7b945c2 | 间接依赖 | go |
| github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/nlp | v1.0.300 | 直接依赖 | go |
| go.uber.org/zap | v1.10.0 | 间接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 间接依赖 | go |
| gorm.io/gorm | v1.21.15 | 直接依赖 | go |
| github.com/jroimartin/gocui | v0.4.0 | 间接依赖 | go |
| api-ms-win-crt-locale-l1-1-0.dll | 间接依赖 | ||
| github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common | v1.0.300 | 直接依赖 | go |
| github.com/xxjwxc/public | v0.0.0-20210709073023-f6ec6fb9bcb4 | 间接依赖 | go |
| github.com/atotto/clipboard | v0.1.2 | 间接依赖 | go |
| gorm.io/driver/sqlite | v1.1.4 | 间接依赖 | go |
| api-ms-win-crt-convert-l1-1-0.dll | 间接依赖 | ||
| gopkg.in/natefinch/lumberjack.v2 | v2.0.0 | 间接依赖 | go |
| google.golang.org/grpc | v1.46.2 | 直接依赖 | go |
| google.golang.org/protobuf | v1.25.0 | 直接依赖 | go |
| rpc | v0.0.0-00010101000000-000000000000 | 直接依赖 | go |
| USER32.dll | 间接依赖 | ||
| github.com/axgle/mahonia | v0.0.0-20180208002826-3358181d7394 | 直接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.0-20210107192922-496545a6307b | 直接依赖 | go |
| go.uber.org/multierr | v1.8.0 | 间接依赖 | go |
| golang.org/x/tools | v0.1.10 | 间接依赖 | go |
| gorm.io/driver/mysql | v1.0.1 | 间接依赖 | go |
| github.com/inconshreveable/mousetrap | v1.0.0 | 间接依赖 | go |
| github.com/leodido/go-urn | v1.2.0 | 间接依赖 | go |
| gorm.io/driver/sqlserver | v1.0.7 | 间接依赖 | go |
| github.com/goccy/go-json | v0.9.7 | 间接依赖 | go |
| google.golang.org/genproto | v0.0.0-20220519153652-3a47de7e79bd | 间接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.0-20200313102051-9f266ea9e77c | 间接依赖 | go |
| github.com/chenjiandongx/ginprom | v0.0.0-20201217063207-fe11b7f55a35 | 直接依赖 | go |
| KERNEL32.dll | 间接依赖 |