jckuester/awsls 软件分析报告

基础信息

项目名称:jckuester/awsls

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1721298939230584832/1726746090445168640

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
Google Go 安全漏洞 不可达退出条件的循环(无限循环) MPS-2020-11223 CVE-2020-16845 高危
xz 安全漏洞 不可达退出条件的循环(无限循环) MPS-2021-5253 CVE-2021-29482 高危
HashiCorp go-getter 输入验证错误漏洞 命令注入 MPS-2022-10131 CVE-2022-30321 高危
HashiCorp go-getter 输入验证错误漏洞 权限、特权和访问控制 MPS-2022-10132 CVE-2022-30322 高危
HashiCorp go-getter 输入验证错误漏洞 权限、特权和访问控制 MPS-2022-10133 CVE-2022-30323 高危
Google Golang 资源管理错误漏洞 MPS-2022-58307 CVE-2022-41723 高危
HashiCorp go-getter 命令注入漏洞 命令注入 MPS-2022-6321 CVE-2022-26945 严重
Go-Yaml 安全漏洞 反序列化 MPS-2022-8233 CVE-2022-28948 高危
Google Go 权限许可和访问控制问题漏洞 权限管理不当 MPS-2022-9049 CVE-2022-29526 中危
HashiCorp go-getter 安全漏洞 拒绝服务 MPS-2023-2834 CVE-2023-0475 中危
Google Golang 资源管理错误漏洞 拒绝服务 MPS-c8am-hbny CVE-2023-39325 高危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
github.com/hashicorp/go-getter v1.4.2-0.20200106182914-9813cbd4eb02 1.7.0 间接依赖 强烈建议修复
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b 0.17.0 间接依赖 建议修复
github.com/ulikunitz/xz v0.5.5 0.5.8 间接依赖 建议修复
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c 3.0.0 间接依赖 建议修复
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f 0.1.0 间接依赖 可选修复

许可证风险

许可证类型 相关组件 许可证风险
MPL-2.0 18
Apache-2.0 158
MIT 31
BSD-3-Clause 14
BSD-2-Clause 3
Unicode-DFS-2016 2
ISC 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
github.com/hashicorp/golang-lru v0.5.3 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/macie2 v1.7.0 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/storagegateway v1.1.1 直接依赖 go
github.com/zclconf/go-cty v1.7.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/mediapackage v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/sagemaker v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/waf v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go v1.38.43 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/s3 v1.2.0 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/elastictranscoder v1.1.1 直接依赖 go
github.com/mitchellh/go-testing-interface v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/ssoadmin v1.1.2 间接依赖 go
github.com/mitchellh/reflectwalk v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.1.1 直接依赖 go
github.com/google/go-cmp v0.5.4 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/glacier v1.1.1 间接依赖 go
github.com/hashicorp/go-safetemp v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/fms v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/codestarnotifications v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/iot v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/ram v1.1.1 间接依赖 go
google.golang.org/appengine v1.6.5 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/athena v1.1.1 直接依赖 go
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb 间接依赖 go
github.com/pquerna/otp v1.2.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/elasticsearchservice v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/route53 v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/timestreamwrite v1.2.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/sso v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/sns v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/cognitoidentity v1.1.1 间接依赖 go
github.com/armon/go-radix v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/servicequotas v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/kinesis v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/workspaces v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/acm v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/pinpoint v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.1.1 间接依赖 go
github.com/hashicorp/go-plugin v1.3.0 间接依赖 go
github.com/zclconf/go-cty-yaml v1.0.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/kms v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/sqs v1.1.1 直接依赖 go
github.com/jmespath/go-jmespath v0.4.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.1.1 直接依赖 go
google.golang.org/grpc v1.27.1 间接依赖 go
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b 间接依赖 go
github.com/vmihailenco/msgpack/v4 v4.3.12 间接依赖 go
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/globalaccelerator v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/xray v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/codedeploy v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/wafv2 v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/s3control v1.2.0 间接依赖 go
github.com/fatih/color v1.10.0 直接依赖 go
github.com/googleapis/gax-go/v2 v2.0.5 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/glue v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/ses v1.1.1 直接依赖 go
github.com/hashicorp/hil v0.0.0-20190212112733-ab17b08d6590 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/applicationautoscaling v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/gamelift v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/cloud9 v1.1.1 间接依赖 go
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/guardduty v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/kinesisvideo v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/imagebuilder v1.1.1 直接依赖 go
github.com/apparentlymart/go-textseg/v12 v12.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/codecommit v1.1.1 直接依赖 go
github.com/hashicorp/go-hclog v0.12.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/databasemigrationservice v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/apigateway v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.2 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/quicksight v1.1.1 间接依赖 go
github.com/apparentlymart/go-textseg v1.0.0 间接依赖 go
github.com/hashicorp/hcl/v2 v2.3.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/docdb v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/dax v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/datasync v1.1.1 直接依赖 go
github.com/gobwas/glob v0.2.3 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/ssm v1.1.1 直接依赖 go
github.com/hashicorp/go-retryablehttp v0.5.2 间接依赖 go
github.com/hashicorp/terraform v0.12.31 间接依赖 go
github.com/oklog/run v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/iam v1.1.1 直接依赖 go
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d 间接依赖 go
github.com/go-sql-driver/mysql v1.5.0 间接依赖 go
golang.org/x/text v0.3.3 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/neptune v1.1.1 直接依赖 go
github.com/hashicorp/errwrap v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/lexmodelbuildingservice v1.1.1 直接依赖 go
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/opsworks v1.1.1 直接依赖 go
github.com/onsi/gomega v1.9.0 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/mwaa v1.2.0 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/autoscalingplans v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.1.1 直接依赖 go
github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596 间接依赖 go
github.com/aws/aws-sdk-go-v2/config v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/worklink v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/mediaconvert v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/budgets v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/dlm v1.1.1 直接依赖 go
github.com/golang/protobuf v1.3.4 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/ecr v1.1.1 直接依赖 go
github.com/apparentlymart/go-cidr v1.0.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/appmesh v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/sts v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/mq v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/servicecatalog v1.1.1 直接依赖 go
github.com/posener/complete v1.2.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/transfer v1.1.1 直接依赖 go
github.com/davecgh/go-spew v1.1.1 间接依赖 go
github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/emr v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/eks v1.1.1 直接依赖 go
github.com/hashicorp/go-uuid v1.0.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/lightsail v1.1.1 直接依赖 go
github.com/spf13/afero v1.2.1 间接依赖 go
github.com/hashicorp/go-cleanhttp v0.5.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/fsx v1.1.1 直接依赖 go
github.com/google/uuid v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/wafregional v1.1.1 直接依赖 go
github.com/bgentry/speakeasy v0.1.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/kinesisanalyticsv2 v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/appsync v1.1.1 直接依赖 go
github.com/mitchellh/go-homedir v1.1.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/redshift v1.1.1 直接依赖 go
github.com/mitchellh/mapstructure v1.1.2 间接依赖 go
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/kinesisanalytics v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/kafka v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/firehose v1.1.1 直接依赖 go
github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/directconnect v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/autoscaling v1.1.1 直接依赖 go
github.com/pkg/errors v0.9.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/codestarconnections v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.2 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/costandusagereportservice v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2 v1.6.0 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/acmpca v1.1.1 间接依赖 go
github.com/vmihailenco/tagparser v0.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/shield v1.1.1 间接依赖 go
github.com/disneystreaming/go-ssmhelpers v0.2.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/signer v1.1.1 直接依赖 go
github.com/ulikunitz/xz v0.5.5 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/directoryservice v1.1.1 间接依赖 go
github.com/mitchellh/cli v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/rds v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/backup v1.1.1 直接依赖 go
google.golang.org/api v0.9.1-0.20190821000710-329ecc3c9c34 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/apprunner v1.0.0 间接依赖 go
cloud.google.com/go v0.45.1 间接依赖 go
github.com/blang/semver v3.5.1+incompatible 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/elasticache v1.1.1 直接依赖 go
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/s3outposts v1.1.2 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/cloudwatchevents v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/sfn v1.1.1 直接依赖 go
github.com/hashicorp/go-version v1.2.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/datapipeline v1.1.1 间接依赖 go
github.com/spf13/pflag v1.0.3 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.1.1 直接依赖 go
github.com/hashicorp/go-getter v1.4.2-0.20200106182914-9813cbd4eb02 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/swf v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/configservice v1.1.1 直接依赖 go
github.com/mitchellh/copystructure v1.0.0 间接依赖 go
github.com/aws/smithy-go v1.4.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/securityhub v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/codepipeline v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.1.0 间接依赖 go
github.com/pmezard/go-difflib v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/cloudformation v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/internal/ini v1.0.0 间接依赖 go
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc 间接依赖 go
github.com/stretchr/testify v1.7.0 直接依赖 go
github.com/hashicorp/go-multierror v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/codebuild v1.1.1 直接依赖 go
go.opencensus.io v0.22.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/route53resolver v1.1.1 直接依赖 go
github.com/mitchellh/hashstructure v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/ecs v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/macie v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/ec2 v1.1.1 直接依赖 go
github.com/bmatcuk/doublestar v1.1.5 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/qldb v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/organizations v1.1.1 间接依赖 go
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/lakeformation v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.1.1 直接依赖 go
github.com/mattn/go-isatty v0.0.12 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/mediastore v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/synthetics v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/cloudhsmv2 v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/elasticbeanstalk v1.1.1 直接依赖 go
gopkg.in/yaml.v2 v2.2.8 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/batch v1.1.1 直接依赖 go
github.com/hashicorp/terraform-config-inspect v0.0.0-20191212124732-c6ae6269b9d7 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/lambda v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.1.2 直接依赖 go
github.com/agext/levenshtein v1.2.2 间接依赖 go
github.com/gruntwork-io/terratest v0.23.0 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/inspector v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/credentials v1.1.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/codeartifact v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/networkfirewall v1.1.2 直接依赖 go
github.com/mattn/go-colorable v0.1.8 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/licensemanager v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/efs v1.1.1 直接依赖 go
github.com/apex/log v1.9.0 直接依赖 go
github.com/mitchellh/go-wordwrap v1.0.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/resourcegroups v1.1.1 间接依赖 go
github.com/jckuester/awstools-lib v0.0.0-20220213052046-75c6b3af770f 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/devicefarm v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/servicediscovery v1.1.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.0.1 间接依赖 go
(0)
上一篇 2023年11月21日
下一篇 2023年11月21日

相关推荐

  • ZFBest/UITableViewSnapshot 软件分析报告

    基础信息 项目名称:ZFBest/UITableViewSnapshot 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721705646466310144/1721705646860574720 此报告由Mur…

    软件分析 2023年11月7日
    0
  • gdpancheng/LoonAndroid 软件分析报告

    基础信息 项目名称:gdpancheng/LoonAndroid 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721218166624948224/1723444385642663936 此报告由Murphys…

    软件分析 2023年11月12日
    0
  • gollum/gollum 软件分析报告

    基础信息 项目名称:gollum/gollum 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1721231662876004352/1726376271973142528 此报告由Murphysec提供 漏洞列表…

    软件分析 2023年11月20日
    0
  • google/symboliclink-testing-tools 软件分析报告

    基础信息 项目名称:google/symboliclink-testing-tools 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718286656893222912/1718286656964526080 …

    软件分析 2023年10月28日
    0
  • apparition47/MailTrackerBlocker 软件分析报告

    基础信息 项目名称:apparition47/MailTrackerBlocker 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715970384838918144/1715970384956358656 此报…

    软件分析 2023年10月23日
    0