基础信息
项目名称:kyleconroy/sqlc
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721353174333083648/1724558296928440320
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| github.com/jackc/pgproto3/v2 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-13401 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/jackc/pgproto3/v2 | v2.0.1 | 2.1.1 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 40 | 低 |
| BSD-3-Clause | 28 | 低 |
| Apache-2.0 | 13 | 低 |
| MPL-2.0 | 2 | 低 |
| BSD-2-Clause | 8 | 低 |
| ISC | 2 | 低 |
| 自定义许可证 | 6 | 低 |
| PostgreSQL | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/jackc/pgconn | v1.5.1-0.20200601181101-fa742c524853 | 直接依赖 | go |
| github.com/volatiletech/randomize | v0.0.1 | 间接依赖 | go |
| google.golang.org/genproto/googleapis/api | v0.0.0-20230822172742-b8732ec3820d | 间接依赖 | go |
| sphinx-favicon | 1.0.1 | 间接依赖 | pip |
| commonmark | 0.9.1 | 间接依赖 | pip |
| sphinx-rtd-theme | 1.3.0 | 间接依赖 | pip |
| github.com/xeipuuv/gojsonreference | v0.0.0-20180127040603-bd5ef7bd5415 | 间接依赖 | go |
| go.uber.org/zap | v1.26.0 | 间接依赖 | go |
| github.com/jackc/pgx/v5 | v5.5.0 | 直接依赖 | go |
| github.com/gofrs/uuid | v4.0.0+incompatible | 直接依赖 | go |
| github.com/go-sql-driver/mysql | v1.7.0 | 直接依赖 | go |
| gopkg.in/guregu/null.v4 | v4.0.0 | 直接依赖 | go |
| github.com/sqlc-dev/pqtype | v0.2.0 | 直接依赖 | go |
| go.uber.org/multierr | v1.11.0 | 间接依赖 | go |
| github.com/google/go-cmp | v0.6.0 | 直接依赖 | go |
| github.com/pgvector/pgvector-go | v0.1.1 | 间接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.1 | 直接依赖 | go |
| github.com/jackc/puddle/v2 | v2.2.1 | 间接依赖 | go |
| Sphinx | 6.2.1 | 间接依赖 | pip |
| golang.org/x/exp | v0.0.0-20231006140011-7918f672742d | 间接依赖 | go |
| certifi | 2023.7.22 | 间接依赖 | pip |
| sphinxcontrib-applehelp | 1.0.7 | 间接依赖 | pip |
| myst-parser | 2.0.0 | 间接依赖 | pip |
| github.com/jackc/pgx/v5 | v5.4.3 | 直接依赖 | go |
| imagesize | 1.4.1 | 间接依赖 | pip |
| urllib3 | 2.1.0 | 间接依赖 | pip |
| github.com/golang/protobuf | v1.5.3 | 间接依赖 | go |
| snowballstemmer | 2.2.0 | 间接依赖 | pip |
| alabaster | 0.7.13 | 间接依赖 | pip |
| github.com/stoewer/go-strcase | v1.2.0 | 间接依赖 | go |
| golang.org/x/sync | v0.5.0 | 直接依赖 | go |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20230822172742-b8732ec3820d | 间接依赖 | go |
| github.com/riza-io/grpc-go | v0.2.0 | 直接依赖 | go |
| github.com/jackc/chunkreader/v2 | v2.0.1 | 间接依赖 | go |
| github.com/pingcap/log | v1.1.0 | 间接依赖 | go |
| github.com/pingcap/failpoint | v0.0.0-20220801062533-2eaa32854a6c | 间接依赖 | go |
| Babel | 2.13.1 | 间接依赖 | pip |
| github.com/pingcap/errors | v0.11.5-0.20210425183316-da1aaba5fb63 | 间接依赖 | go |
| github.com/spf13/pflag | v1.0.5 | 直接依赖 | go |
| golang.org/x/text | v0.9.0 | 间接依赖 | go |
| github.com/go-sql-driver/mysql | v1.7.1 | 直接依赖 | go |
| github.com/sqlc-dev/sqlc-testdata | v1.0.0 | 直接依赖 | go |
| github.com/jackc/pgio | v1.0.0 | 间接依赖 | go |
| github.com/lib/pq | v1.10.9 | 直接依赖 | go |
| github.com/jackc/pgpassfile | v1.0.0 | 间接依赖 | go |
| github.com/antlr4-go/antlr/v4 | v4.13.0 | 间接依赖 | go |
| golang.org/x/crypto | v0.9.0 | 间接依赖 | go |
| github.com/bytecodealliance/wasmtime-go/v14 | v14.0.0 | 直接依赖 | go |
| pytz | 2023.3.post1 | 间接依赖 | pip |
| sphinxcontrib-qthelp | 1.0.6 | 间接依赖 | pip |
| github.com/spf13/cobra | v1.8.0 | 直接依赖 | go |
| github.com/volatiletech/inflect | v0.0.1 | 间接依赖 | go |
| github.com/mattn/go-sqlite3 | v1.14.18 | 直接依赖 | go |
| github.com/inconshreveable/mousetrap | v1.1.0 | 间接依赖 | go |
| github.com/jackc/pgx/v4 | v4.18.1 | 直接依赖 | go |
| sphinxcontrib-htmlhelp | 2.0.4 | 间接依赖 | pip |
| github.com/remyoudompheng/bigfft | v0.0.0-20230129092748-24d4a6f8daec | 间接依赖 | go |
| github.com/google/uuid | v1.3.0 | 直接依赖 | go |
| golang.org/x/text | v0.14.0 | 间接依赖 | go |
| github.com/xeipuuv/gojsonpointer | v0.0.0-20180127040702-4e3ac2762d5f | 间接依赖 | go |
| github.com/friendsofgo/errors | v0.9.2 | 间接依赖 | go |
| google.golang.org/grpc | v1.59.0 | 直接依赖 | go |
| sphinxcontrib-serializinghtml | 1.1.9 | 间接依赖 | pip |
| gopkg.in/natefinch/lumberjack.v2 | v2.2.1 | 间接依赖 | go |
| github.com/lib/pq | v1.9.0 | 直接依赖 | go |
| github.com/pingcap/tidb/pkg/parser | v0.0.0-20231103154709-4f00ece106b1 | 直接依赖 | go |
| google.golang.org/protobuf | v1.31.0 | 直接依赖 | go |
| github.com/antlr/antlr4/runtime/Go/antlr/v4 | v4.0.0-20230321174746-8dcc6526cfb1 | 直接依赖 | go |
| sphinxcontrib-devhelp | 1.0.5 | 间接依赖 | pip |
| github.com/jackc/pgx/v4 | v4.6.1-0.20200606145419-4e5062306904 | 直接依赖 | go |
| github.com/jackc/pgtype | v1.6.2 | 直接依赖 | go |
| golang.org/x/sys | v0.13.0 | 间接依赖 | go |
| github.com/jackc/pgservicefile | v0.0.0-20221227161230-091c0ba34f0a | 间接依赖 | go |
| Pygments | 2.16.1 | 间接依赖 | pip |
| github.com/jinzhu/inflection | v1.0.0 | 直接依赖 | go |
| pyparsing | 3.1.1 | 间接依赖 | pip |
| github.com/pganalyze/pg_query_go/v4 | v4.2.3 | 直接依赖 | go |
| requests | 2.31.0 | 间接依赖 | pip |
| github.com/cznic/mathutil | v0.0.0-20181122101859-297441e03548 | 间接依赖 | go |
| github.com/volatiletech/strmangle | v0.0.1 | 间接依赖 | go |
| packaging | 23.2 | 间接依赖 | pip |
| github.com/davecgh/go-spew | v1.1.1 | 直接依赖 | go |
| github.com/jackc/pgconn | v1.14.1 | 间接依赖 | go |
| MarkupSafe | 2.1.3 | 间接依赖 | pip |
| golang.org/x/crypto | v0.14.0 | 间接依赖 | go |
| sphinxcontrib-jsmath | 1.0.1 | 间接依赖 | pip |
| idna | 3.4 | 间接依赖 | pip |
| github.com/google/cel-go | v0.18.2 | 直接依赖 | go |
| github.com/hexon/mysqltsv | v0.1.0 | 直接依赖 | go |
| github.com/cubicdaiya/gonp | v1.0.4 | 直接依赖 | go |
| github.com/volatiletech/null/v8 | v8.1.2 | 直接依赖 | go |
| chardet | 5.2.0 | 间接依赖 | pip |
| github.com/jackc/pgproto3/v2 | v2.0.1 | 间接依赖 | go |
| Jinja2 | 3.1.2 | 间接依赖 | pip |
| docutils | 0.18.1 | 间接依赖 | pip |
| github.com/rogpeppe/go-internal | v1.10.0 | 间接依赖 | go |
| golang.org/x/net | v0.17.0 | 间接依赖 | go |
| github.com/fatih/structtag | v1.2.0 | 直接依赖 | go |
| golang.org/x/xerrors | v0.0.0-20200804184101-5ec99f83aff1 | 间接依赖 | go |
| github.com/xeipuuv/gojsonschema | v1.2.0 | 直接依赖 | go |
| go.uber.org/atomic | v1.11.0 | 间接依赖 | go |
| github.com/jackc/pgproto3/v2 | v2.3.2 | 间接依赖 | go |
| github.com/jackc/pgtype | v1.14.0 | 间接依赖 | go |