基础信息
项目名称:gaocegege/maintainer
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721215677812965376/1726286323931111424
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Kubernetes API Server 资源管理错误漏洞 | 循环内过多的平台资源消耗 | MPS-2020-44793 | CVE-2019-11254 | 中危 |
| gopkg.in/yaml.v2 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-13505 | 中危 | |
| github.com/pkg/sftp 存在拒绝服务漏洞 | 拒绝服务 | MPS-2022-15389 | 中危 | |
| Go-Yaml 安全漏洞 | MPS-2022-52765 | CVE-2021-4235 | 中危 | |
| Google Golang 资源管理错误漏洞 | MPS-2022-58307 | CVE-2022-41723 | 高危 | |
| Go-Yaml 资源管理错误漏洞 | 拒绝服务 | MPS-2022-69639 | CVE-2022-3064 | 高危 |
| Google Go 权限许可和访问控制问题漏洞 | 权限管理不当 | MPS-2022-9049 | CVE-2022-29526 | 中危 |
| Google Golang 资源管理错误漏洞 | 拒绝服务 | MPS-c8am-hbny | CVE-2023-39325 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| gopkg.in/yaml.v2 | v2.0.0-20150924142314-53feefa2559f | 2.2.8 | 间接依赖 | 建议修复 |
| golang.org/x/net | v0.0.0-20180105013340-42fe2e1c20de | 0.17.0 | 间接依赖 | 建议修复 |
| golang.org/x/sys | v0.0.0-20160916181909-8f0908ab3b24 | 0.1.0 | 间接依赖 | 可选修复 |
| github.com/pkg/sftp | v0.0.0-20160930220758-4d0e916071f6 | 1.11.0 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 12 | 低 |
| Apache-2.0 | 4 | 低 |
| MIT | 9 | 低 |
| MPL-2.0 | 1 | 低 |
| BSD-2-Clause | 5 | 低 |
| LGPL-3.0 | 1 | 中 |
| ISC | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/kr/fs | v0.0.0-20131111012553-2788f0dbd169 | 间接依赖 | go |
| github.com/spf13/cobra | v0.0.0-20160722081547-f62e98d28ab7 | 直接依赖 | go |
| github.com/golang/protobuf | v0.0.0-20171113180720-1e59b77b52bf | 间接依赖 | go |
| golang.org/x/text | v0.0.0-20160726164857-2910a502d2bf | 间接依赖 | go |
| github.com/spf13/pflag | v0.0.0-20170130214245-9ff6c6923cff | 间接依赖 | go |
| golang.org/x/oauth2 | v0.0.0-20180104230036-30785a2c434e | 直接依赖 | go |
| github.com/mitchellh/mapstructure | v0.0.0-20140721150620-740c764bc614 | 间接依赖 | go |
| github.com/cpuguy83/go-md2man | v1.0.4 | 间接依赖 | go |
| github.com/hashicorp/hcl | v0.0.0-20160711231752-d8c773c4cba1 | 间接依赖 | go |
| github.com/spf13/afero | v0.0.0-20160816080757-b28a7effac97 | 间接依赖 | go |
| golang.org/x/crypto | v0.0.0-20161006174701-d172538b2cfc | 间接依赖 | go |
| github.com/shurcooL/sanitized_anchor_name | v0.0.0-20151028001915-10ef21a441db | 间接依赖 | go |
| github.com/google/go-querystring | v0.0.0-20151028211038-2a60fc2ba6c1 | 间接依赖 | go |
| github.com/magiconair/properties | v1.7.1-0.20160816085511-61b492c03cf4 | 间接依赖 | go |
| github.com/pkg/errors | v0.7.1-0.20160808055540-a22138067af1 | 间接依赖 | go |
| golang.org/x/sys | v0.0.0-20160916181909-8f0908ab3b24 | 间接依赖 | go |
| gopkg.in/yaml.v2 | v2.0.0-20150924142314-53feefa2559f | 间接依赖 | go |
| github.com/russross/blackfriday | v0.0.0-20151117072312-300106c228d5 | 间接依赖 | go |
| golang.org/x/sync | v0.0.0-20210220032951-036812b2e83c | 间接依赖 | go |
| golang.org/x/net | v0.0.0-20180105013340-42fe2e1c20de | 间接依赖 | go |
| github.com/fsnotify/fsnotify | v1.3.2-0.20160816051541-f12c6236fe7b | 间接依赖 | go |
| github.com/spf13/cast | v0.0.0-20160730092037-e31f36ffc91a | 间接依赖 | go |
| github.com/inconshreveable/mousetrap | v1.0.0 | 间接依赖 | go |
| github.com/google/go-github | v2.0.1-0.20160920051320-94a3cd9f5318+incompatible | 直接依赖 | go |
| github.com/stretchr/testify | v1.7.0 | 间接依赖 | go |
| github.com/davecgh/go-spew | v1.1.1 | 间接依赖 | go |
| gopkg.in/check.v1 | v1.0.0-20201130134442-10cb98267c6c | 间接依赖 | go |
| github.com/spf13/viper | v0.0.0-20160820190039-7fb2782df3d8 | 直接依赖 | go |
| github.com/spf13/jwalterweatherman | v0.0.0-20160311093646-33c24e77fb80 | 间接依赖 | go |
| github.com/pelletier/go-toml | v0.3.6-0.20160822122712-0049ab3dc4c4 | 间接依赖 | go |
| github.com/pelletier/go-buffruneio | v0.1.0 | 间接依赖 | go |
| github.com/pkg/sftp | v0.0.0-20160930220758-4d0e916071f6 | 间接依赖 | go |
| google.golang.org/appengine | v1.0.0 | 间接依赖 | go |