基础信息
项目名称:ConsenSys/quorum
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721103939180429312/1725570193235075072
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| btcd 安全漏洞 | 缓冲区溢出 | MPS-2022-63685 | CVE-2022-44797 | 严重 |
| Google Go 权限许可和访问控制问题漏洞 | 权限管理不当 | MPS-2022-9049 | CVE-2022-29526 | 中危 |
| Moby 安全漏洞 | 未能安全地进行程序失效(Failing Open) | MPS-2023-8823 | CVE-2023-28840 | 高危 |
| Moby 安全漏洞 | 未能安全地进行程序失效(Failing Open) | MPS-2023-8824 | CVE-2023-28841 | 中危 |
| Moby 安全漏洞 | 未能安全地进行程序失效(Failing Open) | MPS-2023-8826 | CVE-2023-28842 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/btcsuite/btcd | v0.20.1-beta | 0.23.2 | 直接依赖 | 建议修复 |
| github.com/docker/docker | v20.10.12+incompatible | 20.10.24 | 直接依赖 | 建议修复 |
| golang.org/x/sys | v0.0.0-20220422013727-9388b58f7150 | 0.1.0 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 35 | 低 |
| BSD-3-Clause | 17 | 低 |
| Apache-2.0 | 21 | 低 |
| BSD-2-Clause | 7 | 低 |
| ISC | 2 | 低 |
| MPL-2.0 | 3 | 低 |
| LGPL-3.0 | 1 | 中 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/dop251/goja | v0.0.0-20200721192441-a695b0cdd498 | 直接依赖 | go |
| github.com/StackExchange/wmi | v1.2.1 | 间接依赖 | go |
| github.com/golang/snappy | v0.0.3-0.20201103224600-674baa8c7fc3 | 直接依赖 | go |
| github.com/golang/mock | v1.6.0 | 直接依赖 | go |
| github.com/Azure/azure-storage-blob-go | v0.7.0 | 直接依赖 | go |
| github.com/mattn/go-isatty | v0.0.14 | 直接依赖 | go |
| gopkg.in/check.v1 | v1.0.0-20201130134442-10cb98267c6c | 直接依赖 | go |
| github.com/aws/aws-sdk-go-v2 | v1.2.0 | 直接依赖 | go |
| github.com/jpmorganchase/quorum-hello-world-plugin-sdk-go | v0.0.0-20200210211148-57f99f69eeb3 | 直接依赖 | go |
| github.com/holiman/uint256 | v1.2.1 | 直接依赖 | go |
| github.com/btcsuite/btcd | v0.20.1-beta | 直接依赖 | go |
| github.com/gogo/protobuf | v1.3.2 | 间接依赖 | go |
| github.com/cloudflare/cloudflare-go | v0.14.0 | 直接依赖 | go |
| github.com/fjl/memsize | v0.0.0-20190710130421-bcb5799ab5e5 | 直接依赖 | go |
| github.com/eapache/queue | v1.1.0 | 间接依赖 | go |
| github.com/hashicorp/go-plugin | v1.2.2 | 直接依赖 | go |
| gotest.tools/v3 | v3.1.0 | 间接依赖 | go |
| github.com/huin/goupnp | v1.0.1-0.20210310174557-0ca763054c88 | 直接依赖 | go |
| github.com/hashicorp/golang-lru | v0.5.5-0.20210104140557-80c98217689d | 直接依赖 | go |
| github.com/ConsenSys/quorum-qlight-token-manager-plugin-sdk-go | v0.0.0-20220427130631-ecd75caa6e73 | 直接依赖 | go |
| github.com/BurntSushi/toml | v0.3.1 | 直接依赖 | go |
| golang.org/x/crypto | v0.0.0-20220722155217-630584e8d5aa | 直接依赖 | go |
| golang.org/x/text | v0.3.7 | 直接依赖 | go |
| github.com/coreos/pkg | v0.0.0-20180928190104-399ea9e2e55f | 间接依赖 | go |
| github.com/rs/cors | v1.7.0 | 直接依赖 | go |
| github.com/google/uuid | v1.1.5 | 直接依赖 | go |
| github.com/deckarep/golang-set | v0.0.0-20180603214616-504e848d77ea | 直接依赖 | go |
| github.com/coreos/go-semver | v0.3.0 | 间接依赖 | go |
| gopkg.in/yaml.v2 | v2.4.0 | 间接依赖 | go |
| github.com/influxdata/influxdb | v1.8.3 | 直接依赖 | go |
| github.com/status-im/keycard-go | v0.0.0-20190316090335-8537d3370df4 | 直接依赖 | go |
| golang.org/x/sync | v0.0.0-20210220032951-036812b2e83c | 直接依赖 | go |
| github.com/hashicorp/go-hclog | v1.1.0 | 直接依赖 | go |
| github.com/google/gofuzz | v1.1.1-0.20200604201612-c04b05f3adfa | 直接依赖 | go |
| github.com/eapache/channels | v1.1.0 | 直接依赖 | go |
| github.com/dlclark/regexp2 | v1.7.0 | 间接依赖 | go |
| github.com/coreos/etcd | v3.3.20+incompatible | 直接依赖 | go |
| golang.org/x/time | v0.0.0-20201208040808-7e3f01d25324 | 直接依赖 | go |
| github.com/tyler-smith/go-bip39 | v1.0.1-0.20181017060643-dbb3b84ba2ef | 直接依赖 | go |
| github.com/shirou/gopsutil | v2.20.5+incompatible | 直接依赖 | go |
| github.com/kylelemons/godebug | v1.1.0 | 间接依赖 | go |
| github.com/aws/aws-sdk-go-v2/service/route53 | v1.1.1 | 直接依赖 | go |
| google.golang.org/grpc | v1.46.0 | 直接依赖 | go |
| github.com/VictoriaMetrics/fastcache | v1.5.7 | 直接依赖 | go |
| github.com/cespare/cp | v0.1.0 | 直接依赖 | go |
| github.com/mitchellh/go-testing-interface | v1.0.0 | 间接依赖 | go |
| github.com/mattn/go-colorable | v0.1.4 | 直接依赖 | go |
| github.com/gorilla/websocket | v1.5.0 | 直接依赖 | go |
| github.com/Azure/go-autorest/autorest/adal | v0.9.21 | 间接依赖 | go |
| gopkg.in/urfave/cli.v1 | v1.20.0 | 直接依赖 | go |
| gopkg.in/natefinch/npipe.v2 | v2.0.0-20160621034901-c1b8fa8bdcce | 直接依赖 | go |
| github.com/go-sourcemap/sourcemap | v2.1.3+incompatible | 间接依赖 | go |
| github.com/opentracing/opentracing-go | v1.2.0 | 间接依赖 | go |
| github.com/jpmorganchase/quorum-security-plugin-sdk-go | v0.0.0-20200714173835-22a319bb78ce | 直接依赖 | go |
| github.com/docker/docker | v20.10.12+incompatible | 直接依赖 | go |
| gopkg.in/olebedev/go-duktape.v3 | v3.0.0-20200619000410-60c24ae608a6 | 直接依赖 | go |
| github.com/gballet/go-libpcsclite | v0.0.0-20190607065134-2772fd86a8ff | 直接依赖 | go |
| github.com/consensys/gnark-crypto | v0.4.1-0.20210426202927-39ac3d4b3f1f | 直接依赖 | go |
| github.com/jedisct1/go-minisign | v0.0.0-20190909160543-45766022959e | 直接依赖 | go |
| github.com/holiman/bloomfilter/v2 | v2.0.3 | 直接依赖 | go |
| github.com/olekukonko/tablewriter | v0.0.5 | 直接依赖 | go |
| golang.org/x/term | v0.0.0-20210927222741-03fcf44c2211 | 直接依赖 | go |
| github.com/aws/aws-sdk-go-v2/credentials | v1.1.1 | 直接依赖 | go |
| github.com/jpmorganchase/quorum-account-plugin-sdk-go | v0.0.0-20200714175524-662195b38a5e | 直接依赖 | go |
| github.com/fatih/color | v1.7.0 | 直接依赖 | go |
| github.com/julienschmidt/httprouter | v1.2.0 | 直接依赖 | go |
| github.com/naoina/toml | v0.1.2-0.20170918210437-9fafd6967416 | 直接依赖 | go |
| github.com/syndtr/goleveldb | v1.0.1-0.20210305035536-64b5b1c73954 | 直接依赖 | go |
| github.com/golang/protobuf | v1.5.2 | 直接依赖 | go |
| github.com/patrickmn/go-cache | v2.1.0+incompatible | 直接依赖 | go |
| golang.org/x/sys | v0.0.0-20220422013727-9388b58f7150 | 直接依赖 | go |
| github.com/coreos/go-systemd | v0.0.0-20191104093116-d3cd4ed1dbcf | 间接依赖 | go |
| gopkg.in/karalabe/cookiejar.v2 | v2.0.0-20150724131613-8dcd6a7f4951 | 直接依赖 | go |
| github.com/graph-gophers/graphql-go | v1.3.0 | 直接依赖 | go |
| github.com/rjeczalik/notify | v0.9.2 | 直接依赖 | go |
| github.com/stretchr/testify | v1.7.0 | 直接依赖 | go |
| github.com/jackpal/go-nat-pmp | v1.0.2-0.20160603034137-1fa385a6f458 | 直接依赖 | go |
| github.com/prometheus/tsdb | v0.7.1 | 直接依赖 | go |
| github.com/karalabe/usb | v0.0.2 | 直接依赖 | go |
| gopkg.in/oleiade/lane.v1 | v1.0.0 | 直接依赖 | go |
| github.com/xiang90/probing | v0.0.0-20190116061207-43a291ad63a2 | 间接依赖 | go |
| github.com/naoina/go-stringutil | v0.1.0 | 间接依赖 | go |
| github.com/peterh/liner | v1.1.1-0.20190123174540-a2c9a5303de7 | 直接依赖 | go |
| github.com/pborman/uuid | v0.0.0-20170112150404-1b00554d8222 | 直接依赖 | go |
| github.com/edsrzf/mmap-go | v1.0.0 | 直接依赖 | go |
| github.com/davecgh/go-spew | v1.1.1 | 直接依赖 | go |
| github.com/tv42/httpunix | v0.0.0-20191220191345-2ba4b9c3382c | 直接依赖 | go |
| github.com/aws/aws-sdk-go-v2/config | v1.1.1 | 直接依赖 | go |
| github.com/go-stack/stack | v1.8.1 | 直接依赖 | go |