基础信息
项目名称:gogs/gogs
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721230563628548096/1726372808839618560
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| go.uuid 不安全的随机性漏洞 | 使用具有密码学弱点缺陷的PRNG | MPS-2021-7854 | CVE-2021-3538 | 严重 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| github.com/satori/go.uuid | v1.2.0 | 直接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 35 | 低 |
| MIT | 57 | 低 |
| ICU | 2 | 低 |
| Apache-2.0 | 32 | 低 |
| Zlib | 1 | 低 |
| BSD-2-Clause | 4 | 低 |
| ISC | 2 | 低 |
| MPL-2.0 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| modernc.org/mathutil | v1.6.0 | 间接依赖 | go |
| github.com/derision-test/go-mockgen | v1.3.7 | 直接依赖 | go |
| gopkg.in/redis.v2 | v2.3.2 | 间接依赖 | go |
| github.com/saintfish/chardet | v0.0.0-20120816061221-3af4cd4741ca | 间接依赖 | go |
| github.com/prometheus/client_model | v0.4.1-0.20230718164431-9a2bf3000d16 | 间接依赖 | go |
| github.com/stretchr/testify | v1.8.4 | 直接依赖 | go |
| go.opentelemetry.io/otel/trace | v1.11.0 | 间接依赖 | go |
| github.com/rivo/uniseg | v0.2.0 | 间接依赖 | go |
| golang.org/x/mod | v0.12.0 | 间接依赖 | go |
| github.com/google/uuid | v1.3.1 | 间接依赖 | go |
| github.com/cpuguy83/go-md2man/v2 | v2.0.2 | 间接依赖 | go |
| github.com/go-macaron/captcha | v0.2.0 | 直接依赖 | go |
| github.com/ssor/bom | v0.0.0-20170718123548-6386211fdfcf | 间接依赖 | go |
| github.com/go-macaron/binding | v1.2.0 | 直接依赖 | go |
| golang.org/x/net | v0.17.0 | 直接依赖 | go |
| github.com/niklasfasching/go-org | v1.7.0 | 直接依赖 | go |
| github.com/olekukonko/tablewriter | v0.0.5 | 直接依赖 | go |
| github.com/remyoudompheng/bigfft | v0.0.0-20230129092748-24d4a6f8daec | 间接依赖 | go |
| github.com/go-logr/logr | v1.2.3 | 间接依赖 | go |
| golang.org/x/tools | v0.6.0 | 间接依赖 | go |
| github.com/matttproud/golang_protobuf_extensions | v1.0.4 | 间接依赖 | go |
| golang.org/x/text | v0.13.0 | 直接依赖 | go |
| github.com/google/go-github | v17.0.0+incompatible | 直接依赖 | go |
| github.com/go-asn1-ber/asn1-ber | v1.5.5 | 间接依赖 | go |
| github.com/gogs/minwinsvc | v0.0.0-20170301035411-95be6356811a | 直接依赖 | go |
| github.com/Masterminds/semver/v3 | v3.2.1 | 直接依赖 | go |
| gopkg.in/macaron.v1 | v1.5.0 | 直接依赖 | go |
| github.com/aymerick/douceur | v0.2.0 | 间接依赖 | go |
| github.com/google/go-querystring | v1.0.0 | 间接依赖 | go |
| github.com/go-macaron/cache | v0.0.0-20190810181446-10f7c57e2196 | 直接依赖 | go |
| github.com/go-macaron/i18n | v0.6.0 | 直接依赖 | go |
| github.com/klauspost/compress | v1.8.6 | 间接依赖 | go |
| github.com/sourcegraph/run | v0.12.0 | 直接依赖 | go |
| gorm.io/driver/postgres | v1.5.4 | 直接依赖 | go |
| github.com/Azure/go-ntlmssp | v0.0.0-20221128193559-754e69321358 | 间接依赖 | go |
| github.com/klauspost/cpuid | v1.2.1 | 间接依赖 | go |
| github.com/itchyny/gojq | v0.12.11 | 间接依赖 | go |
| github.com/microsoft/go-mssqldb | v0.17.0 | 间接依赖 | go |
| modernc.org/memory | v1.7.2 | 间接依赖 | go |
| gopkg.in/yaml.v3 | v3.0.1 | 间接依赖 | go |
| github.com/bradfitz/gomemcache | v0.0.0-20190329173943-551aad21a668 | 间接依赖 | go |
| modernc.org/opt | v0.1.3 | 间接依赖 | go |
| github.com/unknwon/paginater | v0.0.0-20170405233947-45e5d631308e | 直接依赖 | go |
| github.com/lib/pq | v1.10.2 | 间接依赖 | go |
| github.com/prometheus/common | v0.44.0 | 间接依赖 | go |
| github.com/go-macaron/toolbox | v0.0.0-20190813233741-94defb8383c6 | 直接依赖 | go |
| github.com/mcuadros/go-version | v0.0.0-20190830083331-035f6764e8d2 | 间接依赖 | go |
| github.com/go-macaron/inject | v0.0.0-20160627170012-d8a0b8677191 | 间接依赖 | go |
| github.com/msteinert/pam | v1.2.0 | 直接依赖 | go |
| github.com/go-logr/stdr | v1.2.2 | 间接依赖 | go |
| modernc.org/token | v1.0.1 | 间接依赖 | go |
| gorm.io/driver/mysql | v1.5.2 | 直接依赖 | go |
| github.com/go-macaron/gzip | v0.0.0-20160222043647-cad1c6580a07 | 直接依赖 | go |
| lukechampine.com/uint128 | v1.2.0 | 间接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 直接依赖 | go |
| xorm.io/xorm | v0.8.0 | 直接依赖 | go |
| gorm.io/gorm | v1.25.5 | 直接依赖 | go |
| github.com/mattn/go-isatty | v0.0.16 | 间接依赖 | go |
| github.com/davecgh/go-spew | v1.1.1 | 间接依赖 | go |
| github.com/unknwon/com | v1.0.1 | 直接依赖 | go |
| github.com/satori/go.uuid | v1.2.0 | 直接依赖 | go |
| github.com/json-iterator/go | v1.1.12 | 直接依赖 | go |
| github.com/gorilla/css | v1.0.0 | 间接依赖 | go |
| github.com/djherbis/nio/v3 | v3.0.1 | 间接依赖 | go |
| github.com/unknwon/cae | v1.0.2 | 直接依赖 | go |
| github.com/dustin/go-humanize | v1.0.1 | 间接依赖 | go |
| github.com/editorconfig/editorconfig-core-go/v2 | v2.6.0 | 直接依赖 | go |
| xorm.io/core | v0.7.2 | 直接依赖 | go |
| modernc.org/strutil | v1.1.3 | 间接依赖 | go |
| github.com/jinzhu/inflection | v1.0.0 | 间接依赖 | go |
| github.com/itchyny/timefmt-go | v0.1.5 | 间接依赖 | go |
| github.com/prometheus/procfs | v0.11.1 | 间接依赖 | go |
| github.com/jackc/pgx/v5 | v5.4.3 | 间接依赖 | go |
| go.bobheadxi.dev/streamline | v1.2.1 | 间接依赖 | go |
| github.com/denisenkom/go-mssqldb | v0.12.0 | 间接依赖 | go |
| github.com/gogs/go-gogs-client | v0.0.0-20200128182646-c69cb7680fd4 | 直接依赖 | go |
| gopkg.in/bufio.v1 | v1.0.0-20140618132640-567b2bfa514e | 间接依赖 | go |
| gopkg.in/gomail.v2 | v2.0.0-20160411212932-81ebce5c23df | 直接依赖 | go |
| github.com/jackc/pgpassfile | v1.0.0 | 间接依赖 | go |
| github.com/pquerna/otp | v1.3.0 | 直接依赖 | go |
| github.com/golang-sql/sqlexp | v0.1.0 | 间接依赖 | go |
| xorm.io/builder | v0.3.6 | 直接依赖 | go |
| github.com/golang-sql/civil | v0.0.0-20220223132316-b832511892a9 | 间接依赖 | go |
| gorm.io/driver/sqlite | v1.4.2 | 直接依赖 | go |
| github.com/go-macaron/session | v0.0.0-20190805070824-1a3cdc6f5659 | 直接依赖 | go |
| github.com/modern-go/reflect2 | v1.0.2 | 间接依赖 | go |
| github.com/djherbis/buffer | v1.2.0 | 间接依赖 | go |
| github.com/go-macaron/csrf | v0.0.0-20190812063352-946f6d303a4c | 直接依赖 | go |
| github.com/russross/blackfriday/v2 | v2.1.0 | 间接依赖 | go |
| github.com/unknwon/i18n | v0.0.0-20190805065654-5c6446a380b6 | 直接依赖 | go |
| gorm.io/driver/sqlserver | v1.4.1 | 直接依赖 | go |
| github.com/mattn/go-colorable | v0.1.13 | 间接依赖 | go |
| github.com/jackc/pgservicefile | v0.0.0-20221227161230-091c0ba34f0a | 间接依赖 | go |
| gopkg.in/DATA-DOG/go-sqlmock.v2 | v2.0.0-20180914054222-c19298f520d0 | 直接依赖 | go |
| github.com/cespare/xxhash/v2 | v2.2.0 | 间接依赖 | go |
| github.com/jinzhu/now | v1.1.5 | 间接依赖 | go |
| github.com/golang/protobuf | v1.5.3 | 间接依赖 | go |
| github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | 间接依赖 | go |
| github.com/gogs/cron | v0.0.0-20171120032916-9f6c956d3e14 | 直接依赖 | go |
| github.com/gogs/go-libravatar | v0.0.0-20191106065024-33a75213d0a0 | 直接依赖 | go |
| github.com/russross/blackfriday | v1.6.0 | 直接依赖 | go |
| golang.org/x/crypto | v0.14.0 | 直接依赖 | go |
| github.com/urfave/cli | v1.22.14 | 直接依赖 | go |
| github.com/jaytaylor/html2text | v0.0.0-20190408195923-01ec452cbe43 | 直接依赖 | go |
| github.com/issue9/identicon | v1.2.1 | 直接依赖 | go |
| unknwon.dev/clog/v2 | v2.2.0 | 直接依赖 | go |
| github.com/prometheus/client_golang | v1.17.0 | 直接依赖 | go |
| go.opentelemetry.io/otel | v1.11.0 | 间接依赖 | go |
| gopkg.in/alexcesaro/quotedprintable.v3 | v3.0.0-20150716171945-2caba252f4dc | 间接依赖 | go |
| github.com/sergi/go-diff | v1.3.1 | 直接依赖 | go |
| github.com/nfnt/resize | v0.0.0-20180221191011-83c6a9932646 | 直接依赖 | go |
| modernc.org/sqlite | v1.27.0 | 直接依赖 | go |
| github.com/beorn7/perks | v1.0.1 | 间接依赖 | go |
| github.com/mattn/go-runewidth | v0.0.14 | 间接依赖 | go |
| github.com/boombuler/barcode | v1.0.1-0.20190219062509-6c824513bacc | 间接依赖 | go |
| github.com/go-ldap/ldap/v3 | v3.4.6 | 直接依赖 | go |
| github.com/fatih/color | v1.13.0 | 间接依赖 | go |
| github.com/gogs/git-module | v1.8.3 | 直接依赖 | go |
| google.golang.org/protobuf | v1.31.0 | 间接依赖 | go |
| bitbucket.org/creachadair/shell | v0.0.7 | 间接依赖 | go |
| golang.org/x/sys | v0.13.0 | 间接依赖 | go |
| modernc.org/libc | v1.29.0 | 间接依赖 | go |
| github.com/pmezard/go-difflib | v1.0.0 | 间接依赖 | go |
| github.com/gogs/chardet | v0.0.0-20150115103509-2404f7772561 | 直接依赖 | go |
| gopkg.in/ini.v1 | v1.67.0 | 直接依赖 | go |
| github.com/go-sql-driver/mysql | v1.7.0 | 间接依赖 | go |
| modernc.org/cc/v3 | v3.40.0 | 间接依赖 | go |
| github.com/mattn/go-sqlite3 | v2.0.3+incompatible | 间接依赖 | go |
| github.com/kballard/go-shellquote | v0.0.0-20180428030007-95032a82bc51 | 间接依赖 | go |
| modernc.org/ccgo/v3 | v3.16.13 | 间接依赖 | go |
| github.com/microcosm-cc/bluemonday | v1.0.25 | 直接依赖 | go |