基础信息
项目名称:astaxie/beego
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1716090048948600832/1716090049514831872
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Google Golang 资源管理错误漏洞 | MPS-2022-58307 | CVE-2022-41723 | 高危 | |
| Google Go 权限许可和访问控制问题漏洞 | 权限管理不当 | MPS-2022-9049 | CVE-2022-29526 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| golang.org/x/net | v0.0.0-20200822124328-c89045814202 | 0.17.0 | 间接依赖 | 建议修复 |
| golang.org/x/sys | v0.0.0-20200824131525-c12d262b63d8 | 0.1.0 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-2-Clause | 5 | 低 |
| Apache-2.0 | 14 | 低 |
| MIT | 13 | 低 |
| MPL-2.0 | 2 | 低 |
| BSD-3-Clause | 13 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| github.com/syndtr/goleveldb | v0.0.0-20181127023241-353a9fca669c | 间接依赖 | go |
| github.com/gomodule/redigo | v2.0.0+incompatible | 直接依赖 | go |
| github.com/bradfitz/gomemcache | v0.0.0-20180710155616-bc664df96737 | 直接依赖 | go |
| github.com/pelletier/go-toml | v1.8.1 | 直接依赖 | go |
| github.com/coreos/go-systemd | v0.0.0-20191104093116-d3cd4ed1dbcf | 间接依赖 | go |
| github.com/go-sql-driver/mysql | v1.5.0 | 直接依赖 | go |
| go.etcd.io/etcd | v3.3.25+incompatible | 间接依赖 | go |
| github.com/go-redis/redis | v6.14.2+incompatible | 直接依赖 | go |
| github.com/elastic/go-elasticsearch/v6 | v6.8.5 | 直接依赖 | go |
| github.com/mitchellh/mapstructure | v1.3.3 | 直接依赖 | go |
| github.com/hashicorp/golang-lru | v0.5.4 | 直接依赖 | go |
| golang.org/x/tools | v0.0.0-20200117065230-39095c1d176c | 直接依赖 | go |
| golang.org/x/sys | v0.0.0-20200824131525-c12d262b63d8 | 间接依赖 | go |
| github.com/ledisdb/ledisdb | v0.0.0-20200510135210-d35789ec47e6 | 直接依赖 | go |
| golang.org/x/text | v0.3.3 | 间接依赖 | go |
| github.com/beego/goyaml2 | v0.0.0-20130207012346-5545475820dd | 直接依赖 | go |
| github.com/go-redis/redis/v7 | v7.4.0 | 直接依赖 | go |
| github.com/wendal/errors | v0.0.0-20130201093226-f66c77a7882b | 间接依赖 | go |
| github.com/coreos/pkg | v0.0.0-20180928190104-399ea9e2e55f | 间接依赖 | go |
| github.com/gogo/protobuf | v1.3.1 | 直接依赖 | go |
| honnef.co/go/tools | v0.0.1-2020.1.5 | 间接依赖 | go |
| github.com/casbin/casbin | v1.7.0 | 直接依赖 | go |
| github.com/ssdb/gossdb | v0.0.0-20180723034631-88f6b59b84ec | 直接依赖 | go |
| github.com/couchbase/goutils | v0.0.0-20180530154633-e865a1461c8a | 间接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 直接依赖 | go |
| github.com/elazarl/go-bindata-assetfs | v1.0.0 | 直接依赖 | go |
| github.com/coreos/go-semver | v0.3.0 | 间接依赖 | go |
| github.com/go-kit/kit | v0.9.0 | 直接依赖 | go |
| github.com/grpc-ecosystem/go-grpc-prometheus | v1.2.0 | 直接依赖 | go |
| github.com/prometheus/client_golang | v1.7.0 | 直接依赖 | go |
| github.com/mattn/go-sqlite3 | v2.0.3+incompatible | 直接依赖 | go |
| github.com/beego/x2j | v0.0.0-20131220205130-a0352aadc542 | 直接依赖 | go |
| golang.org/x/crypto | v0.0.0-20200622213623-75b288015ac9 | 直接依赖 | go |
| github.com/opentracing/opentracing-go | v1.2.0 | 直接依赖 | go |
| github.com/golang/snappy | v0.0.0-20180518054509-2e65f85255db | 间接依赖 | go |
| github.com/lib/pq | v1.0.0 | 直接依赖 | go |
| github.com/coreos/etcd | v3.3.25+incompatible | 直接依赖 | go |
| github.com/stretchr/testify | v1.4.0 | 直接依赖 | go |
| github.com/couchbase/go-couchbase | v0.0.0-20200519150804-63f3cdb75e0d | 直接依赖 | go |
| google.golang.org/grpc | v1.26.0 | 直接依赖 | go |
| github.com/couchbase/gomemcached | v0.0.0-20200526233749-ec430f949808 | 间接依赖 | go |
| gopkg.in/yaml.v2 | v2.2.8 | 直接依赖 | go |
| go.uber.org/zap | v1.15.0 | 间接依赖 | go |
| github.com/cloudflare/golz4 | v0.0.0-20150217214814-ef862a3cdc58 | 直接依赖 | go |
| github.com/Knetic/govaluate | v3.0.0+incompatible | 间接依赖 | go |
| github.com/google/go-cmp | v0.5.0 | 间接依赖 | go |
| github.com/shiena/ansicolor | v0.0.0-20151119151921-a422bbe96644 | 直接依赖 | go |
| github.com/google/uuid | v1.1.1 | 间接依赖 | go |
| golang.org/x/net | v0.0.0-20200822124328-c89045814202 | 间接依赖 | go |