基础信息
项目名称:containers/libpod
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721104113634185216/1725571289195696128
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Kubernetes 输入验证错误漏洞 | 输入验证不恰当 | MPS-2019-15838 | CVE-2019-11255 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| k8s.io/kubernetes | v1.28.4 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 43 | 低 |
| Apache-2.0 | 94 | 低 |
| MIT | 65 | 低 |
| MPL-2.0 | 7 | 低 |
| BSD-2-Clause | 7 | 低 |
| ISC | 2 | 低 |
| Unlicense | 1 | 低 |
| CC-BY-SA-4.0 | 1 | 中 |
| GPL-2.0 | 1 | 中 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/google/go-cmp | v0.6.0 | 间接依赖 | go |
| github.com/docker/go-units | v0.5.0 | 直接依赖 | go |
| github.com/disiqueira/gotree/v3 | v3.0.2 | 间接依赖 | go |
| github.com/google/go-intervals | v0.0.2 | 间接依赖 | go |
| github.com/yusufpapurcu/wmi | v1.2.3 | 间接依赖 | go |
| google.golang.org/protobuf | v1.31.0 | 直接依赖 | go |
| github.com/twitchyliquid64/golang-asm | v0.15.1 | 间接依赖 | go |
| github.com/containers/libtrust | v0.0.0-20230121012942-c1716e8a8d01 | 间接依赖 | go |
| github.com/hashicorp/go-cleanhttp | v0.5.2 | 间接依赖 | go |
| github.com/docker/docker | v24.0.7+incompatible | 直接依赖 | go |
| github.com/vishvananda/netlink | v1.2.1-beta.2 | 直接依赖 | go |
| github.com/bytedance/sonic | v1.10.1 | 间接依赖 | go |
| golang.org/x/tools | v0.15.0 | 直接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 间接依赖 | go |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20230920204549-e6e6cdab5c13 | 间接依赖 | go |
| github.com/containernetworking/plugins | v1.3.0 | 直接依赖 | go |
| golang.org/x/arch | v0.5.0 | 间接依赖 | go |
| github.com/go-openapi/jsonpointer | v0.19.6 | 间接依赖 | go |
| github.com/opencontainers/image-spec | v1.1.0-rc5 | 直接依赖 | go |
| github.com/davecgh/go-spew | v1.1.1 | 间接依赖 | go |
| github.com/fatih/color | v1.15.0 | 间接依赖 | go |
| github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | 间接依赖 | go |
| github.com/sirupsen/logrus | v1.8.1 | 间接依赖 | go |
| golang.org/x/net | v0.18.0 | 直接依赖 | go |
| github.com/ostreedev/ostree-go | v0.0.0-20210805093236-719684c64e4f | 间接依赖 | go |
| github.com/chzyer/readline | v1.5.1 | 间接依赖 | go |
| github.com/mdlayher/socket | v0.4.1 | 间接依赖 | go |
| github.com/distribution/reference | v0.5.0 | 间接依赖 | go |
| github.com/containers/common | v0.56.1-0.20231102181045-6a67921ec5ce | 直接依赖 | go |
| google.golang.org/grpc | v1.58.3 | 间接依赖 | go |
| github.com/google/gofuzz | v1.2.0 | 直接依赖 | go |
| go.opencensus.io | v0.24.0 | 间接依赖 | go |
| github.com/spf13/pflag | v1.0.5 | 直接依赖 | go |
| github.com/VividCortex/ewma | v1.2.0 | 间接依赖 | go |
| github.com/josharian/intern | v1.0.0 | 间接依赖 | go |
| github.com/containers/storage | v1.50.3-0.20231108224651-a56f2b2fecfd | 直接依赖 | go |
| github.com/kr/fs | v0.1.0 | 间接依赖 | go |
| github.com/gabriel-vasile/mimetype | v1.4.2 | 间接依赖 | go |
| github.com/onsi/ginkgo/v2 | v2.13.1 | 直接依赖 | go |
| flask | 间接依赖 | pip | |
| github.com/fsouza/go-dockerclient | v1.9.7 | 间接依赖 | go |
| github.com/docker/docker-credential-helpers | v0.8.0 | 间接依赖 | go |
| github.com/miekg/pkcs11 | v1.1.1 | 间接依赖 | go |
| github.com/containers/conmon | v2.0.20+incompatible | 直接依赖 | go |
| github.com/mdlayher/vsock | v1.2.1 | 直接依赖 | go |
| github.com/vbatts/tar-split | v0.11.5 | 间接依赖 | go |
| github.com/stefanberger/go-pkcs11uri | v0.0.0-20201008174630-78d3cae3a980 | 间接依赖 | go |
| github.com/gorilla/schema | v1.2.0 | 直接依赖 | go |
| github.com/containers/image/v5 | v5.28.1-0.20231101173728-373c52a9466f | 直接依赖 | go |
| golang.org/x/oauth2 | v0.13.0 | 间接依赖 | go |
| github.com/blang/semver/v4 | v4.0.0 | 直接依赖 | go |
| github.com/linuxkit/virtsock | v0.0.0-20220523201153-1a23e78aa7a2 | 直接依赖 | go |
| tags.cncf.io/container-device-interface/specs-go | v0.6.0 | 间接依赖 | go |
| github.com/moby/term | v0.5.0 | 直接依赖 | go |
| github.com/containers/buildah | v1.32.1-0.20231026190652-11e3b2132761 | 直接依赖 | go |
| github.com/onsi/gomega | v1.30.0 | 直接依赖 | go |
| github.com/tchap/go-patricia/v2 | v2.3.1 | 间接依赖 | go |
| github.com/json-iterator/go | v1.1.12 | 直接依赖 | go |
| github.com/go-task/slim-sprig | v0.0.0-20230315185526-52ccab3ef572 | 间接依赖 | go |
| github.com/mitchellh/mapstructure | v1.5.0 | 间接依赖 | go |
| github.com/shoenig/go-m1cpu | v0.1.6 | 间接依赖 | go |
| gopkg.in/tomb.v1 | v1.0.0-20141024135613-dd632973f1e7 | 间接依赖 | go |
| github.com/vbauerster/mpb/v8 | v8.6.2 | 直接依赖 | go |
| github.com/containerd/containerd | v1.7.8 | 间接依赖 | go |
| github.com/go-openapi/strfmt | v0.21.7 | 间接依赖 | go |
| github.com/rootless-containers/rootlesskit | v1.1.1 | 直接依赖 | go |
| github.com/golang/groupcache | v0.0.0-20210331224755-41bb18bfe9da | 间接依赖 | go |
| github.com/google/pprof | v0.0.0-20230323073829-e72429f035bd | 间接依赖 | go |
| github.com/moby/sys/sequential | v0.5.0 | 间接依赖 | go |
| github.com/nxadm/tail | v1.4.11 | 直接依赖 | go |
| github.com/checkpoint-restore/go-criu/v7 | v7.0.0 | 直接依赖 | go |
| github.com/go-ole/go-ole | v1.2.6 | 间接依赖 | go |
| github.com/opencontainers/runtime-tools | v0.9.1-0.20230914150019-408c51e934dc | 直接依赖 | go |
| github.com/mattn/go-isatty | v0.0.17 | 间接依赖 | go |
| github.com/go-playground/universal-translator | v0.18.1 | 间接依赖 | go |
| github.com/chenzhuoyu/iasm | v0.9.0 | 间接依赖 | go |
| github.com/coreos/go-systemd | v0.0.0-20190719114852-fd7a80b32e1f | 间接依赖 | go |
| github.com/chenzhuoyu/base64x | v0.0.0-20230717121745-296ad89f973d | 间接依赖 | go |
| github.com/manifoldco/promptui | v0.9.0 | 间接依赖 | go |
| github.com/digitalocean/go-qemu | v0.0.0-20230711162256-2e3d0186973e | 直接依赖 | go |
| github.com/buger/goterm | v1.0.4 | 直接依赖 | go |
| github.com/go-playground/locales | v0.14.1 | 间接依赖 | go |
| github.com/klauspost/compress | v1.17.2 | 间接依赖 | go |
| github.com/golang/protobuf | v1.5.3 | 间接依赖 | go |
| github.com/seccomp/libseccomp-golang | v0.10.0 | 间接依赖 | go |
| github.com/tklauser/numcpus | v0.6.1 | 间接依赖 | go |
| github.com/sirupsen/logrus | v1.9.3 | 直接依赖 | go |
| github.com/modern-go/reflect2 | v1.0.2 | 间接依赖 | go |
| github.com/go-openapi/spec | v0.20.9 | 间接依赖 | go |
| github.com/jinzhu/copier | v0.4.0 | 间接依赖 | go |
| github.com/go-jose/go-jose/v3 | v3.0.0 | 间接依赖 | go |
| golang.org/x/exp | v0.0.0-20231006140011-7918f672742d | 直接依赖 | go |
| go.etcd.io/bbolt | v1.3.8 | 直接依赖 | go |
| github.com/vbatts/git-validation | v1.2.1 | 直接依赖 | go |
| github.com/go-openapi/runtime | v0.26.0 | 间接依赖 | go |
| k8s.io/kubernetes | v1.28.4 | 直接依赖 | go |
| github.com/power-devops/perfstat | v0.0.0-20210106213030-5aafc221ea8c | 间接依赖 | go |
| github.com/digitalocean/go-libvirt | v0.0.0-20220804181439-8648fbde413e | 间接依赖 | go |
| golang.org/x/crypto | v0.15.0 | 间接依赖 | go |
| github.com/hashicorp/go-multierror | v1.1.1 | 直接依赖 | go |
| github.com/sylabs/sif/v2 | v2.15.0 | 间接依赖 | go |
| github.com/cyphar/filepath-securejoin | v0.2.4 | 直接依赖 | go |
| github.com/vishvananda/netns | v0.0.4 | 间接依赖 | go |
| github.com/go-openapi/loads | v0.21.2 | 间接依赖 | go |
| github.com/syndtr/gocapability | v0.0.0-20200815063812-42c35b437635 | 直接依赖 | go |
| github.com/gorilla/mux | v1.8.1 | 直接依赖 | go |
| github.com/skratchdot/open-golang | v0.0.0-20200116055534-eef842397966 | 间接依赖 | go |
| gopkg.in/yaml.v2 | v2.4.0 | 间接依赖 | go |
| github.com/oklog/ulid | v1.3.1 | 间接依赖 | go |
| github.com/godbus/dbus/v5 | v5.1.1-0.20230522191255-76236955d466 | 直接依赖 | go |
| github.com/google/pprof | v0.0.0-20210407192527-94a9f03dee38 | 间接依赖 | go |
| github.com/containerd/cgroups/v3 | v3.0.2 | 间接依赖 | go |
| github.com/russross/blackfriday/v2 | v2.1.0 | 间接依赖 | go |
| github.com/leodido/go-urn | v1.2.4 | 间接依赖 | go |
| github.com/pkg/sftp | v1.13.6 | 间接依赖 | go |
| github.com/klauspost/pgzip | v1.2.6 | 间接依赖 | go |
| github.com/cpuguy83/go-md2man/v2 | v2.0.3 | 直接依赖 | go |
| github.com/morikuni/aec | v1.0.0 | 间接依赖 | go |
| go.mongodb.org/mongo-driver | v1.11.3 | 间接依赖 | go |
| golang.org/x/sys | v0.14.0 | 直接依赖 | go |
| github.com/pmezard/go-difflib | v1.0.0 | 间接依赖 | go |
| github.com/checkpoint-restore/checkpointctl | v1.1.0 | 直接依赖 | go |
| github.com/opencontainers/go-digest | v1.0.0 | 直接依赖 | go |
| github.com/moby/patternmatcher | v0.5.0 | 间接依赖 | go |
| github.com/stretchr/testify | v1.8.4 | 直接依赖 | go |
| github.com/Microsoft/go-winio | v0.6.1 | 直接依赖 | go |
| github.com/hashicorp/go-retryablehttp | v0.7.4 | 间接依赖 | go |
| github.com/go-openapi/analysis | v0.21.4 | 间接依赖 | go |
| gopkg.in/inf.v0 | v0.9.1 | 直接依赖 | go |
| github.com/containers/luksy | v0.0.0-20230912175440-6df88cb7f0dd | 间接依赖 | go |
| github.com/go-playground/validator/v10 | v10.15.5 | 间接依赖 | go |
| github.com/go-openapi/jsonreference | v0.20.2 | 间接依赖 | go |
| github.com/containers/ocicrypt | v1.1.9 | 直接依赖 | go |
| github.com/google/go-containerregistry | v0.16.1 | 间接依赖 | go |
| github.com/segmentio/ksuid | v1.0.4 | 间接依赖 | go |
| github.com/sigstore/rekor | v1.2.2 | 间接依赖 | go |
| github.com/openshift/imagebuilder | v1.2.5 | 直接依赖 | go |
| github.com/aead/serpent | v0.0.0-20160714141033-fba169763ea6 | 间接依赖 | go |
| github.com/Microsoft/hcsshim | v0.12.0-rc.1 | 间接依赖 | go |
| golang.org/x/mod | v0.13.0 | 间接依赖 | go |
| github.com/gin-gonic/gin | v1.9.1 | 间接依赖 | go |
| github.com/go-openapi/swag | v0.22.4 | 间接依赖 | go |
| github.com/mattn/go-runewidth | v0.0.15 | 间接依赖 | go |
| github.com/containernetworking/cni | v1.1.2 | 直接依赖 | go |
| github.com/gorilla/handlers | v1.5.2 | 直接依赖 | go |
| github.com/mattn/go-colorable | v0.1.13 | 间接依赖 | go |
| github.com/gogo/protobuf | v1.3.2 | 间接依赖 | go |
| codespell | 2.2.4 | 间接依赖 | pip |
| go.opentelemetry.io/otel | v1.16.0 | 间接依赖 | go |
| github.com/inconshreveable/mousetrap | v1.1.0 | 间接依赖 | go |
| github.com/opencontainers/runc | v1.1.10 | 直接依赖 | go |
| golang.org/x/mod | v0.14.0 | 间接依赖 | go |
| github.com/gin-contrib/sse | v0.1.0 | 间接依赖 | go |
| github.com/mattn/go-sqlite3 | v1.14.18 | 直接依赖 | go |
| github.com/letsencrypt/boulder | v0.0.0-20230213213521-fdfea0d469b6 | 间接依赖 | go |
| github.com/docker/distribution | v2.8.3+incompatible | 直接依赖 | go |
| github.com/goccy/go-json | v0.10.2 | 间接依赖 | go |
| github.com/containerd/stargz-snapshotter/estargz | v0.15.1 | 间接依赖 | go |
| github.com/ugorji/go/codec | v1.2.11 | 间接依赖 | go |
| github.com/cyberphone/json-canonicalization | v0.0.0-20230710064741-aa7fe85c7dbd | 间接依赖 | go |
| dario.cat/mergo | v1.0.0 | 间接依赖 | go |
| github.com/go-logr/stdr | v1.2.2 | 间接依赖 | go |
| github.com/proglottis/gpgme | v0.1.3 | 间接依赖 | go |
| github.com/mailru/easyjson | v0.7.7 | 间接依赖 | go |
| github.com/hashicorp/go-version | v1.3.0 | 间接依赖 | go |
| github.com/tklauser/go-sysconf | v0.3.12 | 间接依赖 | go |
| github.com/BurntSushi/toml | v1.3.2 | 直接依赖 | go |
| google.golang.org/appengine | v1.6.8 | 间接依赖 | go |
| github.com/hugelgupf/p9 | v0.3.1-0.20230822151754-54f5c5530921 | 直接依赖 | go |
| github.com/rivo/uniseg | v0.4.4 | 间接依赖 | go |
| github.com/go-logr/logr | v1.3.0 | 间接依赖 | go |
| github.com/go-openapi/errors | v0.20.4 | 间接依赖 | go |
| github.com/opencontainers/runtime-spec | v1.1.1-0.20230922153023-c0e90434df2a | 直接依赖 | go |
| sigs.k8s.io/yaml | v1.4.0 | 直接依赖 | go |
| github.com/google/uuid | v1.4.0 | 直接依赖 | go |
| github.com/containers/libhvee | v0.4.1-0.20231106202301-9651e31ae734 | 直接依赖 | go |
| github.com/go-openapi/validate | v0.22.1 | 间接依赖 | go |
| github.com/klauspost/cpuid/v2 | v2.2.5 | 间接依赖 | go |
| golang.org/x/term | v0.14.0 | 直接依赖 | go |
| github.com/coreos/stream-metadata-go | v0.4.3 | 直接依赖 | go |
| github.com/opentracing/opentracing-go | v1.2.0 | 间接依赖 | go |
| go.mozilla.org/pkcs7 | v0.0.0-20210826202110-33d05740a352 | 间接依赖 | go |
| golang.org/x/tools | v0.14.0 | 间接依赖 | go |
| github.com/ulikunitz/xz | v0.5.11 | 直接依赖 | go |
| github.com/google/shlex | v0.0.0-20191202100458-e7afc7fbc510 | 直接依赖 | go |
| golang.org/x/text | v0.14.0 | 直接依赖 | go |
| github.com/opencontainers/selinux | v1.11.0 | 直接依赖 | go |
| github.com/u-root/uio | v0.0.0-20230305220412-3e8cd9d6bf63 | 间接依赖 | go |
| github.com/docker/go-plugins-helpers | v0.0.0-20211224144127-6eecb7beb651 | 直接依赖 | go |
| github.com/acarl005/stripansi | v0.0.0-20180116102854-5a71ef0e047d | 间接依赖 | go |
| github.com/magefile/mage | v1.14.0 | 间接依赖 | go |
| github.com/coreos/go-systemd/v22 | v22.5.1-0.20231103132048-7d375ecc2b09 | 直接依赖 | go |
| github.com/docker/go-connections | v0.4.1-0.20231031175723-0b8c1f4e07a0 | 直接依赖 | go |
| github.com/containers/psgo | v1.8.0 | 直接依赖 | go |
| github.com/coreos/go-oidc/v3 | v3.7.0 | 间接依赖 | go |
| github.com/Azure/go-ansiterm | v0.0.0-20230124172434-306776ec8161 | 间接依赖 | go |
| github.com/fsnotify/fsnotify | v1.7.0 | 间接依赖 | go |
| github.com/pelletier/go-toml/v2 | v2.1.0 | 间接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.1 | 直接依赖 | go |
| github.com/hashicorp/errwrap | v1.1.0 | 间接依赖 | go |
| github.com/asaskevich/govalidator | v0.0.0-20230301143203-a9d515a09cc2 | 间接依赖 | go |
| go.opentelemetry.io/otel/metric | v1.16.0 | 间接依赖 | go |
| go.opentelemetry.io/otel/trace | v1.16.0 | 间接依赖 | go |
| github.com/mattn/go-isatty | v0.0.19 | 间接依赖 | go |
| github.com/moby/sys/mountinfo | v0.7.1 | 间接依赖 | go |
| golang.org/x/sync | v0.5.0 | 直接依赖 | go |
| github.com/shirou/gopsutil/v3 | v3.23.10 | 直接依赖 | go |
| github.com/titanous/rocacheck | v0.0.0-20171023193734-afe73141d399 | 间接依赖 | go |
| github.com/lufia/plan9stats | v0.0.0-20211012122336-39d0f177ccd0 | 间接依赖 | go |
| gopkg.in/go-jose/go-jose.v2 | v2.6.1 | 间接依赖 | go |
| github.com/secure-systems-lab/go-securesystemslib | v0.7.0 | 间接依赖 | go |
| github.com/sigstore/sigstore | v1.7.5 | 间接依赖 | go |
| github.com/containers/gvisor-tap-vsock | v0.7.1 | 直接依赖 | go |
| github.com/felixge/httpsnoop | v1.0.3 | 间接依赖 | go |
| github.com/containerd/log | v0.1.0 | 间接依赖 | go |
| github.com/mistifyio/go-zfs/v3 | v3.0.1 | 间接依赖 | go |
| github.com/spf13/cobra | v1.8.0 | 直接依赖 | go |
| github.com/sigstore/fulcio | v1.4.3 | 间接依赖 | go |
| github.com/crc-org/vfkit | v0.1.2-0.20231030102423-f3c783d34420 | 直接依赖 | go |
| tags.cncf.io/container-device-interface | v0.6.2 | 直接依赖 | go |
| github.com/mattn/go-shellwords | v1.0.12 | 直接依赖 | go |