github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #4337] 关于FRP-0.59.0版本当前依赖库存在的安全漏洞 #3421

New issue
Closed
opened 2026-05-05 14:12:20 -06:00 by gitea-mirror · 7 comments
gitea-mirror commented 2026-05-05 14:12:20 -06:00
Owner
Copy link

Originally created by @YouZiFeiLe on GitHub (Jul 13, 2024).
Original GitHub issue: https://github.com/fatedier/frp/issues/4337

Bug Description

当前FRP 0.59.0版本存在以下依赖库安全漏洞

请将stdlib从1.22.4升级至1.22.5版本及以上
QQ截图20240713201713

frpc Version

0.59.0

frps Version

0.59.0

System Architecture

linux/amd64

Configurations

请将stdlib从1.22.4升级至1.22.5版本及以上

Logs

No response

Steps to reproduce

...

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @YouZiFeiLe on GitHub (Jul 13, 2024). Original GitHub issue: https://github.com/fatedier/frp/issues/4337 ### Bug Description 当前FRP 0.59.0版本存在以下依赖库安全漏洞 请将stdlib从1.22.4升级至1.22.5版本及以上 ![QQ截图20240713201713](https://github.com/user-attachments/assets/635a9268-4d05-4812-b492-69e90b19d996) ### frpc Version 0.59.0 ### frps Version 0.59.0 ### System Architecture linux/amd64 ### Configurations 请将stdlib从1.22.4升级至1.22.5版本及以上 ### Logs _No response_ ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [X] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others
gitea-mirror 2026-05-05 14:12:20 -06:00
gitea-mirror commented 2026-05-05 14:12:24 -06:00
Author
Owner
Copy link

@zhangxinhui02 commented on GitHub (Jul 14, 2024):

我在服务器上部署frps 0.59.0版本,部署后的2小时内服务器被攻陷并开始对外发起TCP攻击。时间上很巧合,虽然不能确定是否是这个安全漏洞造成的失陷。

QQ_1720981112577

<!-- gh-comment-id:2227441381 --> @zhangxinhui02 commented on GitHub (Jul 14, 2024): 我在服务器上部署frps 0.59.0版本,部署后的2小时内服务器被攻陷并开始对外发起TCP攻击。时间上很巧合,虽然不能确定是否是这个安全漏洞造成的失陷。 ![QQ_1720981112577](https://github.com/user-attachments/assets/20fb65a7-b0be-40f9-a03b-693508057533)
gitea-mirror commented 2026-05-05 14:12:24 -06:00
Author
Owner
Copy link

@YouZiFeiLe commented on GitHub (Jul 14, 2024):

我在服务器上部署frps 0.59.0版本,部署后的2小时内服务器被攻陷并开始对外发起TCP攻击。时间上很巧合,虽然不能确定是否是这个安全漏洞造成的失陷。

QQ_1720981112577

我觉得吧。。。这个应该不是frp的锅。你合理怀疑下是不是自己服务器的安全基线没有做呢?至少ssh安全方面要做下安全基线吧。。。通过frp直接入侵的话,不会只有你这一个受害用户的

<!-- gh-comment-id:2227449573 --> @YouZiFeiLe commented on GitHub (Jul 14, 2024): > 我在服务器上部署frps 0.59.0版本,部署后的2小时内服务器被攻陷并开始对外发起TCP攻击。时间上很巧合,虽然不能确定是否是这个安全漏洞造成的失陷。 > > ![QQ_1720981112577](https://private-user-images.githubusercontent.com/25164524/348563050-20fb65a7-b0be-40f9-a03b-693508057533.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA5ODMwMTksIm5iZiI6MTcyMDk4MjcxOSwicGF0aCI6Ii8yNTE2NDUyNC8zNDg1NjMwNTAtMjBmYjY1YTctYjBiZS00MGY5LWEwM2ItNjkzNTA4MDU3NTMzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTQlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzE0VDE4NDUxOVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTRiNjI0NzYyNDlhOGJjMmMwZmUxNWI2ZWQ1YzRkODBiMjVlNDYwMzc2ZTVlOTc0OTM3NmQxYjBiYjlkN2Y5MTYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.jeZa4s2Hb60LIWL37xdX7PiebaHLxfrrTLP-x_j22aA) 我觉得吧。。。这个应该不是frp的锅。你合理怀疑下是不是自己服务器的安全基线没有做呢?至少ssh安全方面要做下安全基线吧。。。通过frp直接入侵的话,不会只有你这一个受害用户的
gitea-mirror commented 2026-05-05 14:12:25 -06:00
Author
Owner
Copy link

@kaylio commented on GitHub (Jul 19, 2024):

不用docker的方式部署,有个问题吗?

<!-- gh-comment-id:2237950552 --> @kaylio commented on GitHub (Jul 19, 2024): 不用docker的方式部署,有个问题吗?
gitea-mirror commented 2026-05-05 14:12:25 -06:00
Author
Owner
Copy link

@YouZiFeiLe commented on GitHub (Jul 19, 2024):

不用docker的方式部署,有个问题吗?

当然有这个问题,docker和你用的传统部署没有什么区别,都是使用二进制产物进行部署的

<!-- gh-comment-id:2239012252 --> @YouZiFeiLe commented on GitHub (Jul 19, 2024): > 不用docker的方式部署,有个问题吗? 当然有这个问题,docker和你用的传统部署没有什么区别,都是使用二进制产物进行部署的
gitea-mirror commented 2026-05-05 14:12:25 -06:00
Author
Owner
Copy link

@wuai1024 commented on GitHub (Jul 24, 2024):

我也是部署的 frps和frpc 的 v0.59.0版本,目前没发现什么问题。

你可以 clone 下代码,修改依赖后 重新打包 再部署下试试看,问题是否依旧会复现。

<!-- gh-comment-id:2246778965 --> @wuai1024 commented on GitHub (Jul 24, 2024): 我也是部署的 frps和frpc 的 v0.59.0版本,目前没发现什么问题。 你可以 clone 下代码,修改依赖后 重新打包 再部署下试试看,问题是否依旧会复现。
gitea-mirror commented 2026-05-05 14:12:26 -06:00
Author
Owner
Copy link

@zhangxinhui02 commented on GitHub (Jul 24, 2024):

目前已经重新部署了frps 0.59.0一段时间了,没发现问题,大概不是frp的锅。

<!-- gh-comment-id:2247133986 --> @zhangxinhui02 commented on GitHub (Jul 24, 2024): 目前已经重新部署了frps 0.59.0一段时间了,没发现问题,大概不是frp的锅。
gitea-mirror commented 2026-05-05 14:12:26 -06:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Aug 15, 2024):

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:2290153946 --> @github-actions[bot] commented on GitHub (Aug 15, 2024): Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3421
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?