基础信息
项目名称:kubeless/kubeless
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721350277583163392/1730593163545890816
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| jwt-go 安全漏洞 | 授权检查缺失 | MPS-2020-13786 | CVE-2020-26160 | 高危 |
| Google Golang 资源管理错误漏洞 | MPS-2022-58307 | CVE-2022-41723 | 高危 | |
| Google Golang 资源管理错误漏洞 | 拒绝服务 | MPS-c8am-hbny | CVE-2023-39325 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/dgrijalva/jwt-go | v3.2.0+incompatible | 4.0.0-preview1 | 间接依赖 | 建议修复 |
| golang.org/x/net | v0.0.0-20190620200207-3b0461eec859 | 0.17.0 | 直接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 26 | 低 |
| 自定义许可证 | 3 | 低 |
| BSD-3-Clause | 4 | 低 |
| MIT | 10 | 低 |
| BSD-2-Clause | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/nats-io/go-nats | v1.7.0 | 直接依赖 | go |
| github.com/coreos/prometheus-operator | v0.0.0-20171201110357-197eb012d973 | 直接依赖 | go |
| javax.activation:activation | 1.1 | 间接依赖 | maven |
| k8s.io/client-go | v7.0.0+incompatible | 直接依赖 | go |
| github.com/nats-io/nkeys | v0.0.2 | 间接依赖 | go |
| javax.mail:mail | 1.4.3 | 直接依赖 | maven |
| golang.org/x/build | v0.0.0-20190111050920-041ab4dc3f9d | 间接依赖 | go |
| github.com/prometheus/client_model | v0.0.0-20190129233127-fd36f4220a90 | 间接依赖 | go |
| github.com/spf13/cobra | v1.1.1 | 直接依赖 | go |
| github.com/Azure/go-autorest | v8.0.0+incompatible | 间接依赖 | go |
| github.com/nats-io/nuid | v1.0.0 | 间接依赖 | go |
| github.com/robfig/cron | v0.0.0-20180505203441-b41be1df6967 | 直接依赖 | go |
| org.apache.geronimo.specs:geronimo-jms_1.1_spec | 1.0 | 直接依赖 | maven |
| joda-time:joda-time | 2.9.2 | 直接依赖 | maven |
| gopkg.in/yaml.v2 | v2.4.0 | 间接依赖 | go |
| github.com/nats-io/gnatsd | v1.4.1 | 间接依赖 | go |
| github.com/googleapis/gnostic | v0.2.0 | 间接依赖 | go |
| github.com/sirupsen/logrus | v1.2.0 | 直接依赖 | go |
| github.com/kubeless/cronjob-trigger | v1.0.2 | 直接依赖 | go |
| github.com/aws/aws-sdk-go | v1.16.26 | 直接依赖 | go |
| golang.org/x/net | v0.0.0-20190620200207-3b0461eec859 | 直接依赖 | go |
| github.com/pkg/errors | v0.8.1 | 间接依赖 | go |
| config | 间接依赖 | pip | |
| github.com/prometheus/common | v0.4.0 | 直接依赖 | go |
| github.com/kubeless/kafka-trigger | v1.0.1 | 直接依赖 | go |
| github.com/kubeless/kinesis-trigger | v0.0.0-20180817123215-a548c3d1cbd9 | 直接依赖 | go |
| monolog/monolog | ^1.23 | 间接依赖 | composer |
| github.com/imdario/mergo | v0.3.7 | 直接依赖 | go |
| github.com/prometheus/client_golang | v0.9.3 | 直接依赖 | go |
| github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | 间接依赖 | go |
| github.com/sirupsen/logrus | v1.6.0 | 直接依赖 | go |
| io.kubeless:params | 1.0-SNAPSHOT | 直接依赖 | maven |
| github.com/kubeless/http-trigger | v1.0.0 | 直接依赖 | go |
| github.com/gosuri/uitable | v0.0.0-20160404203958-36ee7e946282 | 直接依赖 | go |
| github.com/dgrijalva/jwt-go | v3.2.0+incompatible | 间接依赖 | go |
| k8s.io/apimachinery | v0.0.0-20180228050457-302974c03f7e | 直接依赖 | go |
| github.com/gophercloud/gophercloud | v0.0.0-20190130105114-cc9c99918988 | 间接依赖 | go |
| github.com/google/gofuzz | v0.0.0-20170612174753-24818f796faf | 间接依赖 | go |
| hellowithdepshelper | 间接依赖 | pip | |
| k8s.io/apiextensions-apiserver | v0.0.0-20180327033742-750feebe2038 | 直接依赖 | go |
| github.com/ghodss/yaml | v1.0.1-0.20190212211648-25d852aebe32 | 直接依赖 | go |
| k8s.io/api | v0.0.0-20180308224125-73d903622b73 | 直接依赖 | go |
| github.com/golang/glog | v0.0.0-20160126235308-23def4e6c14b | 直接依赖 | go |
| bs4 | 间接依赖 | pip | |
| github.com/kubeless/nats-trigger | v0.0.0-20180817123246-372a5fa547dc | 直接依赖 | go |
| github.com/mattn/go-runewidth | v0.0.4 | 间接依赖 | go |
| client | 间接依赖 | pip |