基础信息
项目名称:txthinking/brook
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1744469110805798912/1744469110843547648
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| github.com/urfave/negroni 存在跨站重定向漏洞 | 跨站重定向 | MPS-2022-13490 | 中危 | |
| SSH协议前缀截断攻击(Terrapin攻击) | 安全相关信息的截断 | MPS-nv0f-qtib | CVE-2023-48795 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| golang.org/x/crypto | v0.15.0 | 0.17.0 | 直接依赖 | 建议修复 |
| github.com/urfave/negroni | v1.0.0 | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 19 | 低 |
| BSD-3-Clause | 17 | 低 |
| Apache-2.0 | 8 | 低 |
| BSD-2-Clause | 2 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/txthinking/runnergroup | v0.0.0-20230325130830-408dc5853f86 | 直接依赖 | go |
| github.com/krolaw/dhcp4 | v0.0.0-20190909130307-a50d88189771 | 直接依赖 | go |
| github.com/xrash/smetrics | v0.0.0-20201216005158-039620a65673 | 间接依赖 | go |
| github.com/miekg/dns | v1.1.57 | 直接依赖 | go |
| golang.org/x/net | v0.18.0 | 直接依赖 | go |
| github.com/klauspost/compress | v1.16.7 | 间接依赖 | go |
| github.com/prometheus/common | v0.44.0 | 间接依赖 | go |
| github.com/gaukas/godicttls | v0.0.4 | 间接依赖 | go |
| github.com/beorn7/perks | v1.0.1 | 间接依赖 | go |
| github.com/prometheus/client_golang | v1.17.0 | 直接依赖 | go |
| github.com/gorilla/mux | v1.8.1 | 直接依赖 | go |
| github.com/tdewolff/minify | v2.3.6+incompatible | 直接依赖 | go |
| github.com/andybalholm/brotli | v1.0.5 | 间接依赖 | go |
| google.golang.org/protobuf | v1.31.0 | 间接依赖 | go |
| github.com/tdewolff/test | v1.0.10 | 间接依赖 | go |
| github.com/matttproud/golang_protobuf_extensions | v1.0.4 | 间接依赖 | go |
| github.com/golang/protobuf | v1.5.3 | 间接依赖 | go |
| github.com/patrickmn/go-cache | v2.1.0+incompatible | 直接依赖 | go |
| github.com/gorilla/websocket | v1.5.1 | 直接依赖 | go |
| github.com/quic-go/qtls-go1-20 | v0.4.1 | 间接依赖 | go |
| github.com/urfave/cli/v2 | v2.25.7 | 直接依赖 | go |
| github.com/quic-go/quic-go | v0.40.0 | 直接依赖 | go |
| golang.org/x/exp | v0.0.0-20221205204356-47842c84f3db | 间接依赖 | go |
| golang.org/x/crypto | v0.15.0 | 直接依赖 | go |
| github.com/phuslu/iploc | v1.0.20231031 | 直接依赖 | go |
| golang.org/x/text | v0.14.0 | 间接依赖 | go |
| github.com/russross/blackfriday/v2 | v2.1.0 | 间接依赖 | go |
| golang.org/x/sys | v0.14.0 | 直接依赖 | go |
| golang.org/x/mod | v0.12.0 | 间接依赖 | go |
| github.com/cespare/xxhash/v2 | v2.2.0 | 间接依赖 | go |
| go.uber.org/mock | v0.3.0 | 间接依赖 | go |
| github.com/prometheus/client_model | v0.4.1-0.20230718164431-9a2bf3000d16 | 间接依赖 | go |
| github.com/go-task/slim-sprig | v0.0.0-20230315185526-52ccab3ef572 | 间接依赖 | go |
| github.com/urfave/negroni | v1.0.0 | 直接依赖 | go |
| github.com/txthinking/x | v0.0.0-20220929041811-1b4d914e9133 | 直接依赖 | go |
| github.com/onsi/ginkgo/v2 | v2.9.5 | 间接依赖 | go |
| github.com/tdewolff/parse | v2.3.4+incompatible | 间接依赖 | go |
| github.com/txthinking/socks5 | v0.0.0-20230325130024-4230056ae301 | 直接依赖 | go |
| github.com/prometheus/procfs | v0.11.1 | 间接依赖 | go |
| github.com/refraction-networking/utls | v1.5.4 | 直接依赖 | go |
| golang.org/x/tools | v0.13.0 | 间接依赖 | go |
| github.com/cpuguy83/go-md2man/v2 | v2.0.2 | 间接依赖 | go |
| github.com/google/pprof | v0.0.0-20210407192527-94a9f03dee38 | 间接依赖 | go |
| github.com/cloudflare/circl | v1.3.3 | 间接依赖 | go |