Expand intel coverage and refresh monitoring

07-framework-security/frameworks/undici/INDEX.md

@@ -5,14 +5,14 @@
 - 系统 ID: `undici`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
-- 总案例数: `0`
-- 近 30 天新增/更新: `0`
-- 重点 Markdown 案例数: `0`
-- 已实证(真实版本): `0`
+- 总案例数: `16`
+- 近 30 天新增/更新: `7`
+- 重点 Markdown 案例数: `15`
+- 已实证(真实版本): `7`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
-- 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 待人工/缺浏览器证据: `9`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 
 ## 目标约束
 
@@ -26,9 +26,25 @@
 
 - `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=npm; mode=core)
 - `official` [OSV Undici](https://osv.dev/) (mode=core)
+- `ecosystem-authority` [NVD Undici](https://nvd.nist.gov/vuln/search) (keyword=undici; mode=core)
 
 ## 案例列表
 
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `high` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
+| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `high` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
+| Undici has CRLF Injection in undici via `upgrade` option | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
+| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
+| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `high` | `generated` | `verified-real` | `real` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
+| Undici has an HTTP Request/Response Smuggling issue | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
+| CVE-2026-21636 | `critical` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-01-30T20:20:56.843` | - |
+| Undici vulnerable to data leak when using response.arrayBuffer() | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-07-09T13:57:47.271493Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-38372.md) |
+| Undici proxy-authorization header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-02T13:15:07Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-24758.md) |
+| fetch(url) leads to a memory leak in undici | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-19T09:30:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-24750.md) |
+| CRLF Injection in Nodejs ‘undici’ via host | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-16T15:26:50.318903Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-23936.md) |
+| Regular Expression Denial of Service in Headers | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:11:48.635999Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-24807.md) |
+| Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:53.836338Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-35948.md) |
+| `undici.request` vulnerable to SSRF using absolute URL on `pathname` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:53.898548Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-35949.md) |
+| undici before v5.8.0 vulnerable to CRLF injection in request headers | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:27.728154Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31150.md) |
+| ProxyAgent vulnerable to MITM | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |

07-framework-security/frameworks/undici/cases/undici-cve-2022-31150.md

@@ -0,0 +1,100 @@
+---
+title: "undici before v5.8.0 vulnerable to CRLF injection in request headers"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2022-07-21T20:30:10Z"
+updated_date: "2023-11-08T04:09:27.728154Z"
+severity: "medium"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2022-31150"
+  - "GHSA-3cvr-822r-rqcc"
+affected_versions:
+  - "introduced=0, fixed<5.8.0"
+fixed_versions:
+  - "5.8.0"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+  - "dependency-upgrade-policy"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc"
+---
+
+# undici before v5.8.0 vulnerable to CRLF injection in request headers
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2022-31150`
+- 系统: `undici`
+- 严重度: `medium`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc
+- 影响版本: `introduced=0, fixed<5.8.0`
+- 修复版本: `5.8.0`
+
+## 其他来源
+
+- https://github.com/nodejs/undici/releases/tag/v5.8.0
+- https://nvd.nist.gov/vuln/detail/CVE-2022-31150
+- https://github.com/nodejs/undici/commit/a29a151d0140d095742d21a004023d024fe93259
+- https://hackerone.com/reports/409943
+- https://github.com/nodejs/undici
+- https://security.netapp.com/advisory/ntap-20220915-0002
+- https://security.netapp.com/advisory/ntap-20220915-0002/
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
+- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
+- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
+- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
+- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
+- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
+- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
+- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md

@@ -57,8 +57,8 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
 
 ## 其他来源
 
-- https://nvd.nist.gov/vuln/detail/CVE-2022-31151
 - https://github.com/nodejs/undici/issues/872
+- https://nvd.nist.gov/vuln/detail/CVE-2022-31151
 - https://github.com/nodejs/undici/pull/1441
 - https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d
 - https://hackerone.com/reports/1635514
@@ -66,6 +66,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
 - https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189
 - https://github.com/nodejs/undici/releases/tag/v5.8.0
 - https://security.netapp.com/advisory/ntap-20220909-0006
+- https://security.netapp.com/advisory/ntap-20220909-0006/
 
 ## 实验层
 

07-framework-security/frameworks/undici/cases/undici-cve-2022-35948.md

@@ -0,0 +1,97 @@
+---
+title: "Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2022-08-18T19:02:56Z"
+updated_date: "2023-11-08T04:09:53.836338Z"
+severity: "medium"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2022-35948"
+  - "GHSA-f772-66g8-q5h3"
+affected_versions:
+  - "introduced=0, fixed<5.8.2"
+fixed_versions:
+  - "5.8.2"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+  - "dependency-upgrade-policy"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3"
+---
+
+# Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2022-35948`
+- 系统: `undici`
+- 严重度: `medium`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3
+- 影响版本: `introduced=0, fixed<5.8.2`
+- 修复版本: `5.8.2`
+
+## 其他来源
+
+- https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80
+- https://nvd.nist.gov/vuln/detail/CVE-2022-35948
+- https://github.com/nodejs/undici
+- https://github.com/nodejs/undici/releases/tag/v5.8.2
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
+- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
+- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
+- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
+- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
+- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
+- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
+- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

07-framework-security/frameworks/undici/cases/undici-cve-2022-35949.md

@@ -0,0 +1,97 @@
+---
+title: "`undici.request` vulnerable to SSRF using absolute URL on `pathname`"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2022-08-18T18:59:46Z"
+updated_date: "2023-11-08T04:09:53.898548Z"
+severity: "medium"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2022-35949"
+  - "GHSA-8qr4-xgw6-wmr3"
+affected_versions:
+  - "introduced=0, fixed<5.8.2"
+fixed_versions:
+  - "5.8.2"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+  - "dependency-upgrade-policy"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3"
+---
+
+# `undici.request` vulnerable to SSRF using absolute URL on `pathname`
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2022-35949`
+- 系统: `undici`
+- 严重度: `medium`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3
+- 影响版本: `introduced=0, fixed<5.8.2`
+- 修复版本: `5.8.2`
+
+## 其他来源
+
+- https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895
+- https://nvd.nist.gov/vuln/detail/CVE-2022-35949
+- https://github.com/nodejs/undici
+- https://github.com/nodejs/undici/releases/tag/v5.8.2
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
+- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
+- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
+- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
+- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
+- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
+- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
+- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

07-framework-security/frameworks/undici/cases/undici-cve-2023-23936.md

@@ -0,0 +1,91 @@
+---
+title: "CRLF Injection in Nodejs ‘undici’ via host"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2023-02-16T20:46:30Z"
+updated_date: "2024-12-16T15:26:50.318903Z"
+severity: "medium"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "BIT-node-2023-23936"
+  - "BIT-node-min-2023-23936"
+  - "CVE-2023-23936"
+  - "GHSA-5r9g-qh6m-jxff"
+affected_versions:
+  - "introduced=2.0.0, fixed<5.19.1"
+fixed_versions:
+  - "5.19.1"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff"
+---
+
+# CRLF Injection in Nodejs ‘undici’ via host
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2023-23936`
+- 系统: `undici`
+- 严重度: `medium`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
+- 影响版本: `introduced=2.0.0, fixed<5.19.1`
+- 修复版本: `5.19.1`
+
+## 其他来源
+
+- https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
+- https://nvd.nist.gov/vuln/detail/CVE-2023-23936
+- https://hackerone.com/reports/1820955
+- https://github.com/nodejs/undici
+- https://github.com/nodejs/undici/releases/tag/v5.19.1
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

07-framework-security/frameworks/undici/cases/undici-cve-2023-24807.md

@@ -0,0 +1,90 @@
+---
+title: "Regular Expression Denial of Service in Headers"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2023-02-16T20:46:10Z"
+updated_date: "2023-11-08T04:11:48.635999Z"
+severity: "high"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2023-24807"
+  - "GHSA-r6ch-mqf9-qc9w"
+affected_versions:
+  - "introduced=0, fixed<5.19.1"
+fixed_versions:
+  - "5.19.1"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w"
+---
+
+# Regular Expression Denial of Service in Headers
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2023-24807`
+- 系统: `undici`
+- 严重度: `high`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
+- 影响版本: `introduced=0, fixed<5.19.1`
+- 修复版本: `5.19.1`
+
+## 其他来源
+
+- https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
+- https://nvd.nist.gov/vuln/detail/CVE-2023-24807
+- https://github.com/nodejs/undici
+- https://github.com/nodejs/undici/releases/tag/v5.19.1
+- https://hackerone.com/bugs?report_id=1784449
+- https://security.netapp.com/advisory/ntap-20230324-0010/
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md

@@ -56,9 +56,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
 
 ## 其他来源
 
+- https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
 - https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g
 - https://nvd.nist.gov/vuln/detail/CVE-2023-45143
-- https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
 - https://hackerone.com/reports/2166948
 - https://github.com/nodejs/undici
 - https://github.com/nodejs/undici/releases/tag/v5.26.2
@@ -68,6 +68,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
 
 ## 实验层
 

07-framework-security/frameworks/undici/cases/undici-cve-2024-24750.md

@@ -0,0 +1,90 @@
+---
+title: "fetch(url) leads to a memory leak in undici"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2024-02-16T15:59:38Z"
+updated_date: "2024-04-19T09:30:47Z"
+severity: "medium"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2024-24750"
+  - "GHSA-9f24-jqhm-jfcw"
+affected_versions:
+  - "introduced=6.0.0, fixed<6.6.1"
+fixed_versions:
+  - "6.6.1"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw"
+---
+
+# fetch(url) leads to a memory leak in undici
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2024-24750`
+- 系统: `undici`
+- 严重度: `medium`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw
+- 影响版本: `introduced=6.0.0, fixed<6.6.1`
+- 修复版本: `6.6.1`
+
+## 其他来源
+
+- https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663
+- https://nvd.nist.gov/vuln/detail/CVE-2024-24750
+- https://github.com/nodejs/undici
+- https://github.com/nodejs/undici/releases/tag/v6.6.1
+- https://security.netapp.com/advisory/ntap-20240419-0006
+- https://security.netapp.com/advisory/ntap-20240419-0006/
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

07-framework-security/frameworks/undici/cases/undici-cve-2024-24758.md

@@ -0,0 +1,95 @@
+---
+title: "Undici proxy-authorization header not cleared on cross-origin redirect in fetch"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2024-02-16T16:02:52Z"
+updated_date: "2024-05-02T13:15:07Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2024-24758"
+  - "GHSA-3787-6prv-h9w3"
+affected_versions:
+  - "introduced=0, fixed<5.28.3"
+  - "introduced=6.0.0, fixed<6.6.1"
+fixed_versions:
+  - "5.28.3"
+  - "6.6.1"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3"
+---
+
+# Undici proxy-authorization header not cleared on cross-origin redirect in fetch
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2024-24758`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3
+- 影响版本: `introduced=0, fixed<5.28.3, introduced=6.0.0, fixed<6.6.1`
+- 修复版本: `5.28.3, 6.6.1`
+
+## 其他来源
+
+- http://www.openwall.com/lists/oss-security/2024/03/11/1
+- https://nvd.nist.gov/vuln/detail/CVE-2024-24758
+- https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef
+- https://github.com/nodejs/undici/commit/d3aa574b1259c1d8d329a0f0f495ee82882b1458
+- https://github.com/nodejs/undici
+- https://github.com/nodejs/undici/releases/tag/v5.28.3
+- https://github.com/nodejs/undici/releases/tag/v6.6.1
+- https://security.netapp.com/advisory/ntap-20240419-0007
+- https://security.netapp.com/advisory/ntap-20240419-0007/
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md

@@ -57,8 +57,8 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-
 
 ## 其他来源
 
-- https://nvd.nist.gov/vuln/detail/CVE-2024-30260
 - https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f
+- https://nvd.nist.gov/vuln/detail/CVE-2024-30260
 - https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75
 - https://hackerone.com/reports/2408074
 - https://github.com/nodejs/undici
@@ -66,6 +66,10 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
 - https://security.netapp.com/advisory/ntap-20240905-0008
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/
+- https://security.netapp.com/advisory/ntap-20240905-0008/
 
 ## 实验层
 

07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md

@@ -57,8 +57,8 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-
 
 ## 其他来源
 
-- https://nvd.nist.gov/vuln/detail/CVE-2024-30261
 - https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055
+- https://nvd.nist.gov/vuln/detail/CVE-2024-30261
 - https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3
 - https://hackerone.com/reports/2377760
 - https://github.com/nodejs/undici
@@ -66,6 +66,10 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
 - https://security.netapp.com/advisory/ntap-20240905-0008
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/
+- https://security.netapp.com/advisory/ntap-20240905-0008/
 
 ## 实验层
 

07-framework-security/frameworks/undici/cases/undici-cve-2024-38372.md

@@ -0,0 +1,91 @@
+---
+title: "Undici vulnerable to data leak when using response.arrayBuffer()"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2024-07-09T13:32:30Z"
+updated_date: "2024-07-09T13:57:47.271493Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2024-38372"
+  - "GHSA-3g92-w8c5-73pq"
+affected_versions:
+  - "introduced=6.14.0, fixed<6.19.2"
+fixed_versions:
+  - "6.19.2"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pq"
+---
+
+# Undici vulnerable to data leak when using response.arrayBuffer()
+
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2024-38372`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pq
+- 影响版本: `introduced=6.14.0, fixed<6.19.2`
+- 修复版本: `6.19.2`
+
+## 其他来源
+
+- https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36
+- https://nvd.nist.gov/vuln/detail/CVE-2024-38372
+- https://github.com/nodejs/undici/issues/3328
+- https://github.com/nodejs/undici/issues/3337
+- https://github.com/nodejs/undici/pull/3338
+- https://github.com/nodejs/undici
+- https://security.netapp.com/advisory/ntap-20240828-0009/
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md

@@ -5,7 +5,7 @@ category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-01-21T21:10:47Z"
 updated_date: "2026-02-04T02:29:26.373390Z"
-severity: "low"
+severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "verified-real"
@@ -51,7 +51,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-
 
 - Canonical ID: `undici--CVE-2025-22150`
 - 系统: `undici`
-- 严重度: `low`
+- 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975
 - 影响版本: `introduced=4.5.0, fixed<5.28.5, introduced=6.0.0, fixed<6.21.1, introduced=7.0.0, fixed<7.2.3`
@@ -59,12 +59,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-
 
 ## 其他来源
 
+- https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f
 - https://nvd.nist.gov/vuln/detail/CVE-2025-22150
 - https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0
 - https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a
 - https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385
 - https://hackerone.com/reports/2913312
-- https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f
 - https://github.com/nodejs/undici
 - https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113
 

07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md

@@ -59,10 +59,10 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-
 
 ## 其他来源
 
+- https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25
 - https://nvd.nist.gov/vuln/detail/CVE-2025-47279
 - https://github.com/nodejs/undici/issues/3895
 - https://github.com/nodejs/undici/pull/4088
-- https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25
 - https://github.com/nodejs/undici
 
 ## 实验层

07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md

@@ -5,7 +5,7 @@ category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-13T20:07:03Z"
 updated_date: "2026-03-14T09:19:54.772219Z"
-severity: "low"
+severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "verified-real"
@@ -50,7 +50,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-
 
 - Canonical ID: `undici--CVE-2026-1525`
 - 系统: `undici`
-- 严重度: `low`
+- 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm
 - 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
@@ -58,9 +58,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-
 
 ## 其他来源
 
+- https://cna.openjsf.org/security-advisories.html
 - https://nvd.nist.gov/vuln/detail/CVE-2026-1525
 - https://hackerone.com/reports/3556037
-- https://cna.openjsf.org/security-advisories.html
 - https://cwe.mitre.org/data/definitions/444.html
 - https://github.com/nodejs/undici
 - https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6

07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md

@@ -5,7 +5,7 @@ category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-13T20:41:56Z"
 updated_date: "2026-03-13T20:54:25.563997Z"
-severity: "low"
+severity: "high"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "verified-real"
@@ -50,7 +50,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-
 
 - Canonical ID: `undici--CVE-2026-1526`
 - 系统: `undici`
-- 严重度: `low`
+- 严重度: `high`
 - 来源置信度: `official`
 - 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q
 - 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
@@ -58,9 +58,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-
 
 ## 其他来源
 
+- https://cna.openjsf.org/security-advisories.html
 - https://nvd.nist.gov/vuln/detail/CVE-2026-1526
 - https://hackerone.com/reports/3481206
-- https://cna.openjsf.org/security-advisories.html
 - https://datatracker.ietf.org/doc/html/rfc7692
 - https://github.com/nodejs/undici
 - https://owasp.org/www-community/attacks/Denial_of_Service

07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md

@@ -5,7 +5,7 @@ category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-13T20:41:26Z"
 updated_date: "2026-03-13T20:54:25.572106Z"
-severity: "low"
+severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "verified-real"
@@ -49,7 +49,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-
 
 - Canonical ID: `undici--CVE-2026-1527`
 - 系统: `undici`
-- 严重度: `low`
+- 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq
 - 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
@@ -57,9 +57,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-
 
 ## 其他来源
 
+- https://cna.openjsf.org/security-advisories.html
 - https://nvd.nist.gov/vuln/detail/CVE-2026-1527
 - https://hackerone.com/reports/3487198
-- https://cna.openjsf.org/security-advisories.html
 - https://github.com/nodejs/undici
 
 ## 实验层

07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md

@@ -5,7 +5,7 @@ category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-13T20:07:26Z"
 updated_date: "2026-03-14T09:17:45.838435Z"
-severity: "low"
+severity: "high"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "verified-real"
@@ -49,7 +49,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-
 
 - Canonical ID: `undici--CVE-2026-1528`
 - 系统: `undici`
-- 严重度: `low`
+- 严重度: `high`
 - 来源置信度: `official`
 - 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj
 - 影响版本: `introduced=6.0.0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
@@ -57,9 +57,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-
 
 ## 其他来源
 
+- https://cna.openjsf.org/security-advisories.html
 - https://nvd.nist.gov/vuln/detail/CVE-2026-1528
 - https://hackerone.com/reports/3537648
-- https://cna.openjsf.org/security-advisories.html
 - https://github.com/nodejs/undici
 
 ## 实验层

07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md

@@ -5,7 +5,7 @@ category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-01-14T21:06:08Z"
 updated_date: "2026-02-04T02:56:17.456091Z"
-severity: "low"
+severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "verified-real"
@@ -49,7 +49,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-
 
 - Canonical ID: `undici--CVE-2026-22036`
 - 系统: `undici`
-- 严重度: `low`
+- 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9
 - 影响版本: `introduced=7.0.0, fixed<7.18.2, introduced=0, fixed<6.23.0`
@@ -57,8 +57,8 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-
 
 ## 其他来源
 
-- https://nvd.nist.gov/vuln/detail/CVE-2026-22036
 - https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3
+- https://nvd.nist.gov/vuln/detail/CVE-2026-22036
 - https://github.com/nodejs/undici
 
 ## 实验层

07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md

@@ -5,7 +5,7 @@ category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-13T20:41:41Z"
 updated_date: "2026-03-13T20:54:26.149214Z"
-severity: "low"
+severity: "high"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "verified-real"
@@ -50,7 +50,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-
 
 - Canonical ID: `undici--CVE-2026-2229`
 - 系统: `undici`
-- 严重度: `low`
+- 严重度: `high`
 - 来源置信度: `official`
 - 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8
 - 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
@@ -58,9 +58,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-
 
 ## 其他来源
 
+- https://cna.openjsf.org/security-advisories.html
 - https://nvd.nist.gov/vuln/detail/CVE-2026-2229
 - https://hackerone.com/reports/3487486
-- https://cna.openjsf.org/security-advisories.html
 - https://datatracker.ietf.org/doc/html/rfc7692
 - https://github.com/nodejs/undici
 - https://nodejs.org/api/zlib.html#class-zlibinflateraw

07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md

@@ -5,7 +5,7 @@ category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-13T20:37:58Z"
 updated_date: "2026-03-13T20:54:25.417862Z"
-severity: "low"
+severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "verified-real"
@@ -47,7 +47,7 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-
 
 - Canonical ID: `undici--CVE-2026-2581`
 - 系统: `undici`
-- 严重度: `low`
+- 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h
 - 影响版本: `introduced=7.17.0, fixed<7.24.0`
@@ -55,9 +55,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-
 
 ## 其他来源
 
+- https://cna.openjsf.org/security-advisories.html
 - https://nvd.nist.gov/vuln/detail/CVE-2026-2581
 - https://hackerone.com/reports/3513473
-- https://cna.openjsf.org/security-advisories.html
 - https://github.com/nodejs/undici
 
 ## 实验层