VictoriaMetrics/VictoriaMetrics 软件分析报告

基础信息

项目名称:VictoriaMetrics/VictoriaMetrics

项目徽章:

Security Status

仓库地址:https://github.com/pterodactyl/panel

检测报告地址:https://www.murphysec.com/console/report/1744492377269051392/1744492377306800128

此报告由Murphysec提供

漏洞列表

漏洞名称 漏洞类型 MPS编号 CVE编号 漏洞等级
ejs 存在服务端模板注入漏洞 注入 MPS-2023-10199 CVE-2023-29827 严重
SSH协议前缀截断攻击(Terrapin攻击) 安全相关信息的截断 MPS-nv0f-qtib CVE-2023-48795 中危

缺陷组件

组件名称 版本 最小修复版本 依赖关系 修复建议
ejs 3.1.9 间接依赖 建议修复
golang.org/x/crypto v0.16.0 0.17.0 间接依赖 建议修复

许可证风险

许可证类型 相关组件 许可证风险
MIT 124
Apache-2.0 66
BSD-2-Clause 3
ISC 16
BSD-3-Clause 23
GPL-2.0 1

SBOM清单

组件名称 组件版本 是否直接依赖 仓库
hasown 2.0.0 间接依赖 npm
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 直接依赖 go
github.com/golang-jwt/jwt/v5 v5.2.0 间接依赖 go
go.opentelemetry.io/collector/semconv v0.91.0 间接依赖 go
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 间接依赖 go
to-regex-range 5.0.1 间接依赖 npm
google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 间接依赖 go
marked 5.1.2 间接依赖 npm
go.opentelemetry.io/otel/metric v1.21.0 间接依赖 go
github.com/jpillora/backoff v1.0.0 间接依赖 go
cliui 7.0.4 间接依赖 npm
cloud.google.com/go v0.111.0 间接依赖 go
golang.org/x/text v0.14.0 间接依赖 go
github.com/fatih/color v1.16.0 间接依赖 go
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 间接依赖 go
has-symbols 1.0.3 间接依赖 npm
has-proto 1.0.1 间接依赖 npm
github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9 间接依赖 go
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 间接依赖 go
google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 间接依赖 go
github.com/dennwc/varint v1.0.0 间接依赖 go
github.com/VictoriaMetrics/metrics v1.29.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 间接依赖 go
glob 7.2.3 间接依赖 npm
github.com/prometheus/prometheus v0.48.1 直接依赖 go
js-tokens 4.0.0 间接依赖 npm
glob-parent 5.1.2 间接依赖 npm
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd 间接依赖 go
github.com/mattn/go-isatty v0.0.20 间接依赖 go
@types/lodash.get 4.4.8 间接依赖 npm
emoji-regex 8.0.0 间接依赖 npm
invariant 2.2.4 间接依赖 npm
duplexer 0.1.2 间接依赖 npm
yargs-parser 20.2.9 间接依赖 npm
cloud.google.com/go/compute/metadata v0.2.3 间接依赖 go
github.com/aws/smithy-go v1.19.0 间接依赖 go
go.opentelemetry.io/otel/trace v1.21.0 间接依赖 go
github.com/valyala/fastjson v1.6.4 直接依赖 go
github.com/golang/snappy v0.0.4 直接依赖 go
csstype 3.1.2 间接依赖 npm
golang.org/x/sync v0.5.0 间接依赖 go
github.com/mattn/go-runewidth v0.0.15 间接依赖 go
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 间接依赖 go
github.com/jmespath/go-jmespath v0.4.0 间接依赖 go
convert-source-map 1.9.0 间接依赖 npm
is-extglob 2.1.1 间接依赖 npm
is-fullwidth-code-point 3.0.0 间接依赖 npm
github.com/urfave/cli/v2 v2.26.0 直接依赖 go
github.com/bmatcuk/doublestar/v4 v4.6.1 直接依赖 go
ansi-regex 5.0.1 间接依赖 npm
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 间接依赖 go
react-input-mask 2.0.4 间接依赖 npm
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.9 间接依赖 go
react-router-dom 6.17.0 间接依赖 npm
@types/webpack-env 1.18.3 间接依赖 npm
go.opencensus.io v0.24.0 间接依赖 go
github.com/cpuguy83/go-md2man/v2 v2.0.3 间接依赖 go
has-property-descriptors 1.0.1 间接依赖 npm
lodash.throttle 4.1.1 间接依赖 npm
jake 10.8.7 间接依赖 npm
google.golang.org/appengine v1.6.8 间接依赖 go
uplot 1.6.27 间接依赖 npm
github.com/VictoriaMetrics/fastcache v1.12.2 直接依赖 go
yargs 16.2.0 间接依赖 npm
@types/react-input-mask 3.0.4 间接依赖 npm
github.com/cespare/xxhash/v2 v2.2.0 直接依赖 go
github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 间接依赖 go
go.uber.org/goleak v1.3.0 间接依赖 go
cloud.google.com/go/storage v1.35.1 直接依赖 go
github.com/aws/aws-sdk-go-v2/config v1.26.1 直接依赖 go
define-data-property 1.1.1 间接依赖 npm
wrap-ansi 7.0.0 间接依赖 npm
once 1.4.0 间接依赖 npm
github.com/aws/aws-sdk-go-v2/service/s3 v1.47.5 直接依赖 go
github.com/go-logfmt/logfmt v0.6.0 间接依赖 go
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f 间接依赖 go
@remix-run/router 1.10.0 间接依赖 npm
ansi-styles 4.3.0 间接依赖 npm
string-width 4.2.3 间接依赖 npm
github.com/valyala/fasttemplate v1.2.2 直接依赖 go
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 间接依赖 go
github.com/go-logr/stdr v1.2.2 间接依赖 go
github.com/kylelemons/godebug v1.1.0 间接依赖 go
github.com/golang/protobuf v1.5.3 间接依赖 go
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 间接依赖 go
immutable 4.3.4 间接依赖 npm
cloud.google.com/go/iam v1.1.5 间接依赖 go
github.com/rivo/uniseg v0.4.4 间接依赖 go
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 间接依赖 go
gopkg.in/yaml.v3 v3.0.1 间接依赖 go
github.com/oklog/ulid v1.3.1 间接依赖 go
is-number 7.0.0 间接依赖 npm
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 间接依赖 go
fill-range 7.0.1 间接依赖 npm
gopd 1.0.1 间接依赖 npm
source-map-js 1.0.2 间接依赖 npm
btoa 1.2.1 间接依赖 npm
is-wsl 2.2.0 间接依赖 npm
side-channel 1.0.4 间接依赖 npm
github.com/russross/blackfriday/v2 v2.1.0 间接依赖 go
go.opentelemetry.io/collector/pdata v1.0.0 间接依赖 go
gzip-size 6.0.0 间接依赖 npm
wrappy 1.0.2 间接依赖 npm
cloud.google.com/go/compute v1.23.3 间接依赖 go
async 3.2.4 间接依赖 npm
normalize-path 3.0.0 间接依赖 npm
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 间接依赖 go
classnames 2.3.2 间接依赖 npm
filelist 1.0.4 间接依赖 npm
y18n 5.0.8 间接依赖 npm
github.com/google/s2a-go v0.1.7 间接依赖 go
@types/marked 5.0.2 间接依赖 npm
github.com/VividCortex/ewma v1.2.0 间接依赖 go
github.com/valyala/gozstd v1.20.1 直接依赖 go
temp 0.9.4 间接依赖 npm
anymatch 3.1.3 间接依赖 npm
google.golang.org/grpc v1.60.0 间接依赖 go
loose-envify 1.4.0 间接依赖 npm
github.com/aws/aws-sdk-go v1.49.1 间接依赖 go
github.com/prometheus/client_model v0.5.0 间接依赖 go
github.com/googleapis/enterprise-certificate-proxy v0.3.2 间接依赖 go
open 7.4.2 间接依赖 npm
@types/react 18.2.33 间接依赖 npm
source-map 0.7.4 间接依赖 npm
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 间接依赖 go
golang.org/x/net v0.19.0 直接依赖 go
github.com/cheggaaa/pb/v3 v3.1.4 直接依赖 go
google.golang.org/protobuf v1.31.0 间接依赖 go
google.golang.org/api v0.154.0 直接依赖 go
github.com/gogo/protobuf v1.3.2 直接依赖 go
picomatch 2.3.1 间接依赖 npm
github.com/prometheus/common v0.45.0 间接依赖 go
binary-extensions 2.2.0 间接依赖 npm
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 间接依赖 go
gopkg.in/yaml.v2 v2.4.0 直接依赖 go
balanced-match 1.0.2 间接依赖 npm
golang.org/x/time v0.5.0 间接依赖 go
github.com/stretchr/testify v1.8.4 间接依赖 go
github.com/aws/aws-sdk-go-v2 v1.24.0 直接依赖 go
get-intrinsic 1.2.2 间接依赖 npm
qs 6.11.2 间接依赖 npm
fs.realpath 1.0.0 间接依赖 npm
go.opentelemetry.io/otel v1.21.0 间接依赖 go
chalk 4.1.2 间接依赖 npm
function-bind 1.1.2 间接依赖 npm
github.com/modern-go/reflect2 v1.0.2 间接依赖 go
github.com/beorn7/perks v1.0.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.7 直接依赖 go
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 间接依赖 go
golang.org/x/sys v0.15.0 直接依赖 go
github.com/googleapis/gax-go/v2 v2.12.0 直接依赖 go
is-glob 4.0.3 间接依赖 npm
github.com/go-kit/log v0.2.1 间接依赖 go
@types/history 4.7.11 间接依赖 npm
inherits 2.0.4 间接依赖 npm
google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 间接依赖 go
github.com/go-logr/logr v1.3.0 间接依赖 go
go.uber.org/atomic v1.11.0 间接依赖 go
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc 间接依赖 go
dayjs 1.11.10 间接依赖 npm
braces 3.0.2 间接依赖 npm
github.com/prometheus/procfs v0.12.0 间接依赖 go
is-binary-path 2.1.0 间接依赖 npm
github.com/VictoriaMetrics/metricsql v0.70.0 直接依赖 go
chokidar 3.5.3 间接依赖 npm
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da 间接依赖 go
warning 4.0.3 间接依赖 npm
escalade 3.1.1 间接依赖 npm
github.com/google/uuid v1.5.0 间接依赖 go
@types/qs 6.9.9 间接依赖 npm
github.com/prometheus/client_golang v1.17.0 间接依赖 go
minimatch 5.1.6 间接依赖 npm
codespell 2.2.6 间接依赖 pip
github.com/felixge/httpsnoop v1.0.4 间接依赖 go
minimist 1.2.8 间接依赖 npm
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 间接依赖 go
@types/node 20.8.9 间接依赖 npm
require-directory 2.1.1 间接依赖 npm
github.com/VictoriaMetrics/fasthttp v1.2.0 直接依赖 go
github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd 间接依赖 go
preact 10.18.1 间接依赖 npm
undici-types 5.26.5 间接依赖 npm
github.com/valyala/histogram v1.2.0 直接依赖 go
inflight 1.0.6 间接依赖 npm
lodash.debounce 4.0.8 间接依赖 npm
@types/prop-types 15.7.9 间接依赖 npm
@types/scheduler 0.16.5 间接依赖 npm
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.9 间接依赖 go
github.com/mattn/go-colorable v0.1.13 间接依赖 go
@types/lodash.throttle 4.1.8 间接依赖 npm
go.uber.org/multierr v1.11.0 间接依赖 go
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 间接依赖 go
github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9 间接依赖 go
lodash.get 4.4.2 间接依赖 npm
github.com/valyala/quicktemplate v1.7.0 直接依赖 go
react-router 6.17.0 间接依赖 npm
escape-html 1.0.3 间接依赖 npm
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 间接依赖 go
call-bind 1.0.5 间接依赖 npm
concat-map 0.0.1 间接依赖 npm
typescript 4.6.4 间接依赖 npm
rimraf 2.6.3 间接依赖 npm
golang.org/x/oauth2 v0.15.0 直接依赖 go
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 间接依赖 go
set-function-length 1.1.1 间接依赖 npm
@types/lodash 4.14.200 间接依赖 npm
github.com/valyala/bytebufferpool v1.0.0 间接依赖 go
@types/lodash.debounce 4.0.8 间接依赖 npm
ejs 3.1.9 间接依赖 npm
object-inspect 1.13.1 间接依赖 npm
github.com/klauspost/compress v1.17.4 直接依赖 go
github.com/pkg/errors v0.9.1 间接依赖 go
@types/react-router 5.1.20 间接依赖 npm
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0 直接依赖 go
golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb 间接依赖 go
golang.org/x/crypto v0.16.0 间接依赖 go
is-docker 2.2.1 间接依赖 npm
lodash 4.17.21 间接依赖 npm
github.com/valyala/fastrand v1.1.0 直接依赖 go
readdirp 3.6.0 间接依赖 npm
brace-expansion 1.1.11 间接依赖 npm
sass 1.69.5 间接依赖 npm
github.com/influxdata/influxdb v1.11.2 直接依赖 go
github.com/json-iterator/go v1.1.12 间接依赖 go
github.com/aws/aws-sdk-go-v2/credentials v1.16.12 间接依赖 go
get-caller-file 2.0.5 间接依赖 npm
path-is-absolute 1.0.1 间接依赖 npm
strip-ansi 6.0.1 间接依赖 npm
github.com/prometheus/common/sigv4 v0.1.0 间接依赖 go
source-map-explorer 2.5.3 间接依赖 npm
minimatch 3.1.2 间接依赖 npm
web-vitals 3.5.0 间接依赖 npm
mkdirp 0.5.6 间接依赖 npm
@types/react-router-dom 5.3.3 间接依赖 npm
github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 间接依赖 go
(0)
上一篇 2024年1月9日
下一篇 2024年1月9日

相关推荐

  • aurelia/framework 软件分析报告

    基础信息 项目名称:aurelia/framework 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716113574493552640/1716113575076560896 此报告由Murphysec提供 …

    软件分析 2023年10月23日
    0
  • Awilum/monstra-cms 软件分析报告

    基础信息 项目名称:Awilum/monstra-cms 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1716133752802689024/1716133752844632064 此报告由Murphysec提供…

    软件分析 2023年10月23日
    0
  • aalmada/reactive-dev-days-lab 软件分析报告

    基础信息 项目名称:aalmada/reactive-dev-days-lab 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1715488670231609344/1715488670357438464 此报告由…

    软件分析 2023年10月23日
    0
  • houyhea/log4web 软件分析报告

    基础信息 项目名称:houyhea/log4web 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1718665433984925696/1718665434928644096 此报告由Murphysec提供 漏洞…

    软件分析 2023年10月30日
    0
  • zfsonlinux/zfs 软件分析报告

    基础信息 项目名称:zfsonlinux/zfs 项目徽章: 仓库地址:https://github.com/pterodactyl/panel 检测报告地址:https://www.murphysec.com/console/report/1720367113843027968/1720367121828982784 此报告由Murphysec提供 漏洞列…

    软件分析 2023年11月3日
    0