基础信息
项目名称:blacknon/lssh
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1727544608874778624/1727544612624486400
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Google Golang 资源管理错误漏洞 | MPS-2022-58307 | CVE-2022-41723 | 高危 | |
| Go-Yaml 安全漏洞 | 反序列化 | MPS-2022-8233 | CVE-2022-28948 | 高危 |
| Google Go 权限许可和访问控制问题漏洞 | 权限管理不当 | MPS-2022-9049 | CVE-2022-29526 | 中危 |
| Google Golang 资源管理错误漏洞 | 拒绝服务 | MPS-c8am-hbny | CVE-2023-39325 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| golang.org/x/net | v0.0.0-20220107192237-5cfca573fb4d | 0.17.0 | 直接依赖 | 建议修复 |
| gopkg.in/yaml.v3 | v3.0.0-20200313102051-9f266ea9e77c | 3.0.0 | 间接依赖 | 建议修复 |
| golang.org/x/sys | v0.0.0-20220224120231-95c6836cb0e7 | 0.1.0 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 10 | 低 |
| ISC | 1 | 低 |
| MIT | 23 | 低 |
| BSD-2-Clause | 4 | 低 |
| Apache-2.0 | 4 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/pmezard/go-difflib | v1.0.0 | 间接依赖 | go |
| github.com/blacknon/textcol | v0.0.1 | 直接依赖 | go |
| golang.org/x/term | v0.0.0-20210927222741-03fcf44c2211 | 间接依赖 | go |
| github.com/davecgh/go-spew | v1.1.0 | 间接依赖 | go |
| golang.org/x/net | v0.0.0-20220107192237-5cfca573fb4d | 直接依赖 | go |
| github.com/kevinburke/ssh_config | v0.0.0-20190724205821-6cfae18c12b8 | 直接依赖 | go |
| github.com/rivo/uniseg | v0.2.0 | 间接依赖 | go |
| github.com/BurntSushi/toml | v0.3.1 | 直接依赖 | go |
| golang.org/x/sys | v0.0.0-20220224120231-95c6836cb0e7 | 直接依赖 | go |
| github.com/dchest/bcrypt_pbkdf | v0.0.0-20150205184540-83f37f9c154a | 间接依赖 | go |
| github.com/dustin/go-humanize | v1.0.0 | 直接依赖 | go |
| github.com/mattn/go-tty | v0.0.3 | 间接依赖 | go |
| github.com/pkg/term | v1.1.0 | 间接依赖 | go |
| github.com/armon/go-socks5 | v0.0.0-20160902184237-e75332964ef5 | 间接依赖 | go |
| github.com/lunixbochs/vtclean | v1.0.0 | 间接依赖 | go |
| github.com/VividCortex/ewma | v1.2.0 | 间接依赖 | go |
| github.com/mattn/go-isatty | v0.0.12 | 间接依赖 | go |
| github.com/kr/fs | v0.1.0 | 间接依赖 | go |
| github.com/mattn/go-colorable | v0.1.7 | 间接依赖 | go |
| github.com/kardianos/osext | v0.0.0-20190222173326-2bc1f35cddc0 | 间接依赖 | go |
| github.com/kr/pretty | v0.1.0 | 间接依赖 | go |
| github.com/kballard/go-shellquote | v0.0.0-20180428030007-95032a82bc51 | 直接依赖 | go |
| github.com/stretchr/testify | v1.7.0 | 直接依赖 | go |
| github.com/thales-e-security/pool | v0.0.2 | 间接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 间接依赖 | go |
| github.com/moby/term | v0.0.0-20210619224110-3f7ff695adc6 | 间接依赖 | go |
| github.com/pkg/sftp | v1.13.4 | 直接依赖 | go |
| github.com/c-bata/go-prompt | v0.2.5 | 直接依赖 | go |
| mvdan.cc/sh | v2.6.3+incompatible | 直接依赖 | go |
| github.com/vbauerster/mpb | v3.4.0+incompatible | 直接依赖 | go |
| github.com/miekg/pkcs11 | v1.1.1 | 间接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.0-20200313102051-9f266ea9e77c | 间接依赖 | go |
| github.com/sevlyar/go-daemon | v0.1.5 | 直接依赖 | go |
| github.com/ThalesIgnite/crypto11 | v1.2.5 | 间接依赖 | go |
| github.com/acarl005/stripansi | v0.0.0-20180116102854-5a71ef0e047d | 间接依赖 | go |
| golang.org/x/crypto | v0.0.0-20211215153901-e495a2d5b3d3 | 直接依赖 | go |
| github.com/nsf/termbox-go | v1.1.1 | 直接依赖 | go |
| github.com/urfave/cli | v1.21.0 | 直接依赖 | go |
| github.com/ScaleFT/sshkeys | v0.0.0-20200327173127-6142f742bca5 | 间接依赖 | go |
| github.com/Azure/go-ansiterm | v0.0.0-20210617225240-d185dfc1b5a1 | 间接依赖 | go |
| github.com/blacknon/go-sshlib | v0.1.7 | 直接依赖 | go |
| github.com/mattn/go-runewidth | v0.0.13 | 直接依赖 | go |