基础信息
项目名称:easysoft/zendata
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721153993408843776/1729312311193063424
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| go.uuid 不安全的随机性漏洞 | 使用具有密码学弱点缺陷的PRNG | MPS-2021-7854 | CVE-2021-3538 | 严重 |
| Google Golang 资源管理错误漏洞 | MPS-2022-58307 | CVE-2022-41723 | 高危 | |
| Google Golang 资源管理错误漏洞 | 不加限制或调节的资源分配 | MPS-2022-58311 | CVE-2022-41727 | 中危 |
| Google Golang 资源管理错误漏洞 | 拒绝服务 | MPS-c8am-hbny | CVE-2023-39325 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/satori/go.uuid | v1.2.0 | 直接依赖 | 建议修复 | |
| golang.org/x/image | v0.0.0-20210220032944-ac19c3e999fb | 0.5.0 | 间接依赖 | 建议修复 |
| golang.org/x/net | v0.0.0-20220225172249-27dd8689420f | 0.17.0 | 间接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 15 | 低 |
| MIT | 56 | 低 |
| BSD-2-Clause | 6 | 低 |
| ISC | 1 | 低 |
| BSD-3-Clause | 29 | 低 |
| MPL-2.0 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| gopkg.in/yaml.v2 | v2.4.0 | 直接依赖 | go |
| github.com/emirpasic/gods | v1.12.0 | 直接依赖 | go |
| github.com/vmihailenco/tagparser/v2 | v2.0.0 | 间接依赖 | go |
| github.com/gobwas/ws | v1.1.0 | 间接依赖 | go |
| github.com/kataras/sitemap | v0.0.5 | 间接依赖 | go |
| github.com/Knetic/govaluate | v3.0.0+incompatible | 直接依赖 | go |
| github.com/gobwas/pool | v0.2.1 | 间接依赖 | go |
| github.com/pierrec/lz4/v4 | v4.1.3 | 间接依赖 | go |
| github.com/xuri/efp | v0.0.0-20210128032744-13be4fd5dcb5 | 间接依赖 | go |
| github.com/gobwas/httphead | v0.1.0 | 间接依赖 | go |
| github.com/richardlehane/mscfb | v1.0.3 | 间接依赖 | go |
| github.com/perimeterx/marshmallow | v1.1.5 | 间接依赖 | go |
| github.com/mailru/easyjson | v0.7.7 | 间接依赖 | go |
| github.com/mohae/deepcopy | v0.0.0-20170929034955-c48cc78d4826 | 间接依赖 | go |
| github.com/mattn/go-sqlite3 | v1.14.15 | 间接依赖 | go |
| github.com/kataras/tunnel | v0.0.3 | 间接依赖 | go |
| github.com/iris-contrib/schema | v0.0.6 | 间接依赖 | go |
| github.com/asaskevich/govalidator | v0.0.0-20230301143203-a9d515a09cc2 | 直接依赖 | go |
| github.com/kataras/pio | v0.0.10 | 间接依赖 | go |
| github.com/gorilla/css | v1.0.0 | 间接依赖 | go |
| github.com/nats-io/nuid | v1.0.1 | 间接依赖 | go |
| github.com/valyala/bytebufferpool | v1.0.0 | 间接依赖 | go |
| github.com/CloudyKit/fastprinter | v0.0.0-20200109182630-33d98a066a53 | 间接依赖 | go |
| KERNEL32.dll | 间接依赖 | ||
| github.com/goccy/go-json | v0.9.4 | 间接依赖 | go |
| github.com/getkin/kin-openapi | v0.120.0 | 直接依赖 | go |
| ole32.dll | 间接依赖 | ||
| github.com/iris-contrib/go.uuid | v2.0.0+incompatible | 间接依赖 | go |
| google.golang.org/protobuf | v1.27.1 | 间接依赖 | go |
| api-ms-win-crt-locale-l1-1-0.dll | 间接依赖 | ||
| github.com/oklog/ulid/v2 | v2.0.2 | 直接依赖 | go |
| github.com/mholt/archiver/v3 | v3.5.0 | 直接依赖 | go |
| api-ms-win-crt-math-l1-1-0.dll | 间接依赖 | ||
| github.com/xi2/xz | v0.0.0-20171230120015-48954b6210f8 | 间接依赖 | go |
| ADVAPI32.dll | 间接依赖 | ||
| github.com/russross/blackfriday/v2 | v2.1.0 | 间接依赖 | go |
| github.com/nwaples/rardecode | v1.1.0 | 间接依赖 | go |
| php7ts.dll | 间接依赖 | ||
| github.com/facebookgo/subset | v0.0.0-20200203212716-c811ad88dec4 | 间接依赖 | go |
| github.com/jinzhu/copier | v0.2.5 | 直接依赖 | go |
| DNSAPI.dll | 间接依赖 | ||
| github.com/mattn/go-isatty | v0.0.14 | 间接依赖 | go |
| api-ms-win-crt-utility-l1-1-0.dll | 间接依赖 | ||
| github.com/snowlyg/helper | v0.0.6 | 直接依赖 | go |
| github.com/go-sql-driver/mysql | v1.6.0 | 间接依赖 | go |
| github.com/jinzhu/inflection | v1.0.0 | 间接依赖 | go |
| github.com/mediocregopher/radix/v3 | v3.8.0 | 间接依赖 | go |
| github.com/vmihailenco/msgpack/v5 | v5.3.5 | 间接依赖 | go |
| libc.so.6 | 间接依赖 | ||
| github.com/satori/go.uuid | v1.2.0 | 直接依赖 | go |
| ld-linux-x86-64.so.2 | 间接依赖 | ||
| gorm.io/driver/sqlite | v1.5.0 | 直接依赖 | go |
| github.com/jinzhu/now | v1.1.5 | 间接依赖 | go |
| libpthread.so.0 | 间接依赖 | ||
| /usr/lib/libSystem.B.dylib | 间接依赖 | ||
| github.com/nats-io/nkeys | v0.3.0 | 间接依赖 | go |
| api-ms-win-crt-environment-l1-1-0.dll | 间接依赖 | ||
| github.com/modern-go/concurrent | v0.0.0-20180228061459-e0a39a4cb421 | 间接依赖 | go |
| golang.org/x/net | v0.0.0-20220225172249-27dd8689420f | 间接依赖 | go |
| api-ms-win-crt-runtime-l1-1-0.dll | 间接依赖 | ||
| /usr/lib/libz.1.dylib | 间接依赖 | ||
| github.com/go-openapi/jsonpointer | v0.19.6 | 间接依赖 | go |
| github.com/fatih/structs | v1.1.0 | 间接依赖 | go |
| github.com/kataras/blocks | v0.0.5 | 间接依赖 | go |
| github.com/microcosm-cc/bluemonday | v1.0.18 | 间接依赖 | go |
| gorm.io/plugin/dbresolver | v1.2.0 | 直接依赖 | go |
| github.com/klauspost/compress | v1.14.4 | 间接依赖 | go |
| golang.org/x/time | v0.0.0-20220224211638-0e9765cccd65 | 间接依赖 | go |
| github.com/kataras/iris/v12 | v12.2.0-alpha9 | 直接依赖 | go |
| github.com/golang/snappy | v0.0.4 | 间接依赖 | go |
| github.com/yosssi/ace | v0.0.5 | 间接依赖 | go |
| github.com/tdewolff/parse/v2 | v2.5.27 | 间接依赖 | go |
| github.com/kataras/neffos | v0.0.19 | 间接依赖 | go |
| github.com/fatih/color | v1.13.0 | 直接依赖 | go |
| github.com/360EntSecGroup-Skylar/excelize/v2 | v2.3.2 | 直接依赖 | go |
| github.com/gorilla/websocket | v1.5.0 | 间接依赖 | go |
| github.com/BurntSushi/toml | v1.0.0 | 间接依赖 | go |
| github.com/dsnet/compress | v0.0.1 | 间接依赖 | go |
| github.com/iris-contrib/jade | v1.1.4 | 间接依赖 | go |
| github.com/facebookgo/ensure | v0.0.0-20200202191622-63f1cf65ac4c | 间接依赖 | go |
| github.com/klauspost/pgzip | v1.2.5 | 间接依赖 | go |
| api-ms-win-crt-filesystem-l1-1-0.dll | 间接依赖 | ||
| gopkg.in/yaml.v3 | v3.0.1 | 直接依赖 | go |
| github.com/josharian/intern | v1.0.0 | 间接依赖 | go |
| gorm.io/driver/mysql | v1.3.3 | 直接依赖 | go |
| github.com/aymerick/raymond | v2.0.3-0.20180322193309-b565731e1464+incompatible | 间接依赖 | go |
| github.com/facebookgo/inject | v0.0.0-20180706035515-f23751cae28b | 直接依赖 | go |
| VCRUNTIME140.dll | 间接依赖 | ||
| github.com/mattn/go-colorable | v0.1.9 | 间接依赖 | go |
| golang.org/x/xerrors | v0.0.0-20200804184101-5ec99f83aff1 | 间接依赖 | go |
| github.com/eknkc/amber | v0.0.0-20171010120322-cdade1c07385 | 间接依赖 | go |
| github.com/nats-io/nats.go | v1.13.1-0.20220121202836-972a071d373d | 间接依赖 | go |
| github.com/richardlehane/msoleps | v1.0.1 | 间接依赖 | go |
| github.com/aymerick/douceur | v0.2.0 | 间接依赖 | go |
| github.com/invopop/yaml | v0.2.0 | 间接依赖 | go |
| github.com/robfig/cron/v3 | v3.0.1 | 直接依赖 | go |
| github.com/tdewolff/minify/v2 | v2.10.0 | 间接依赖 | go |
| github.com/Shopify/goreferrer | v0.0.0-20210630161223-536fa16abd6f | 间接依赖 | go |
| api-ms-win-crt-convert-l1-1-0.dll | 间接依赖 | ||
| golang.org/x/text | v0.13.0 | 直接依赖 | go |
| github.com/golang/protobuf | v1.5.2 | 直接依赖 | go |
| USER32.dll | 间接依赖 | ||
| github.com/facebookgo/stack | v0.0.0-20160209184415-751773369052 | 间接依赖 | go |
| github.com/flosch/pongo2/v4 | v4.0.2 | 间接依赖 | go |
| gopkg.in/ini.v1 | v1.66.4 | 直接依赖 | go |
| github.com/mattn/go-runewidth | v0.0.10 | 直接依赖 | go |
| github.com/rivo/uniseg | v0.2.0 | 间接依赖 | go |
| WS2_32.dll | 间接依赖 | ||
| libm.so.6 | 间接依赖 | ||
| github.com/go-openapi/swag | v0.22.4 | 间接依赖 | go |
| api-ms-win-crt-heap-l1-1-0.dll | 间接依赖 | ||
| github.com/google/uuid | v1.3.0 | 间接依赖 | go |
| github.com/schollz/closestmatch | v2.1.0+incompatible | 间接依赖 | go |
| github.com/Chain-Zhang/pinyin | v0.1.3 | 直接依赖 | go |
| golang.org/x/sys | v0.5.0 | 间接依赖 | go |
| github.com/kataras/golog | v0.1.7 | 间接依赖 | go |
| api-ms-win-crt-string-l1-1-0.dll | 间接依赖 | ||
| PSAPI.DLL | 间接依赖 | ||
| github.com/iris-contrib/middleware/cors | v0.0.0-20220417122231-60b1fdb1e02b | 直接依赖 | go |
| api-ms-win-crt-stdio-l1-1-0.dll | 间接依赖 | ||
| github.com/facebookgo/structtag | v0.0.0-20150214074306-217e25fb9691 | 间接依赖 | go |
| api-ms-win-crt-time-l1-1-0.dll | 间接依赖 | ||
| golang.org/x/crypto | v0.0.0-20220214200702-86341886e292 | 间接依赖 | go |
| github.com/blang/semver/v4 | v4.0.0 | 间接依赖 | go |
| github.com/modern-go/reflect2 | v1.0.2 | 间接依赖 | go |
| /usr/lib/libc++.1.dylib | 间接依赖 | ||
| github.com/json-iterator/go | v1.1.12 | 间接依赖 | go |
| github.com/CloudyKit/jet/v6 | v6.1.0 | 间接依赖 | go |
| github.com/andybalholm/brotli | v1.0.4 | 间接依赖 | go |
| golang.org/x/image | v0.0.0-20210220032944-ac19c3e999fb | 间接依赖 | go |
| github.com/ulikunitz/xz | v0.5.10 | 间接依赖 | go |
| gorm.io/gorm | v1.24.7-0.20230306060331-85eaf9eeda11 | 直接依赖 | go |