基础信息
项目名称:lni/dragonboat
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1744138923660587008/1744138923702530048
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Google Golang 资源管理错误漏洞 | 拒绝服务 | MPS-c8am-hbny | CVE-2023-39325 | 高危 |
| SSH协议前缀截断攻击(Terrapin攻击) | 安全相关信息的截断 | MPS-nv0f-qtib | CVE-2023-48795 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| golang.org/x/crypto | v0.13.0 | 0.17.0 | 间接依赖 | 建议修复 |
| golang.org/x/net | v0.15.0 | 0.17.0 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| ISC | 1 | 低 |
| MPL-2.0 | 6 | 低 |
| Apache-2.0 | 6 | 低 |
| MIT | 12 | 低 |
| BSD-3-Clause | 19 | 低 |
| BSD-2-Clause | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/davecgh/go-spew | v1.1.1 | 间接依赖 | go |
| github.com/hashicorp/golang-lru | v0.5.1 | 间接依赖 | go |
| github.com/cockroachdb/redact | v1.1.3 | 间接依赖 | go |
| github.com/hashicorp/memberlist | v0.3.1 | 直接依赖 | go |
| github.com/VictoriaMetrics/metrics | v1.18.1 | 直接依赖 | go |
| github.com/gogo/protobuf | v1.3.2 | 间接依赖 | go |
| golang.org/x/sync | v0.1.0 | 间接依赖 | go |
| github.com/rogpeppe/go-internal | v1.8.1 | 间接依赖 | go |
| github.com/pmezard/go-difflib | v1.0.0 | 间接依赖 | go |
| github.com/kr/text | v0.2.0 | 间接依赖 | go |
| github.com/hashicorp/go-msgpack | v0.5.3 | 间接依赖 | go |
| github.com/sean-/seed | v0.0.0-20170313163322-e2103e2c3529 | 间接依赖 | go |
| github.com/kr/pretty | v0.3.0 | 直接依赖 | go |
| github.com/cockroachdb/logtags | v0.0.0-20211118104740-dabe8e521a4f | 间接依赖 | go |
| github.com/valyala/fastrand | v1.1.0 | 间接依赖 | go |
| github.com/lni/goutils | v1.4.0 | 直接依赖 | go |
| github.com/cespare/xxhash/v2 | v2.1.2 | 直接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.1 | 间接依赖 | go |
| github.com/hashicorp/go-sockaddr | v1.0.0 | 间接依赖 | go |
| github.com/hashicorp/go-multierror | v1.0.0 | 间接依赖 | go |
| github.com/DataDog/zstd | v1.4.5 | 间接依赖 | go |
| golang.org/x/crypto | v0.13.0 | 间接依赖 | go |
| github.com/klauspost/compress | v1.11.13 | 间接依赖 | go |
| github.com/armon/go-metrics | v0.0.0-20180917152333-f0300d1749da | 间接依赖 | go |
| golang.org/x/exp | v0.0.0-20200513190911-00229845015e | 直接依赖 | go |
| github.com/getsentry/sentry-go | v0.12.0 | 间接依赖 | go |
| github.com/google/uuid | v1.3.0 | 直接依赖 | go |
| github.com/hashicorp/go-immutable-radix | v1.0.0 | 间接依赖 | go |
| github.com/hashicorp/errwrap | v1.0.0 | 间接依赖 | go |
| github.com/golang/snappy | v0.0.4 | 直接依赖 | go |
| golang.org/x/net | v0.15.0 | 间接依赖 | go |
| github.com/cockroachdb/pebble | v0.0.0-20221207173255-0f086d933dac | 直接依赖 | go |
| github.com/cockroachdb/errors | v1.9.0 | 直接依赖 | go |
| github.com/HdrHistogram/hdrhistogram-go | v1.1.2 | 间接依赖 | go |
| github.com/valyala/histogram | v1.2.0 | 间接依赖 | go |
| github.com/miekg/dns | v1.1.26 | 间接依赖 | go |
| github.com/stretchr/testify | v1.7.0 | 直接依赖 | go |
| golang.org/x/sys | v0.12.0 | 直接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 间接依赖 | go |
| github.com/pierrec/lz4/v4 | v4.1.14 | 直接依赖 | go |
| github.com/google/btree | v1.0.0 | 间接依赖 | go |
| github.com/lni/vfs | v0.2.1-0.20220616104132-8852fd867376 | 直接依赖 | go |