containers/libpod 软件分析报告

基础信息

项目名称:containers/libpod

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1721104113634185216/1725571289195696128

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
Kubernetes 输入验证错误漏洞 输入验证不恰当 MPS-2019-15838 CVE-2019-11255 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
k8s.io/kubernetes v1.28.4 直接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
BSD-3-Clause 43
Apache-2.0 94
MIT 65
MPL-2.0 7
BSD-2-Clause 7
ISC 2
Unlicense 1
CC-BY-SA-4.0 1
GPL-2.0 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
github.com/google/go-cmp v0.6.0 间接依赖 go
github.com/docker/go-units v0.5.0 直接依赖 go
github.com/disiqueira/gotree/v3 v3.0.2 间接依赖 go
github.com/google/go-intervals v0.0.2 间接依赖 go
github.com/yusufpapurcu/wmi v1.2.3 间接依赖 go
google.golang.org/protobuf v1.31.0 直接依赖 go
github.com/twitchyliquid64/golang-asm v0.15.1 间接依赖 go
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 间接依赖 go
github.com/hashicorp/go-cleanhttp v0.5.2 间接依赖 go
github.com/docker/docker v24.0.7+incompatible 直接依赖 go
github.com/vishvananda/netlink v1.2.1-beta.2 直接依赖 go
github.com/bytedance/sonic v1.10.1 间接依赖 go
golang.org/x/tools v0.15.0 直接依赖 go
github.com/pkg/errors v0.9.1 间接依赖 go
google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 间接依赖 go
github.com/containernetworking/plugins v1.3.0 直接依赖 go
golang.org/x/arch v0.5.0 间接依赖 go
github.com/go-openapi/jsonpointer v0.19.6 间接依赖 go
github.com/opencontainers/image-spec v1.1.0-rc5 直接依赖 go
github.com/davecgh/go-spew v1.1.1 间接依赖 go
github.com/fatih/color v1.15.0 间接依赖 go
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd 间接依赖 go
github.com/sirupsen/logrus v1.8.1 间接依赖 go
golang.org/x/net v0.18.0 直接依赖 go
github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f 间接依赖 go
github.com/chzyer/readline v1.5.1 间接依赖 go
github.com/mdlayher/socket v0.4.1 间接依赖 go
github.com/distribution/reference v0.5.0 间接依赖 go
github.com/containers/common v0.56.1-0.20231102181045-6a67921ec5ce 直接依赖 go
google.golang.org/grpc v1.58.3 间接依赖 go
github.com/google/gofuzz v1.2.0 直接依赖 go
go.opencensus.io v0.24.0 间接依赖 go
github.com/spf13/pflag v1.0.5 直接依赖 go
github.com/VividCortex/ewma v1.2.0 间接依赖 go
github.com/josharian/intern v1.0.0 间接依赖 go
github.com/containers/storage v1.50.3-0.20231108224651-a56f2b2fecfd 直接依赖 go
github.com/kr/fs v0.1.0 间接依赖 go
github.com/gabriel-vasile/mimetype v1.4.2 间接依赖 go
github.com/onsi/ginkgo/v2 v2.13.1 直接依赖 go
flask 间接依赖 pip
github.com/fsouza/go-dockerclient v1.9.7 间接依赖 go
github.com/docker/docker-credential-helpers v0.8.0 间接依赖 go
github.com/miekg/pkcs11 v1.1.1 间接依赖 go
github.com/containers/conmon v2.0.20+incompatible 直接依赖 go
github.com/mdlayher/vsock v1.2.1 直接依赖 go
github.com/vbatts/tar-split v0.11.5 间接依赖 go
github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 间接依赖 go
github.com/gorilla/schema v1.2.0 直接依赖 go
github.com/containers/image/v5 v5.28.1-0.20231101173728-373c52a9466f 直接依赖 go
golang.org/x/oauth2 v0.13.0 间接依赖 go
github.com/blang/semver/v4 v4.0.0 直接依赖 go
github.com/linuxkit/virtsock v0.0.0-20220523201153-1a23e78aa7a2 直接依赖 go
tags.cncf.io/container-device-interface/specs-go v0.6.0 间接依赖 go
github.com/moby/term v0.5.0 直接依赖 go
github.com/containers/buildah v1.32.1-0.20231026190652-11e3b2132761 直接依赖 go
github.com/onsi/gomega v1.30.0 直接依赖 go
github.com/tchap/go-patricia/v2 v2.3.1 间接依赖 go
github.com/json-iterator/go v1.1.12 直接依赖 go
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 间接依赖 go
github.com/mitchellh/mapstructure v1.5.0 间接依赖 go
github.com/shoenig/go-m1cpu v0.1.6 间接依赖 go
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 间接依赖 go
github.com/vbauerster/mpb/v8 v8.6.2 直接依赖 go
github.com/containerd/containerd v1.7.8 间接依赖 go
github.com/go-openapi/strfmt v0.21.7 间接依赖 go
github.com/rootless-containers/rootlesskit v1.1.1 直接依赖 go
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da 间接依赖 go
github.com/google/pprof v0.0.0-20230323073829-e72429f035bd 间接依赖 go
github.com/moby/sys/sequential v0.5.0 间接依赖 go
github.com/nxadm/tail v1.4.11 直接依赖 go
github.com/checkpoint-restore/go-criu/v7 v7.0.0 直接依赖 go
github.com/go-ole/go-ole v1.2.6 间接依赖 go
github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc 直接依赖 go
github.com/mattn/go-isatty v0.0.17 间接依赖 go
github.com/go-playground/universal-translator v0.18.1 间接依赖 go
github.com/chenzhuoyu/iasm v0.9.0 间接依赖 go
github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f 间接依赖 go
github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d 间接依赖 go
github.com/manifoldco/promptui v0.9.0 间接依赖 go
github.com/digitalocean/go-qemu v0.0.0-20230711162256-2e3d0186973e 直接依赖 go
github.com/buger/goterm v1.0.4 直接依赖 go
github.com/go-playground/locales v0.14.1 间接依赖 go
github.com/klauspost/compress v1.17.2 间接依赖 go
github.com/golang/protobuf v1.5.3 间接依赖 go
github.com/seccomp/libseccomp-golang v0.10.0 间接依赖 go
github.com/tklauser/numcpus v0.6.1 间接依赖 go
github.com/sirupsen/logrus v1.9.3 直接依赖 go
github.com/modern-go/reflect2 v1.0.2 间接依赖 go
github.com/go-openapi/spec v0.20.9 间接依赖 go
github.com/jinzhu/copier v0.4.0 间接依赖 go
github.com/go-jose/go-jose/v3 v3.0.0 间接依赖 go
golang.org/x/exp v0.0.0-20231006140011-7918f672742d 直接依赖 go
go.etcd.io/bbolt v1.3.8 直接依赖 go
github.com/vbatts/git-validation v1.2.1 直接依赖 go
github.com/go-openapi/runtime v0.26.0 间接依赖 go
k8s.io/kubernetes v1.28.4 直接依赖 go
github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c 间接依赖 go
github.com/digitalocean/go-libvirt v0.0.0-20220804181439-8648fbde413e 间接依赖 go
golang.org/x/crypto v0.15.0 间接依赖 go
github.com/hashicorp/go-multierror v1.1.1 直接依赖 go
github.com/sylabs/sif/v2 v2.15.0 间接依赖 go
github.com/cyphar/filepath-securejoin v0.2.4 直接依赖 go
github.com/vishvananda/netns v0.0.4 间接依赖 go
github.com/go-openapi/loads v0.21.2 间接依赖 go
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 直接依赖 go
github.com/gorilla/mux v1.8.1 直接依赖 go
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 间接依赖 go
gopkg.in/yaml.v2 v2.4.0 间接依赖 go
github.com/oklog/ulid v1.3.1 间接依赖 go
github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466 直接依赖 go
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 间接依赖 go
github.com/containerd/cgroups/v3 v3.0.2 间接依赖 go
github.com/russross/blackfriday/v2 v2.1.0 间接依赖 go
github.com/leodido/go-urn v1.2.4 间接依赖 go
github.com/pkg/sftp v1.13.6 间接依赖 go
github.com/klauspost/pgzip v1.2.6 间接依赖 go
github.com/cpuguy83/go-md2man/v2 v2.0.3 直接依赖 go
github.com/morikuni/aec v1.0.0 间接依赖 go
go.mongodb.org/mongo-driver v1.11.3 间接依赖 go
golang.org/x/sys v0.14.0 直接依赖 go
github.com/pmezard/go-difflib v1.0.0 间接依赖 go
github.com/checkpoint-restore/checkpointctl v1.1.0 直接依赖 go
github.com/opencontainers/go-digest v1.0.0 直接依赖 go
github.com/moby/patternmatcher v0.5.0 间接依赖 go
github.com/stretchr/testify v1.8.4 直接依赖 go
github.com/Microsoft/go-winio v0.6.1 直接依赖 go
github.com/hashicorp/go-retryablehttp v0.7.4 间接依赖 go
github.com/go-openapi/analysis v0.21.4 间接依赖 go
gopkg.in/inf.v0 v0.9.1 直接依赖 go
github.com/containers/luksy v0.0.0-20230912175440-6df88cb7f0dd 间接依赖 go
github.com/go-playground/validator/v10 v10.15.5 间接依赖 go
github.com/go-openapi/jsonreference v0.20.2 间接依赖 go
github.com/containers/ocicrypt v1.1.9 直接依赖 go
github.com/google/go-containerregistry v0.16.1 间接依赖 go
github.com/segmentio/ksuid v1.0.4 间接依赖 go
github.com/sigstore/rekor v1.2.2 间接依赖 go
github.com/openshift/imagebuilder v1.2.5 直接依赖 go
github.com/aead/serpent v0.0.0-20160714141033-fba169763ea6 间接依赖 go
github.com/Microsoft/hcsshim v0.12.0-rc.1 间接依赖 go
golang.org/x/mod v0.13.0 间接依赖 go
github.com/gin-gonic/gin v1.9.1 间接依赖 go
github.com/go-openapi/swag v0.22.4 间接依赖 go
github.com/mattn/go-runewidth v0.0.15 间接依赖 go
github.com/containernetworking/cni v1.1.2 直接依赖 go
github.com/gorilla/handlers v1.5.2 直接依赖 go
github.com/mattn/go-colorable v0.1.13 间接依赖 go
github.com/gogo/protobuf v1.3.2 间接依赖 go
codespell 2.2.4 间接依赖 pip
go.opentelemetry.io/otel v1.16.0 间接依赖 go
github.com/inconshreveable/mousetrap v1.1.0 间接依赖 go
github.com/opencontainers/runc v1.1.10 直接依赖 go
golang.org/x/mod v0.14.0 间接依赖 go
github.com/gin-contrib/sse v0.1.0 间接依赖 go
github.com/mattn/go-sqlite3 v1.14.18 直接依赖 go
github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6 间接依赖 go
github.com/docker/distribution v2.8.3+incompatible 直接依赖 go
github.com/goccy/go-json v0.10.2 间接依赖 go
github.com/containerd/stargz-snapshotter/estargz v0.15.1 间接依赖 go
github.com/ugorji/go/codec v1.2.11 间接依赖 go
github.com/cyberphone/json-canonicalization v0.0.0-20230710064741-aa7fe85c7dbd 间接依赖 go
dario.cat/mergo v1.0.0 间接依赖 go
github.com/go-logr/stdr v1.2.2 间接依赖 go
github.com/proglottis/gpgme v0.1.3 间接依赖 go
github.com/mailru/easyjson v0.7.7 间接依赖 go
github.com/hashicorp/go-version v1.3.0 间接依赖 go
github.com/tklauser/go-sysconf v0.3.12 间接依赖 go
github.com/BurntSushi/toml v1.3.2 直接依赖 go
google.golang.org/appengine v1.6.8 间接依赖 go
github.com/hugelgupf/p9 v0.3.1-0.20230822151754-54f5c5530921 直接依赖 go
github.com/rivo/uniseg v0.4.4 间接依赖 go
github.com/go-logr/logr v1.3.0 间接依赖 go
github.com/go-openapi/errors v0.20.4 间接依赖 go
github.com/opencontainers/runtime-spec v1.1.1-0.20230922153023-c0e90434df2a 直接依赖 go
sigs.k8s.io/yaml v1.4.0 直接依赖 go
github.com/google/uuid v1.4.0 直接依赖 go
github.com/containers/libhvee v0.4.1-0.20231106202301-9651e31ae734 直接依赖 go
github.com/go-openapi/validate v0.22.1 间接依赖 go
github.com/klauspost/cpuid/v2 v2.2.5 间接依赖 go
golang.org/x/term v0.14.0 直接依赖 go
github.com/coreos/stream-metadata-go v0.4.3 直接依赖 go
github.com/opentracing/opentracing-go v1.2.0 间接依赖 go
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 间接依赖 go
golang.org/x/tools v0.14.0 间接依赖 go
github.com/ulikunitz/xz v0.5.11 直接依赖 go
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 直接依赖 go
golang.org/x/text v0.14.0 直接依赖 go
github.com/opencontainers/selinux v1.11.0 直接依赖 go
github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 间接依赖 go
github.com/docker/go-plugins-helpers v0.0.0-20211224144127-6eecb7beb651 直接依赖 go
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d 间接依赖 go
github.com/magefile/mage v1.14.0 间接依赖 go
github.com/coreos/go-systemd/v22 v22.5.1-0.20231103132048-7d375ecc2b09 直接依赖 go
github.com/docker/go-connections v0.4.1-0.20231031175723-0b8c1f4e07a0 直接依赖 go
github.com/containers/psgo v1.8.0 直接依赖 go
github.com/coreos/go-oidc/v3 v3.7.0 间接依赖 go
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 间接依赖 go
github.com/fsnotify/fsnotify v1.7.0 间接依赖 go
github.com/pelletier/go-toml/v2 v2.1.0 间接依赖 go
gopkg.in/yaml.v3 v3.0.1 直接依赖 go
github.com/hashicorp/errwrap v1.1.0 间接依赖 go
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 间接依赖 go
go.opentelemetry.io/otel/metric v1.16.0 间接依赖 go
go.opentelemetry.io/otel/trace v1.16.0 间接依赖 go
github.com/mattn/go-isatty v0.0.19 间接依赖 go
github.com/moby/sys/mountinfo v0.7.1 间接依赖 go
golang.org/x/sync v0.5.0 直接依赖 go
github.com/shirou/gopsutil/v3 v3.23.10 直接依赖 go
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 间接依赖 go
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 间接依赖 go
gopkg.in/go-jose/go-jose.v2 v2.6.1 间接依赖 go
github.com/secure-systems-lab/go-securesystemslib v0.7.0 间接依赖 go
github.com/sigstore/sigstore v1.7.5 间接依赖 go
github.com/containers/gvisor-tap-vsock v0.7.1 直接依赖 go
github.com/felixge/httpsnoop v1.0.3 间接依赖 go
github.com/containerd/log v0.1.0 间接依赖 go
github.com/mistifyio/go-zfs/v3 v3.0.1 间接依赖 go
github.com/spf13/cobra v1.8.0 直接依赖 go
github.com/sigstore/fulcio v1.4.3 间接依赖 go
github.com/crc-org/vfkit v0.1.2-0.20231030102423-f3c783d34420 直接依赖 go
tags.cncf.io/container-device-interface v0.6.2 直接依赖 go
github.com/mattn/go-shellwords v1.0.12 直接依赖 go
(0)
上一篇 2023年11月18日
下一篇 2023年11月18日

相关推荐

  • acharts/acharts 软件分析报告

    基础信息 项目名称:acharts/acharts 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715508845338034176/1715508845447086080 此报告由Murphysec提供 漏洞…

    软件分析 2023年10月23日
    0
  • zq2599/blog_demos 软件分析报告

    基础信息 项目名称:zq2599/blog_demos 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1720417432671522816/1720417433514577920 此报告由Murphysec提供 …

    软件分析 2023年11月4日
    0
  • davesteele/cloudprint-service 软件分析报告

    基础信息 项目名称:davesteele/cloudprint-service 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721125912983896064/1722636009065390080 此报告由…

    软件分析 2023年11月9日
    0
  • keepcosmos/readability 软件分析报告

    基础信息 项目名称:keepcosmos/readability 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1719404472857051136/1719404472894799872 此报告由Murphys…

    软件分析 2023年11月1日
    0
  • whamtet/Excel-REPL 软件分析报告

    基础信息 项目名称:whamtet/Excel-REPL 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1719702037256077312/1719702037310603264 此报告由Murphysec提供…

    软件分析 2023年11月1日
    0