基础信息
项目名称:YaoApp/yao
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721644724611751936/1721644724653694976
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Google Golang 资源管理错误漏洞 | 拒绝服务 | MPS-c8am-hbny | CVE-2023-39325 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| golang.org/x/net | v0.15.0 | 0.17.0 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 24 | 低 |
| BSD-3-Clause | 28 | 低 |
| MIT | 49 | 低 |
| BSD-2-Clause | 6 | 低 |
| MPL-2.0 | 6 | 低 |
| ISC | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/spf13/cobra | v1.7.0 | 直接依赖 | go |
| golang.org/x/text | v0.13.0 | 间接依赖 | go |
| github.com/stretchr/testify | v1.8.4 | 直接依赖 | go |
| github.com/dlclark/regexp2 | v1.10.0 | 间接依赖 | go |
| golang.org/x/oauth2 | v0.12.0 | 间接依赖 | go |
| golang.org/x/tools | v0.13.0 | 间接依赖 | go |
| github.com/miekg/dns | v1.1.56 | 间接依赖 | go |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20230920204549-e6e6cdab5c13 | 间接依赖 | go |
| github.com/inconshreveable/go-update | v0.0.0-20160112193335-8152e7eb6ccf | 间接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 间接依赖 | go |
| github.com/google/go-github/v30 | v30.1.0 | 间接依赖 | go |
| github.com/chenzhuoyu/iasm | v0.9.0 | 间接依赖 | go |
| github.com/ugorji/go/codec | v1.2.11 | 间接依赖 | go |
| github.com/gorilla/websocket | v1.5.0 | 间接依赖 | go |
| github.com/pelletier/go-toml/v2 | v2.1.0 | 间接依赖 | go |
| google.golang.org/grpc | v1.58.1 | 间接依赖 | go |
| github.com/tidwall/btree | v1.7.0 | 间接依赖 | go |
| github.com/go-playground/locales | v0.14.1 | 间接依赖 | go |
| github.com/lib/pq | v1.10.9 | 间接依赖 | go |
| github.com/xdg-go/scram | v1.1.2 | 间接依赖 | go |
| github.com/klauspost/compress | v1.17.0 | 间接依赖 | go |
| github.com/mohae/deepcopy | v0.0.0-20170929034955-c48cc78d4826 | 间接依赖 | go |
| github.com/tidwall/grect | v0.1.4 | 间接依赖 | go |
| rogchap.com/v8go | v0.9.0 | 直接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.1 | 直接依赖 | go |
| golang.org/x/sys | v0.12.0 | 间接依赖 | go |
| github.com/andybalholm/cascadia | v1.3.1 | 间接依赖 | go |
| github.com/yaoapp/kun | v0.9.0 | 直接依赖 | go |
| github.com/sirupsen/logrus | v1.9.3 | 间接依赖 | go |
| google.golang.org/genproto | v0.0.0-20230913181813-007df8e322eb | 间接依赖 | go |
| github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | 间接依赖 | go |
| github.com/gin-contrib/sse | v0.1.0 | 间接依赖 | go |
| github.com/hashicorp/go-multierror | v1.1.1 | 间接依赖 | go |
| github.com/tcnksm/go-gitconfig | v0.1.2 | 间接依赖 | go |
| github.com/oklog/run | v1.1.0 | 间接依赖 | go |
| github.com/evanw/esbuild | v0.19.3 | 间接依赖 | go |
| github.com/leodido/go-urn | v1.2.4 | 间接依赖 | go |
| github.com/go-playground/universal-translator | v0.18.1 | 间接依赖 | go |
| github.com/youmark/pkcs8 | v0.0.0-20201027041543-1326539a0a0a | 间接依赖 | go |
| github.com/chenzhuoyu/base64x | v0.0.0-20230717121745-296ad89f973d | 间接依赖 | go |
| github.com/xuri/excelize/v2 | v2.8.0 | 直接依赖 | go |
| github.com/tidwall/gjson | v1.16.0 | 间接依赖 | go |
| github.com/spf13/pflag | v1.0.5 | 间接依赖 | go |
| github.com/tidwall/pretty | v1.2.1 | 间接依赖 | go |
| github.com/json-iterator/go | v1.1.12 | 直接依赖 | go |
| github.com/gin-gonic/gin | v1.9.1 | 直接依赖 | go |
| github.com/golang-jwt/jwt | v3.2.2+incompatible | 直接依赖 | go |
| github.com/davecgh/go-spew | v1.1.1 | 间接依赖 | go |
| github.com/yaoapp/gou | v0.10.3 | 直接依赖 | go |
| github.com/robfig/cron/v3 | v3.0.1 | 间接依赖 | go |
| google.golang.org/protobuf | v1.31.0 | 间接依赖 | go |
| github.com/tidwall/match | v1.1.1 | 间接依赖 | go |
| github.com/richardlehane/msoleps | v1.0.3 | 间接依赖 | go |
| github.com/blang/semver/v4 | v4.0.0 | 间接依赖 | go |
| github.com/go-errors/errors | v1.5.1 | 间接依赖 | go |
| github.com/xuri/efp | v0.0.0-20230802181842-ad255f2331ca | 间接依赖 | go |
| github.com/go-redis/redis/v8 | v8.11.5 | 间接依赖 | go |
| github.com/ulikunitz/xz | v0.5.11 | 间接依赖 | go |
| github.com/tidwall/rtred | v0.1.2 | 间接依赖 | go |
| github.com/richardlehane/mscfb | v1.0.4 | 间接依赖 | go |
| github.com/mattn/go-isatty | v0.0.19 | 间接依赖 | go |
| golang.org/x/image | v0.11.0 | 间接依赖 | go |
| github.com/hashicorp/golang-lru | v1.0.2 | 间接依赖 | go |
| github.com/golang/snappy | v0.0.4 | 间接依赖 | go |
| github.com/pmezard/go-difflib | v1.0.0 | 间接依赖 | go |
| github.com/hashicorp/yamux | v0.1.1 | 间接依赖 | go |
| github.com/fsnotify/fsnotify | v1.6.0 | 直接依赖 | go |
| github.com/jmoiron/sqlx | v1.3.5 | 间接依赖 | go |
| github.com/cespare/xxhash/v2 | v2.2.0 | 间接依赖 | go |
| github.com/google/go-querystring | v1.1.0 | 间接依赖 | go |
| github.com/hashicorp/errwrap | v1.0.0 | 间接依赖 | go |
| github.com/twitchyliquid64/golang-asm | v0.15.1 | 间接依赖 | go |
| github.com/xdg-go/pbkdf2 | v1.0.0 | 间接依赖 | go |
| github.com/golang/protobuf | v1.5.3 | 间接依赖 | go |
| github.com/xuri/nfp | v0.0.0-20230919160717-d98342af3f05 | 间接依赖 | go |
| golang.org/x/sync | v0.3.0 | 间接依赖 | go |
| golang.org/x/mod | v0.12.0 | 间接依赖 | go |
| github.com/hashicorp/go-plugin | v1.5.1 | 间接依赖 | go |
| github.com/yaoapp/xun | v0.9.0 | 直接依赖 | go |
| gopkg.in/check.v1 | v1.0.0-20190902080502-41f04d3bba15 | 间接依赖 | go |
| golang.org/x/crypto | v0.13.0 | 直接依赖 | go |
| github.com/caarlos0/env/v6 | v6.10.1 | 直接依赖 | go |
| github.com/tidwall/buntdb | v1.3.0 | 间接依赖 | go |
| github.com/elazarl/go-bindata-assetfs | v1.0.1 | 直接依赖 | go |
| github.com/klauspost/cpuid/v2 | v2.2.5 | 间接依赖 | go |
| github.com/go-playground/validator/v10 | v10.15.4 | 间接依赖 | go |
| github.com/PuerkitoBio/goquery | v1.8.1 | 间接依赖 | go |
| github.com/xdg-go/stringprep | v1.0.4 | 间接依赖 | go |
| golang.org/x/net | v0.15.0 | 间接依赖 | go |
| github.com/goccy/go-json | v0.10.2 | 间接依赖 | go |
| github.com/gabriel-vasile/mimetype | v1.4.2 | 间接依赖 | go |
| github.com/mattn/go-colorable | v0.1.13 | 间接依赖 | go |
| github.com/tidwall/tinyqueue | v0.1.1 | 间接依赖 | go |
| go.mongodb.org/mongo-driver | v1.12.1 | 间接依赖 | go |
| github.com/dgryski/go-rendezvous | v0.0.0-20200823014737-9f7001d12a5f | 间接依赖 | go |
| github.com/joho/godotenv | v1.5.1 | 直接依赖 | go |
| golang.org/x/arch | v0.5.0 | 间接依赖 | go |
| github.com/google/uuid | v1.3.1 | 直接依赖 | go |
| github.com/hashicorp/go-hclog | v1.5.0 | 间接依赖 | go |
| github.com/dchest/captcha | v1.0.0 | 直接依赖 | go |
| github.com/inconshreveable/mousetrap | v1.1.0 | 间接依赖 | go |
| github.com/bytedance/sonic | v1.10.1 | 间接依赖 | go |
| github.com/pkoukk/tiktoken-go | v0.1.6 | 直接依赖 | go |
| github.com/fatih/color | v1.15.0 | 直接依赖 | go |
| github.com/go-sql-driver/mysql | v1.7.1 | 间接依赖 | go |
| github.com/mitchellh/go-testing-interface | v1.14.1 | 间接依赖 | go |
| github.com/blang/semver | v3.5.1+incompatible | 直接依赖 | go |
| google.golang.org/appengine | v1.6.8 | 间接依赖 | go |
| github.com/montanaflynn/stats | v0.7.1 | 间接依赖 | go |
| github.com/rhysd/go-github-selfupdate | v1.2.3 | 直接依赖 | go |
| github.com/modern-go/reflect2 | v1.0.2 | 间接依赖 | go |
| github.com/mattn/go-sqlite3 | v1.14.17 | 间接依赖 | go |
| github.com/TylerBrock/colorjson | v0.0.0-20200706003622-8a50f05110d2 | 间接依赖 | go |