Expand intel coverage and refresh monitoring

2026-03-18 14:18:09 -07:00
--- a/07-framework-security/cms/directus/INDEX.md
+++ b/07-framework-security/cms/directus/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `directus`
 - 分类: `cms`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `29`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `29`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,35 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Open redirect in SAML | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Improper Permission Handling on Deleted Fields in Directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Conceal fields are searchable if read permissions enabled | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Information Leakage: Existing Collections | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | User Enumeration via Password Reset Timing Attack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Issues 
           344 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Security 
           46 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Store XSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Missing permission checks for manual trigger Flows | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
           40 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Unauthenticated file upload and file modification due to lacking input sanitization | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | S3 assets become unavailable after a burst of malformed transformations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Directus version number disclosure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/cms/discourse/INDEX.md
+++ b/07-framework-security/cms/discourse/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `discourse`
 - 分类: `cms`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `30`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `30`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -26,10 +26,41 @@
 - `official` [Discourse Meta Security](https://meta.discourse.org/c/bug/security/40) (mode=core)
 - `official` [Discourse Release Notes RSS](https://meta.discourse.org/tag/release-notes.rss) (mode=core)
 - `official` [Discourse Security RSS](https://meta.discourse.org/tag/security.rss) (mode=core)
 - `official` [GitHub Discourse Advisories](https://github.com/advisories) (ecosystem=rubygems; mode=core)
 - `ecosystem-authority` [OSV Discourse](https://osv.dev/) (mode=core)
 ## 案例列表
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| 3.5.0.beta5: Improved admin search, AI forum research, easier site appearance configuration, and simpler plugin development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 May 2025 05:22:52 +0000` | - |
 | 3.4.4: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 May 2025 05:22:48 +0000` | - |
 | January 2026 Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 Jan 2026 17:35:34 +0000` | - |
 | Release v2025.11.0: AI translations improvements, chat search, new review queue, and improvements for posts with images | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Nov 2025 11:02:53 +0000` | - |
 | 3.4.2: Security and bug fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Mar 2025 02:46:36 +0000` | - |
 | 3.5.0.beta2: Review Queue, Welcome Banner, Admin Interface, and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Mar 2025 02:46:32 +0000` | - |
 | 3.4.6: Security fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 25 Jun 2025 03:38:49 +0000` | - |
 | 3.5.0.beta7: Smart link editing, better invite tracking, unique icons, and fixing name management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 25 Jun 2025 03:38:45 +0000` | - |
 | 3.4.0.beta4: Redesigned emojis, exporting user data, flagging illegal content and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 05 Feb 2025 14:26:56 +0000` | - |
 | 3.3.4: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 05 Feb 2025 14:26:22 +0000` | - |
 | 3.5.1: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Sep 2025 02:59:22 +0000` | - |
 | 3.6.0.beta1: Color palette editing, user fields on sign up, themeable site setting discovery, images with Google AI, and reliable drafts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Sep 2025 02:59:19 +0000` | - |
 | Release v3.5.3: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:07:18 +0000` | - |
 | Release v2025.11.1: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:07:04 +0000` | - |
 | Release v2025.12.0: Discourse Rewind, new review queue and UI to create tags, Chat channel customisation, and live PR statuses | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:06:45 +0000` | - |
 | 3.4.7: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Jul 2025 03:46:36 +0000` | - |
 | 3.5.0.beta8: Bundled plugins, a new theme, better color management, powerful filtering, and advanced image controls | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Jul 2025 03:46:34 +0000` | - |
 | 3.4.3: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Apr 2025 04:43:02 +0000` | - |
 | 3.5.0beta3: Full admin search, better font selection, more robust site search, category personalization, and easier configuration management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Apr 2025 04:43:00 +0000` | - |
 | 3.5.2: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 28 Oct 2025 07:33:40 +0000` | - |
 | 3.6.0.beta2: Built-in palette editing, live AI translation progress, and better wiki tracking | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 28 Oct 2025 07:33:37 +0000` | - |
 | 3.5.0: Major release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 19 Aug 2025 08:07:12 +0000` | - |
 | 3.5.0.beta9: Improving color management, core welcome banner, and staff action log filters | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 19 Aug 2025 08:07:02 +0000` | - |
 | 3.4.0: Major Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 04 Feb 2025 17:07:48 +0000` | - |
 | 3.4.0.beta3: Check for updates on What’s New page, filter by user in the review queue, threading in Chat DMs and group chats, and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Dec 2024 16:53:54 +0000` | - |
 | 3.4.1: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 24 Feb 2025 05:42:05 +0000` | - |
 | 3.5.0.beta1: Dark/light mode selector, better flagging info, and encouraging more valuable conversations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 24 Feb 2025 05:42:02 +0000` | - |
 | 3.5.0.beta6 Security fixes release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 09 Jun 2025 05:30:17 +0000` | - |
 | 3.4.5 Security fixes release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 09 Jun 2025 03:57:43 +0000` | - |
 | 3.5.0.beta4 Security fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 05 May 2025 17:04:14 +0000` | - |
--- a/07-framework-security/cms/drupal/INDEX.md
+++ b/07-framework-security/cms/drupal/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-18T18:33:21+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
--- a/07-framework-security/cms/ghost/INDEX.md
+++ b/07-framework-security/cms/ghost/INDEX.md
@@ -4,15 +4,15 @@
 - 系统 ID: `ghost`
 - 分类: `cms`
- 覆盖策略: `rolling-24m`
+- 覆盖策略: `history-full`
- 总案例数: `0`
+- 总案例数: `23`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `23`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,29 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Issues 
           63 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Incomplete CSRF protections around OTC use | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | SQL Injection in Members Activity Feed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | SQL injection in Content API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | TryGhost | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | SSRF via External Media Inliner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
           307 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Improper authentication allows access to member information and actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Staff 2FA bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | XSS via malicious Portal preview links | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Staff Token permission bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Ghost | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Security 
           18 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Remote Code Execution via Malicious Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | SSRF via oEmbed Bookmark | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/cms/ghost/README.md
+++ b/07-framework-security/cms/ghost/README.md
@@ -3,7 +3,7 @@
 > `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
 - 分类: `cms`
- 覆盖层级: `rolling-24m`
+- 覆盖层级: `history-full`
 - Advisory 模式: core
 - 输出目录: `07-framework-security/cms/ghost`
 - 修复主题: authz-server-side-recheck, xss-output-encoding, token-cookie-storage
--- a/07-framework-security/cms/joomla/INDEX.md
+++ b/07-framework-security/cms/joomla/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
--- a/07-framework-security/cms/mediawiki/INDEX.md
+++ b/07-framework-security/cms/mediawiki/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `mediawiki`
 - 分类: `cms`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `70`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -25,10 +25,80 @@
 ## 来源
 - `official` [MediaWiki Security Releases](https://www.mediawiki.org/wiki/Security) (mode=core)
 - `official` [MediaWiki Announce RSS](https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/feed/) (mode=core)
 - `official` [NVD MediaWiki](https://nvd.nist.gov/vuln/search) (keyword=MediaWiki; mode=core)
 ## 案例列表
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 22 Oct 2025 21:44:43 +0000` | - |
 | [MediaWiki-announce] Security and maintenance release: 1.39.16 / 1.43.6 / 1.44.3 / 1.45.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 10 Dec 2025 22:22:38 +0000` | - |
 | [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.13/1.42.7/1.43.2) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 09 Jul 2025 16:53:41 +0000` | - |
 | [MediaWiki-announce] Security pre-release announcement: 1.39.12 / 1.42.6 / 1.43.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 09 Apr 2025 20:57:04 +0000` | - |
 | [MediaWiki-announce] Re: MediaWiki 1.44-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 07 May 2025 07:47:35 +0000` | - |
 | [MediaWiki-announce] Announcing MediaWiki 1.44.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 02 Jul 2025 21:30:40 +0000` | - |
 | [MediaWiki-announce] Security pre-release announcement: 1.39.14 / 1.43.4 / 1.44.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 01 Oct 2025 20:33:01 +0000` | - |
 | [MediaWiki-announce] Maintenance release: MediaWiki 1.39.17 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 16 Dec 2025 18:21:00 +0000` | - |
 | [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.11/1.41.5/1.42.4) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 14 Jan 2025 19:41:18 +0000` | - |
 | [MediaWiki-announce] MediaWiki 1.45-alpha will be branched as a beta on 28-10-2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 07 Oct 2025 15:18:36 +0000` | - |
 | [MediaWiki-announce] MediaWiki 1.44-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 06 May 2025 19:13:18 +0000` | - |
 | [MediaWiki-announce] MediaWiki 1.45-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 04 Nov 2025 13:27:41 +0000` | - |
 | [MediaWiki-announce] Maintenance release: MediaWiki 1.43.3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 01 Jul 2025 15:18:58 +0000` | - |
 | [MediaWiki-announce] MediaWiki 1.45.0-rc.0 is ready for testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 20 Nov 2025 13:30:34 +0000` | - |
 | [MediaWiki-announce] Security and maintenance release: 1.39.12 / 1.42.6 / 1.43.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 10 Apr 2025 16:23:30 +0000` | - |
 | [MediaWiki-announce] Security and maintenance release: 1.39.14 / 1.43.4 / 1.44.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 02 Oct 2025 17:37:08 +0000` | - |
 | [MediaWiki-announce] MediaWiki 1.41 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Sat, 21 Dec 2024 10:46:44 +0000` | - |
 | [MediaWiki-announce] MediaWiki 1.42 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 30 Jun 2025 23:15:16 +0000` | - |
 | [MediaWiki-announce] Security and maintenance release: 1.39.13 / 1.42.7 / 1.43.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 30 Jun 2025 18:02:30 +0000` | - |
 | [MediaWiki-announce] MediaWiki 1.39 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 29 Dec 2025 20:36:35 +0000` | - |
 | [MediaWiki-announce] Security pre-release announcement: 1.39.16 / 1.43.6 / 1.44.3 / 1.45.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 08 Dec 2025 23:43:45 +0000` | - |
 | [MediaWiki-announce] Announcing MediaWiki 1.45.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 08 Dec 2025 17:01:47 +0000` | - |
 | [MediaWiki-announce] Maintenance release: MediaWiki 1.42.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 03 Feb 2025 17:39:30 +0000` | - |
 | [MediaWiki-announce] Security pre-release announcement: 1.39.13 / 1.42.7 / 1.43.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 27 Jun 2025 22:25:47 +0000` | - |
 | [MediaWiki-announce] Maintenance release: MediaWiki 1.39.11, 1.41.5 and 1.42.4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 20 Dec 2024 17:57:58 +0000` | - |
 | [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.12/1.42.6/1.43.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 20:47:11 +0000` | - |
 | [MediaWiki-announce] Re: The Recent MediaWiki Extensions and Skins Security Release Supplement | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 20:34:58 +0000` | - |
 | [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.9/1.41.3/1.42.2) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 16:56:23 +0000` | - |
 | [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.16/1.43.6/1.44.3/1.45.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 09 Jan 2026 17:54:29 +0000` | - |
 | [MediaWiki-announce] Security and maintenance release: 1.39.15 / 1.43.5 / 1.44.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 03 Oct 2025 18:45:04 +0000` | - |
 | CVE-2010-1190 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
 | CVE-2010-1189 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
 | CVE-2009-4589 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2009-0737 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-5688 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-5687 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-5252 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-5250 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-5249 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-4408 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-1318 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-0460 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-4883 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-4828 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-1054 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-1055 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-0894 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-0788 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-0177 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2006-2895 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-2611 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-1498 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-0322 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-4501 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-4031 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-3165 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-3166 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-3167 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-2396 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-2215 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-1888 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-0534 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-0536 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-1245 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-0535 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-1405 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-2152 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-2185 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-2186 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-2187 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
--- a/07-framework-security/cms/moodle/INDEX.md
+++ b/07-framework-security/cms/moodle/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `moodle`
 - 分类: `cms`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `40`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,43 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| CVE-2008-3325 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-1502 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-0123 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-6538 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-3555 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-1647 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2007-1429 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2006-7048 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2006-6625 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2006-6626 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2006-5219 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2006-4935 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4936 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4937 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4938 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4939 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4940 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4941 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4942 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4943 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4784 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4785 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-4786 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-3951 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-0146 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2006-0147 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-3648 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-3649 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2005-2247 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-1424 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-1425 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-2232 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-2233 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-2234 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-2235 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-2236 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-2237 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-1711 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-0725 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
 | CVE-2004-1978 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
--- a/07-framework-security/cms/strapi/INDEX.md
+++ b/07-framework-security/cms/strapi/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `strapi`
 - 分类: `cms`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `26`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `26`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,33 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Security 
           16 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
           214 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Unauthorized Access to Private Fields via parms.lookup | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Weak Password Length Validation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Server - Side Request Forgery in Webhook function | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Leaking data via relations via the Admin Panel | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 3rd party token leak and authentication bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Denial-of-Service via Improper Exception Handling | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Star
            71.6k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Unauthorized Access to Private Fields in User Registration API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Issues 
           573 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Leaking sensitive user information, user reset password, tokens via content-manager views | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Field level permissions not being respected in  relationship title | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | strapi | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CORS Misconfiguration Leads to Sensitive Data Exposure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | strapi | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/cms/wordpress/INDEX.md
+++ b/07-framework-security/cms/wordpress/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `140`
- 最近渲染时间: `2026-03-18T18:33:15+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
--- a/07-framework-security/ecommerce/adobe-commerce/INDEX.md
+++ b/07-framework-security/ecommerce/adobe-commerce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `81`
- 最近渲染时间: `2026-03-18T18:33:36+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
--- a/07-framework-security/ecommerce/magento-open-source/INDEX.md
+++ b/07-framework-security/ecommerce/magento-open-source/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `magento-open-source`
 - 分类: `ecommerce`
 - 覆盖策略: `history-full`
- 总案例数: `101`
+- 总案例数: `89`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `101`
+- 待人工/缺浏览器证据: `89`
- 最近渲染时间: `2026-03-18T18:33:45+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -124,15 +124,3 @@
 | Issues 
           1.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Adobe Commerce merchants to be hit with TrojanOrders this season   2022-11-15  At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November.   skimming   trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Magento 2 critical vulnerability (CVE-2022-24086 & CVE-2022-24087)   2022-02-14  Adobe has released two emergency patches for a critical vulnerability in Magento 2. You need to apply both patches, in order. The vulnerability allows unauthenticated remote code execution (RCE), which is the worst possible type. Actual abuse has already been reported. To illustrate the severity,...   skimming   trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | ConnectPOS leaked Github secrets for years   2026-01-12  Sansec discovered that ConnectPOS has been showing their Github credentials on their site for 4 years. This would enable attackers to slip malicious code into each of the thousands of ConnectPOS retail installations. Sansec recommends to verify integrity of installed code.   skimming   supply-chain   magento   connectpos   +2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | Visbot malware found on 6691 stores [analysis]   2016-12-01  Visbot is one of the oldest Magecart payment skimmers: it steals customer data and credit cards. The first case was documented as early as March 2015. But being publicly discussed did not stop it from spreading. We conducted a global research into 300.000 Magento stores and found active Visbot i...   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | Magento vendor Fishpig hacked, backdoors added   2022-09-13  Fishpig, a vendor of popular Magento-Wordpress integrations, has been hacked. Sansec found that attackers have injected malware in Fishpig software and taken control of Fishpig servers. Online stores running Fishpig software may now have the "Rekoobe" malware installed on their servers,...   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | PHP tool 'Adminer' leaks passwords   2019-01-17  Update 2019-01-20: the root cause is a protocol flaw in MySQL. Adminer is a popular PHP tool to administer MySQL and PostgreSQL databases. However, it can be lured to disclose arbitrary files. Attackers can abuse that to fetch passwords for popular apps such as Magento and Wordpress, and gain con...   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | NaturalFreshMall: a Magento Mass Hack   2022-02-08  An investigative report by Sansec researchers on how one vulnerable Magento extension leads to a mass web store attack, with Magecart attackers using naturalfreshmall.com to hide and serve malware to 500+ ecommerce websites.   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Hackers breached Magento through helpdesk   2017-12-28  Magento merchants have recently received messages like this: Hey, I strongly recommend you to make a redesign! Please contact me if you need a good designer! -- knockers@yahoo.com Upon closer examination, the message contains a specially crafted sender that contains an XSS attack: an attempt to...   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Is your storeâs newsletter being used for phishing?   2023-11-10  Cybercriminals in eCommerce are diversifying their targets, now aiming at entire customer databases instead of just stealing credit cards. A recent incident revealed this trend: a hacked Magento admin account was exploited to launch a phishing campaign through the platform's newsletter system, re...   skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | Will Magento 1 stay PCI compliant?   2020-05-08  Magento 1 will no longer receive official updates & security fixes per July 1st, 2020 (the end-of-life, or EOL date). Merchants are urged to upgrade to Magento 2, but for many stores this deadline is not feasible. Merchants want to know: Will my Magento 1 store still be secure after July 1st...   skimming   magento 1   pci | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
--- a/07-framework-security/ecommerce/medusa/INDEX.md
+++ b/07-framework-security/ecommerce/medusa/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `medusa`
 - 分类: `ecommerce`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `15`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `15`
- 最近渲染时间: `2026-03-18T18:34:19+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,22 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Issues 
           69 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | medusajs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
           63 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | medusa | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Security 
           0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Star
            32.4k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/ecommerce/opencart/INDEX.md
+++ b/07-framework-security/ecommerce/opencart/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-18T18:34:19+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -81,7 +81,6 @@
 | CVE-2009-1621 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2009-1027 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-3130 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | #14937 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 3.0.5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
@@ -91,7 +90,6 @@
 | #14961 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Latest | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | #14936 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Tags | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | #14943 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | #15029 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
@@ -106,11 +104,14 @@
 | #14938 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | #14980 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | View all tags | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | #15011 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | #14879 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | #14875 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | /pull/14942 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Star
            8.1k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | #14877 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | #14928 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/ecommerce/openmage/INDEX.md
+++ b/07-framework-security/ecommerce/openmage/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `openmage`
 - 分类: `ecommerce`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `27`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `27`
- 最近渲染时间: `2026-03-18T18:33:45+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,34 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Star
            914 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | OpenMage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Stored XSS in theme config fields | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Fix for authenticated remote code execution through layout update | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Stored XSS in WYSIWYG Editor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
           66 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | DataFlow upload remote code execution vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Stored XSS in admin file form | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Issues 
           178 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | DoS vulnerability in MaliciousCode filter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | XSS in Admin Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | magento-lts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Stored XSS in admin system configs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Guest order "protect code" can be brute-forced too easily | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | X-Original-Url header can expose admin url | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Security 
           22 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/ecommerce/prestashop/INDEX.md
+++ b/07-framework-security/ecommerce/prestashop/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `112`
- 最近渲染时间: `2026-03-18T18:34:04+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -74,8 +74,8 @@
 | CVE-2008-6503 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-5791 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
 | Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
-| Download sources      (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| GitHub
-| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+            Discussions      (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | [CVE-2024-6648] Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
@@ -111,6 +111,8 @@
 | Developer
            Documentation      (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | → Cleaning up old branches: a routine maintenance for a healthier repository  We are removing old branches from our repository | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Download
                  sources      (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Some attribute not escaped in Validate::isCleanHTML method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
@@ -139,11 +141,11 @@
 | Email enumeration | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | How-to Guides | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | GitHub Discussions      (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | [CVE-2024-41670] Improperly Implemented Security Check for Standard in PayPal Official for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | → PrestaShop Developer Conference 2025 Filmed Sessions - Community and Security  Friends of Presta, Cybersecurity and Ecommerce Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Star
            9k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | RSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | YouTube
            Channel      (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
@@ -152,4 +154,5 @@
           53 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Useful Tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | XSS via customer contact form in FO, through file upload | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/ecommerce/saleor/INDEX.md
+++ b/07-framework-security/ecommerce/saleor/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `saleor`
 - 分类: `ecommerce`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `24`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `24`
- 最近渲染时间: `2026-03-18T18:34:19+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,31 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| saleor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Unauthenticated Information Disclosure Vulnerability via Python Exceptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Non-constant time HMAC comparison in Adyen plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Stored XSS via Unrestricted File Uploads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Insecure Direct Object Reference (IDOR) in GraphQL API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Star
            22.7k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | saleor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Improper object type validation in mutations leading to unauthorized access | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Security 
           10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Issues 
           185 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CSRF bypass in refreshToken mutation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
           67 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | User enumeration vulnerability in Saleor due to different error messages | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Lack of proper HTML sanitization in rich text fields | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/ecommerce/shopware/INDEX.md
+++ b/07-framework-security/ecommerce/shopware/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `71`
- 最近渲染时间: `2026-03-18T18:34:10+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -76,7 +76,6 @@
 | Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
           186 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Issues 
           1.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | `/api/_info/config` route exposes information about licenses | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
@@ -85,16 +84,18 @@
 | 7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | `/api/_info/config` route exposes information about active security fixes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Star
            3.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | shopware | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Improper Control of Generation of Code in Twig rendered views | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | User enumeration via distinct error codes on Store API login endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Unauthenticated data extraction possible through store-api.order endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Reflective Cross Site-Scripting (XSS) in CMS components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | shopware | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Security 
--- a/07-framework-security/ecommerce/woocommerce/INDEX.md
+++ b/07-framework-security/ecommerce/woocommerce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `111`
- 最近渲染时间: `2026-03-18T18:33:54+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -83,6 +83,9 @@
 | Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Call for Testing: WooCommerce Order Fulfillments | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Join us for our “Building Ecommerce Community” Live Event | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
           369 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | See all Release Posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | WooCommerce 10.6: What’s coming for developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Subscriptions for WooCommerce  <= 1.9.2    Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | AI & Agentic Commerce in WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
@@ -103,8 +106,10 @@
 | Release Calendar | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Improving WooCommerce Performance at Scale | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | WooCommerce 10.5 Release is Delayed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
-| Changelog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Star
            10.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | See all Roadmap Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Contact Us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | WooCommerce 10.6: Enhanced blocks and a faster dashboard | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Issues 
@@ -114,7 +119,6 @@
 | Call for testing: Experimental REST API Caching in WooCommerce 10.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Experimental Product Object Caching in WooCommerce 10.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Become a Marketplace partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Stay updated | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Restricting per_page for Product and ProductReview Store API Requests in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | March Office Hours: Testing, testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
@@ -122,15 +126,13 @@
 | Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | WooCommerce 10.5.3: Dot release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | woocommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Roadmap Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Do not sell or share my personal information | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Mailchimp API Maintenance on February 28, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Community Forum | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | XSS Vulnerability in WooCommerce checkout & registration forms | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | WooCommerce 10.5.1: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Call for Testing: WooCommerce MCP Beta | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
           368 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | WooCommerce 10.5: Improving analytics and admin performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Security 
           2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
@@ -146,5 +148,4 @@
 | WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
 | WooCommerce Block Theme: An update on our strategy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Join the Woo community on Slack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Release downloads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/frameworks/angular/INDEX.md
+++ b/07-framework-security/frameworks/angular/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `angular`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `2`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `2`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,5 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Angular vulnerable to XSS in i18n attribute bindings | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T01:31:35.828211Z` | [link](/Users/x/websafe/07-framework-security/frameworks/angular/cases/angular-cve-2026-32635.md) |
 | Angular i18n vulnerable to Cross-Site Scripting | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-28T06:24:33.665085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/angular/cases/angular-cve-2026-27970.md) |
--- a/07-framework-security/frameworks/angular/cases/angular-cve-2026-27970.md
+++ b/07-framework-security/frameworks/angular/cases/angular-cve-2026-27970.md
@@ -0,0 +1,119 @@
 ---
 title: "Angular i18n vulnerable to Cross-Site Scripting"
 system_id: "angular"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-02-27T18:33:16Z"
 updated_date: "2026-02-28T06:24:33.665085Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2026-27970"
  - "GHSA-prjf-86w9-mfqv"
 affected_versions:
  - "introduced=21.2.0-next.0, fixed<21.2.0"
  - "introduced=21.0.0-next.0, fixed<21.1.6"
  - "introduced=20.0.0-next.0, fixed<20.3.17"
  - "introduced=19.0.0-next.0, fixed<19.2.19"
  - "introduced=0, last_affected=18.2.14"
 fixed_versions:
  - "21.2.0"
  - "21.1.6"
  - "20.3.17"
  - "19.2.19"
 secure_code_topics:
  - "xss-output-encoding"
  - "template-injection-guard"
  - "csp-trusted-types"
  - "token-cookie-storage"
 primary_source: "https://github.com/angular/angular/security/advisories/GHSA-prjf-86w9-mfqv"
 ---
 # Angular i18n vulnerable to Cross-Site Scripting
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `angular--CVE-2026-27970`
 - 系统: `angular`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/angular/angular/security/advisories/GHSA-prjf-86w9-mfqv
 - 影响版本: `introduced=21.2.0-next.0, fixed<21.2.0, introduced=21.0.0-next.0, fixed<21.1.6, introduced=20.0.0-next.0, fixed<20.3.17, introduced=19.0.0-next.0, fixed<19.2.19, introduced=0, last_affected=18.2.14`
 - 修复版本: `21.2.0, 21.1.6, 20.3.17, 19.2.19`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2026-27970
 - https://github.com/angular/angular/pull/67183
 - https://github.com/angular/angular/commit/306f367899dfc2e04238fecd3455547b5d54075d
 - https://github.com/angular/angular/commit/7d58b798c626bb0e4e5f89ca8affdce4f352b232
 - https://github.com/angular/angular/commit/b85830953281ff3a1a77bbfe69019d352d509c93
 - https://angular.dev/best-practices/security#enforcing-trusted-types
 - https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API
 - https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP
 - https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XSS
 - https://github.com/angular/angular
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:template-injection-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/template-injection-guard.md)
 - [nodejs:template-injection-guard](/Users/x/websafe/05-defense/secure-code/nodejs/template-injection-guard.md)
 - [java:template-injection-guard](/Users/x/websafe/05-defense/secure-code/java/template-injection-guard.md)
 - [php:template-injection-guard](/Users/x/websafe/05-defense/secure-code/php/template-injection-guard.md)
 - [python:template-injection-guard](/Users/x/websafe/05-defense/secure-code/python/template-injection-guard.md)
 - [ruby:template-injection-guard](/Users/x/websafe/05-defense/secure-code/ruby/template-injection-guard.md)
 - [csharp:template-injection-guard](/Users/x/websafe/05-defense/secure-code/csharp/template-injection-guard.md)
 - [go:template-injection-guard](/Users/x/websafe/05-defense/secure-code/go/template-injection-guard.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/angular/cases/angular-cve-2026-32635.md
+++ b/07-framework-security/frameworks/angular/cases/angular-cve-2026-32635.md
@@ -0,0 +1,117 @@
 ---
 title: "Angular vulnerable to XSS in i18n attribute bindings"
 system_id: "angular"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-13T20:56:18Z"
 updated_date: "2026-03-17T01:31:35.828211Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2026-32635"
  - "GHSA-g93w-mfhg-p222"
 affected_versions:
  - "introduced=22.0.0-next.0, fixed<22.0.0-next.3"
  - "introduced=21.0.0-next.0, fixed<21.2.4"
  - "introduced=20.0.0-next.0.0.0, fixed<20.3.18"
  - "introduced=19.0.0-next.0, fixed<19.2.20"
  - "introduced=17.0.0-next.0, last_affected=18.2.14"
 fixed_versions:
  - "22.0.0-next.3"
  - "21.2.4"
  - "20.3.18"
  - "19.2.20"
 secure_code_topics:
  - "xss-output-encoding"
  - "template-injection-guard"
  - "csp-trusted-types"
  - "token-cookie-storage"
 primary_source: "https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222"
 ---
 # Angular vulnerable to XSS in i18n attribute bindings
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `angular--CVE-2026-32635`
 - 系统: `angular`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222
 - 影响版本: `introduced=22.0.0-next.0, fixed<22.0.0-next.3, introduced=21.0.0-next.0, fixed<21.2.4, introduced=20.0.0-next.0.0.0, fixed<20.3.18, introduced=19.0.0-next.0, fixed<19.2.20, introduced=17.0.0-next.0, last_affected=18.2.14`
 - 修复版本: `22.0.0-next.3, 21.2.4, 20.3.18, 19.2.20`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2026-32635
 - https://github.com/angular/angular/pull/67541
 - https://github.com/angular/angular/pull/67561
 - https://github.com/angular/angular/commit/224e60ecb1b90115baa702f1c06edc1d64d86187
 - https://github.com/angular/angular/commit/78dea55351fb305b33a919c43a6b363137eca166
 - https://github.com/angular/angular/commit/8630319f74c9575a21693d875cc7d5252516146d
 - https://github.com/angular/angular/commit/ed2d324f9cc12aab6cfa0569ef10b73243a62c65
 - https://github.com/angular/angular
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:template-injection-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/template-injection-guard.md)
 - [nodejs:template-injection-guard](/Users/x/websafe/05-defense/secure-code/nodejs/template-injection-guard.md)
 - [java:template-injection-guard](/Users/x/websafe/05-defense/secure-code/java/template-injection-guard.md)
 - [php:template-injection-guard](/Users/x/websafe/05-defense/secure-code/php/template-injection-guard.md)
 - [python:template-injection-guard](/Users/x/websafe/05-defense/secure-code/python/template-injection-guard.md)
 - [ruby:template-injection-guard](/Users/x/websafe/05-defense/secure-code/ruby/template-injection-guard.md)
 - [csharp:template-injection-guard](/Users/x/websafe/05-defense/secure-code/csharp/template-injection-guard.md)
 - [go:template-injection-guard](/Users/x/websafe/05-defense/secure-code/go/template-injection-guard.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/aspnet-core/INDEX.md
+++ b/07-framework-security/frameworks/aspnet-core/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `aspnet-core`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `3`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `3`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -30,4 +30,6 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| CVE-2026-26130 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-03-11T13:53:20.707` | - |
 | CVE-2020-1045 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-02-23T18:23:07.950` | - |
 | CVE-2020-1597 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-02-23T18:25:45.733` | - |
--- a/07-framework-security/frameworks/astro/INDEX.md
+++ b/07-framework-security/frameworks/astro/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `astro`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `14`
 - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `14`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `14`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,17 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:27:12.689316Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-66202.md) |
 | Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:33:26.119485Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-65019.md) |
 | Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:01:27.986221Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64765.md) |
 | Astro vulnerable to reflected XSS via the server islands feature | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-20T14:43:59.624508Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64764.md) |
 | Astro Development Server has Arbitrary Local File Read | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-20T14:43:59.558170Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64757.md) |
 | Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-13T22:46:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64525.md) |
 | Astro development server error page is vulnerable to reflected Cross-site Scripting | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:22:31.471739Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-64745.md) |
 | Astro's bypass of image proxy domain validation leads to SSRF and potential XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-29T14:48:45Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-59837.md) |
 | Astro's `X-Forwarded-Host` is reflected without validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-11T00:12:31.565977Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-61925.md) |
 | Astro allows unauthorized third-party images in _image endpoint | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:22:36.525875Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-55303.md) |
 | Astros's duplicate trailing slash feature leads to an open redirection security issue | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:35:13.558198Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2025-54793.md) |
 | Astro's server source code is exposed to the public if sourcemaps are enabled | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:18:38.026555Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2024-56159.md) |
 | Atro CSRF Middleware Bypass (security.checkOrigin) | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:18:05.038082Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2024-56140.md) |
 | DOM Clobbering Gadget found in astro's client-side router that leads to XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-27T08:16:37.087731Z` | [link](/Users/x/websafe/07-framework-security/frameworks/astro/cases/astro-cve-2024-47885.md) |
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2024-47885.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2024-47885.md
@@ -0,0 +1,124 @@
 ---
 title: "DOM Clobbering Gadget found in astro's client-side router that leads to XSS"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2024-10-14T20:02:21Z"
 updated_date: "2025-11-27T08:16:37.087731Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2024-47885"
  - "GHSA-m85w-3h95-hcf9"
 affected_versions:
  - "introduced=3.0.0, fixed<4.16.1"
 fixed_versions:
  - "4.16.1"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "xss-output-encoding"
  - "dom-sink-hardening"
  - "plugin-extension-trust-policy"
  - "dependency-upgrade-policy"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-m85w-3h95-hcf9"
 ---
 # DOM Clobbering Gadget found in astro's client-side router that leads to XSS
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2024-47885`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-m85w-3h95-hcf9
 - 影响版本: `introduced=3.0.0, fixed<4.16.1`
 - 修复版本: `4.16.1`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2024-47885
 - https://github.com/withastro/astro/commit/a4ffbfaa5cb460c12bd486fd75e36147f51d3e5e
 - https://github.com/withastro/astro
 - https://github.com/withastro/astro/blob/7814a6cad15f06931f963580176d9b38aa7819f2/packages/astro/src/transitions/router.ts#L135-L156
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dom-sink-hardening.md)
 - [nodejs:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/nodejs/dom-sink-hardening.md)
 - [java:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/java/dom-sink-hardening.md)
 - [php:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/php/dom-sink-hardening.md)
 - [python:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/python/dom-sink-hardening.md)
 - [ruby:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/ruby/dom-sink-hardening.md)
 - [csharp:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/csharp/dom-sink-hardening.md)
 - [go:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/go/dom-sink-hardening.md)
 - [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
 - [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
 - [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
 - [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
 - [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
 - [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
 - [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
 - [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2024-56140.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2024-56140.md
@@ -0,0 +1,116 @@
 ---
 title: "Atro CSRF Middleware Bypass (security.checkOrigin)"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2024-12-18T15:02:37Z"
 updated_date: "2025-11-27T08:18:05.038082Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2024-56140"
  - "GHSA-c4pw-33h3-35xw"
 affected_versions:
  - "introduced=0, fixed<4.16.17"
 fixed_versions:
  - "4.16.17"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "token-cookie-storage"
  - "dependency-upgrade-policy"
  - "proxy-trust-boundary"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-c4pw-33h3-35xw"
 ---
 # Atro CSRF Middleware Bypass (security.checkOrigin)
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2024-56140`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-c4pw-33h3-35xw
 - 影响版本: `introduced=0, fixed<4.16.17`
 - 修复版本: `4.16.17`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2024-56140
 - https://github.com/withastro/astro/commit/e7d14c374b9d45e27089994a4eb72186d05514de
 - https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests
 - https://github.com/withastro/astro
 - https://github.com/withastro/astro/blob/6031962ab5f56457de986eb82bd24807e926ba1b/packages/astro/src/core/app/middlewares.ts
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2024-56159.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2024-56159.md
@@ -0,0 +1,102 @@
 ---
 title: "Astro's server source code is exposed to the public if sourcemaps are enabled"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2024-12-19T15:12:33Z"
 updated_date: "2025-11-27T08:18:38.026555Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2024-56159"
  - "GHSA-49w6-73cw-chjr"
 affected_versions:
  - "introduced=5.0.0-alpha.0, fixed<5.0.8"
  - "introduced=0, fixed<4.16.18"
 fixed_versions:
  - "5.0.8"
  - "4.16.18"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "dependency-upgrade-policy"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-49w6-73cw-chjr"
 ---
 # Astro's server source code is exposed to the public if sourcemaps are enabled
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2024-56159`
 - 系统: `astro`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-49w6-73cw-chjr
 - 影响版本: `introduced=5.0.0-alpha.0, fixed<5.0.8, introduced=0, fixed<4.16.18`
 - 修复版本: `5.0.8, 4.16.18`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2024-56159
 - https://github.com/withastro/astro/issues/12703
 - https://github.com/withastro/astro/commit/039d022b1bbaacf9ea83071d27affc5318e0e515
 - https://github.com/withastro/astro/commit/c879f501ff01b1a3c577de776a1f7100d78f8dd5
 - https://github.com/getsentry/sentry-javascript/blob/develop/packages/astro/src/integration/index.ts#L50
 - https://github.com/withastro/astro
 - https://github.com/withastro/astro/blob/176fe9f113fd912f9b61e848b00bbcfecd6d5c2c/packages/astro/src/core/build/static-build.ts#L139
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-54793.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-54793.md
@@ -0,0 +1,87 @@
 ---
 title: "Astros's duplicate trailing slash feature leads to an open redirection security issue"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-08-07T16:41:55Z"
 updated_date: "2025-11-27T08:35:13.558198Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-54793"
  - "GHSA-cq8c-xv66-36gw"
 affected_versions:
  - "introduced=5.2.0, fixed<5.12.8"
 fixed_versions:
  - "5.12.8"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw"
 ---
 # Astros's duplicate trailing slash feature leads to an open redirection security issue
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-54793`
 - 系统: `astro`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw
 - 影响版本: `introduced=5.2.0, fixed<5.12.8`
 - 修复版本: `5.12.8`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2025-54793
 - https://github.com/withastro/astro/commit/0567fb7b50c0c452be387dd7c7264b96bedab48f
 - https://github.com/withastro/astro
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-55303.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-55303.md
@@ -0,0 +1,100 @@
 ---
 title: "Astro allows unauthorized third-party images in _image endpoint"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-08-19T15:40:31Z"
 updated_date: "2025-11-27T08:22:36.525875Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-55303"
  - "GHSA-xf8x-j4p2-f749"
 affected_versions:
  - "introduced=5.0.0-alpha.0, fixed<5.13.2"
  - "introduced=0, fixed<9.1.1"
  - "introduced=0, fixed<4.16.19"
 fixed_versions:
  - "5.13.2"
  - "9.1.1"
  - "4.16.19"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "xss-output-encoding"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-xf8x-j4p2-f749"
 ---
 # Astro allows unauthorized third-party images in _image endpoint
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-55303`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-xf8x-j4p2-f749
 - 影响版本: `introduced=5.0.0-alpha.0, fixed<5.13.2, introduced=0, fixed<9.1.1, introduced=0, fixed<4.16.19`
 - 修复版本: `5.13.2, 9.1.1, 4.16.19`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2025-55303
 - https://github.com/withastro/astro/commit/4d16de7f95db5d1ec1ce88610d2a95e606e83820
 - https://github.com/withastro/astro
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-59837.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-59837.md
@@ -0,0 +1,115 @@
 ---
 title: "Astro's bypass of image proxy domain validation leads to SSRF and potential XSS"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-10-28T17:45:04Z"
 updated_date: "2025-10-29T14:48:45Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-59837"
  - "GHSA-qcpr-679q-rhm2"
 affected_versions:
  - "introduced=5.13.4, fixed<5.13.10"
 fixed_versions:
  - "5.13.10"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "xss-output-encoding"
  - "ssrf-url-validation"
  - "proxy-trust-boundary"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-qcpr-679q-rhm2"
 ---
 # Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-59837`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-qcpr-679q-rhm2
 - 影响版本: `introduced=5.13.4, fixed<5.13.10`
 - 修复版本: `5.13.10`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2025-59837
 - https://github.com/withastro/astro/commit/1e2499e8ea83ebfa233a18a7499e1ccf169e56f4
 - https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252
 - https://github.com/withastro/astro
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
 - [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
 - [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
 - [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
 - [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
 - [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
 - [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
 - [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-61925.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-61925.md
@@ -0,0 +1,97 @@
 ---
 title: "Astro's `X-Forwarded-Host` is reflected without validation"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-10-10T23:41:29Z"
 updated_date: "2025-10-11T00:12:31.565977Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-61925"
  - "GHSA-5ff5-9fcw-vg88"
 affected_versions:
  - "introduced=0, fixed<5.14.3"
 fixed_versions:
  - "5.14.3"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "proxy-trust-boundary"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-5ff5-9fcw-vg88"
 ---
 # Astro's `X-Forwarded-Host` is reflected without validation
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-61925`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-5ff5-9fcw-vg88
 - 影响版本: `introduced=0, fixed<5.14.3`
 - 修复版本: `5.14.3`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2025-61925
 - https://github.com/withastro/astro/commit/6ee63bfac4856f21b4d4633021b3d2ee059e553f
 - https://github.com/Chisnet/minimal_dynamic_astro_server
 - https://github.com/withastro/astro
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-64525.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-64525.md
@@ -0,0 +1,134 @@
 ---
 title: "Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-11-13T22:46:24Z"
 updated_date: "2025-11-13T22:46:24Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-64525"
  - "GHSA-hr2q-hp5q-x767"
 affected_versions:
  - "introduced=2.16.0, fixed<5.15.5"
 fixed_versions:
  - "5.15.5"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "xss-output-encoding"
  - "token-cookie-storage"
  - "ssrf-url-validation"
  - "dependency-upgrade-policy"
  - "proxy-trust-boundary"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-hr2q-hp5q-x767"
 ---
 # Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-64525`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-hr2q-hp5q-x767
 - 影响版本: `introduced=2.16.0, fixed<5.15.5`
 - 修复版本: `5.15.5`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2025-64525
 - https://github.com/withastro/astro/commit/dafbb1ba29912099c4faff1440033edc768af8b4
 - https://github.com/withastro/astro
 - https://github.com/withastro/astro/blob/970ac0f51172e1e6bff4440516a851e725ac3097/packages/astro/src/core/app/node.ts#L121
 - https://github.com/withastro/astro/blob/970ac0f51172e1e6bff4440516a851e725ac3097/packages/astro/src/core/app/node.ts#L97
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
 - [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
 - [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
 - [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
 - [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
 - [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
 - [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
 - [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
 - [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-64745.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-64745.md
@@ -0,0 +1,116 @@
 ---
 title: "Astro development server error page is vulnerable to reflected Cross-site Scripting"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-11-13T22:38:30Z"
 updated_date: "2025-11-27T08:22:31.471739Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-64745"
  - "GHSA-w2vj-39qv-7vh7"
 affected_versions:
  - "introduced=5.2.0, fixed<5.15.6"
 fixed_versions:
  - "5.15.6"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "xss-output-encoding"
  - "token-cookie-storage"
  - "dependency-upgrade-policy"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-w2vj-39qv-7vh7"
 ---
 # Astro development server error page is vulnerable to reflected Cross-site Scripting
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-64745`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-w2vj-39qv-7vh7
 - 影响版本: `introduced=5.2.0, fixed<5.15.6`
 - 修复版本: `5.15.6`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2025-64745
 - https://github.com/withastro/astro/pull/12994
 - https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91
 - https://github.com/withastro/astro
 - https://github.com/withastro/astro/blob/5bc37fd5cade62f753aef66efdf40f982379029a/packages/astro/src/template/4xx.ts#L133-L149
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-64757.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-64757.md
@@ -0,0 +1,105 @@
 ---
 title: "Astro Development Server has Arbitrary Local File Read"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-11-19T19:43:05Z"
 updated_date: "2025-11-20T14:43:59.558170Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-64757"
  - "GHSA-x3h8-62x9-952g"
 affected_versions:
  - "introduced=0, fixed<5.14.3"
 fixed_versions:
  - "5.14.3"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "path-traversal-guard"
  - "dependency-upgrade-policy"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-x3h8-62x9-952g"
 ---
 # Astro Development Server has Arbitrary Local File Read
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-64757`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-x3h8-62x9-952g
 - 影响版本: `introduced=0, fixed<5.14.3`
 - 修复版本: `5.14.3`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2025-64757
 - https://github.com/withastro/astro/commit/b8ca69b97149becefaf89bf21853de9c905cdbb7
 - https://github.com/withastro/astro
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-64764.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-64764.md
@@ -0,0 +1,114 @@
 ---
 title: "Astro vulnerable to reflected XSS via the server islands feature"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-11-19T20:00:14Z"
 updated_date: "2025-11-20T14:43:59.624508Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-64764"
  - "GHSA-wrwg-2hg8-v723"
 affected_versions:
  - "introduced=0, fixed<5.15.8"
 fixed_versions:
  - "5.15.8"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "xss-output-encoding"
  - "plugin-extension-trust-policy"
  - "dependency-upgrade-policy"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-wrwg-2hg8-v723"
 ---
 # Astro vulnerable to reflected XSS via the server islands feature
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-64764`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-wrwg-2hg8-v723
 - 影响版本: `introduced=0, fixed<5.15.8`
 - 修复版本: `5.15.8`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2025-64764
 - https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91
 - https://github.com/withastro/astro
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
 - [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
 - [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
 - [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
 - [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
 - [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
 - [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
 - [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-64765.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-64765.md
@@ -0,0 +1,114 @@
 ---
 title: "Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-11-19T20:03:21Z"
 updated_date: "2026-02-04T03:01:27.986221Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-64765"
  - "GHSA-ggxq-hp9w-j794"
 affected_versions:
  - "introduced=0, fixed<5.15.8"
 fixed_versions:
  - "5.15.8"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "plugin-extension-trust-policy"
  - "dependency-upgrade-policy"
  - "proxy-trust-boundary"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794"
 ---
 # Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-64765`
 - 系统: `astro`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794
 - 影响版本: `introduced=0, fixed<5.15.8`
 - 修复版本: `5.15.8`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2025-64765
 - https://github.com/withastro/astro/commit/6f800813516b07bbe12c666a92937525fddb58ce
 - https://github.com/withastro/astro
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
 - [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
 - [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
 - [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
 - [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
 - [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
 - [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
 - [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-65019.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-65019.md
@@ -0,0 +1,132 @@
 ---
 title: "Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-11-19T20:09:12Z"
 updated_date: "2025-11-27T08:33:26.119485Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-65019"
  - "GHSA-fvmw-cj7j-j39q"
 affected_versions:
  - "introduced=0, fixed<5.15.9"
 fixed_versions:
  - "5.15.9"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "xss-output-encoding"
  - "token-cookie-storage"
  - "plugin-extension-trust-policy"
  - "dependency-upgrade-policy"
  - "proxy-trust-boundary"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-fvmw-cj7j-j39q"
 ---
 # Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-65019`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-fvmw-cj7j-j39q
 - 影响版本: `introduced=0, fixed<5.15.9`
 - 修复版本: `5.15.9`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2025-65019
 - https://github.com/withastro/astro/commit/9e9c528191b6f5e06db9daf6ad26b8f68016e533
 - https://github.com/withastro/astro
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
 - [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
 - [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
 - [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
 - [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
 - [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
 - [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
 - [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
 - [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/astro/cases/astro-cve-2025-66202.md
+++ b/07-framework-security/frameworks/astro/cases/astro-cve-2025-66202.md
@@ -0,0 +1,98 @@
 ---
 title: "Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765"
 system_id: "astro"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-12-08T16:26:43Z"
 updated_date: "2026-02-04T02:27:12.689316Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2025-66202"
  - "GHSA-whqg-ppgf-wp8c"
 affected_versions:
  - "introduced=0, fixed<5.15.8"
 fixed_versions:
  - "5.15.8"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "csp-trusted-types"
  - "proxy-trust-boundary"
 primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794"
 ---
 # Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `astro--CVE-2025-66202`
 - 系统: `astro`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794
 - 影响版本: `introduced=0, fixed<5.15.8`
 - 修复版本: `5.15.8`
 ## 其他来源
 - https://github.com/withastro/astro/security/advisories/GHSA-whqg-ppgf-wp8c
 - https://nvd.nist.gov/vuln/detail/CVE-2025-64765
 - https://nvd.nist.gov/vuln/detail/CVE-2025-66202
 - https://github.com/withastro/astro/commit/6f800813516b07bbe12c666a92937525fddb58ce
 - https://github.com/withastro/astro
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
 - [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
 - [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
 - [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
 - [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
 - [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
 - [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
 - [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/django/INDEX.md
+++ b/07-framework-security/frameworks/django/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `django`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `82`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `5`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `5`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `82`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -33,4 +33,85 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Django vulnerable to Uncontrolled Resource Consumption | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-06T19:44:13.458245Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2026-25673.md) |
 | Django has a Race Condition vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-06T19:44:14.996605Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2026-25674.md) |
 | Django has Inefficient Algorithmic Complexity | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:41:06.153879Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2025-14550.md) |
 | Django has Inefficient Algorithmic Complexity | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:26:02.134436Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2026-1285.md) |
 | XSS in jQuery as used in Drupal, Backdrop CMS, and other products | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T21:56:20.301637Z` | [link](/Users/x/websafe/07-framework-security/frameworks/django/cases/django-cve-2019-11358.md) |
 | March 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | May 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | April 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Google Summer of Code 2026 with Django | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | June 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 5.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 5.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | December 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | September 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Plan to Adopt Contributor Covenant 3 as Django’s New Code of Conduct | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Djangonaut Space - Session 6 Accepting Applications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Django Steering Council 2025 Year in Review | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | February 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | May 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | December 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 4.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | September 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | September 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | November 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | March 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | April 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | February 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | February 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | DSF member of the month -  Baptiste Mispelon | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | October 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 1.10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | March 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | October 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | September 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | June 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Django security releases issued: 6.0.3, 5.2.12, and 4.2.29 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 3.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | August 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | April 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | May 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 6.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | January 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | January 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | December 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | October 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | July 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | August 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | DSF member of the month -  Theresa Seyram Agbenyegah | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | November 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 3.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | June 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 4.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | July 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 4.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | March 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | November 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 3.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | February 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Recent trends in the work of the Django Security Team | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | January 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 1.8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Django security releases issued: 6.0.2, 5.2.11, and 4.2.28 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | DSF member of the month - Omar Abou Mrad | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | December 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | November 2022 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | October 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 1.11 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | January 2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | August 2023 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to main content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to main content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | July 2024 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/frameworks/django/cases/django-cve-2019-11358.md
+++ b/07-framework-security/frameworks/django/cases/django-cve-2019-11358.md
@@ -0,0 +1,137 @@
 ---
 title: "XSS in jQuery as used in Drupal, Backdrop CMS, and other products"
 system_id: "django"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2019-04-26T16:29:11Z"
 updated_date: "2026-03-13T21:56:20.301637Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2019-11358"
  - "DRUPAL-CORE-2019-006"
  - "GHSA-6c3j-c64m-qhgq"
 affected_versions:
  - "0.1.1"
  - "0.1.2"
  - "0.1.3"
  - "0.2"
  - "0.2.1"
  - "0.2.2"
  - "0.2.3"
  - "0.2.4"
  - "0.2.5"
  - "0.2.6"
  - "0.2.7"
  - "1.0"
  - "1.0.1"
  - "1.0.10"
  - "1.0.11"
  - "1.0.12"
  - "1.0.13"
  - "1.0.14"
  - "1.0.15"
  - "1.0.16"
 fixed_versions:
  - "3.4.0"
  - "4.3.4"
  - "2.1.9"
  - "2.2.2"
  - "1.19.0"
 secure_code_topics:
  - "xss-output-encoding"
  - "path-traversal-guard"
  - "file-upload-validation"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
 ---
 # XSS in jQuery as used in Drupal, Backdrop CMS, and other products
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `django--CVE-2019-11358`
 - 系统: `django`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2019-11358
 - 影响版本: `0.1.1, 0.1.2, 0.1.3, 0.2, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6`
 - 修复版本: `3.4.0, 4.3.4, 2.1.9, 2.2.2, 1.19.0`
 ## 其他来源
 - https://github.com/maximebf/php-debugbar/issues/447
 - https://github.com/jquery/jquery/pull/4333
 - https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc
 - https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f
 - https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829
 - https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad
 - https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
 - https://seclists.org/bugtraq/2019/Apr/32
 - https://seclists.org/bugtraq/2019/Jun/12
 - https://seclists.org/bugtraq/2019/May/18
 - https://www.tenable.com/security/tns-2020-02
 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
--- a/07-framework-security/frameworks/django/cases/django-cve-2025-14550.md
+++ b/07-framework-security/frameworks/django/cases/django-cve-2025-14550.md
@@ -0,0 +1,120 @@
 ---
 title: "Django has Inefficient Algorithmic Complexity"
 system_id: "django"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-02-03T15:30:23Z"
 updated_date: "2026-02-22T23:41:06.153879Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-django-2025-14550"
  - "CVE-2025-14550"
  - "GHSA-33mw-q7rj-mjwj"
 affected_versions:
  - "6.0"
  - "6.0.1"
  - "6.0a1"
  - "6.0b1"
  - "6.0rc1"
  - "5.2"
  - "5.2.1"
  - "5.2.10"
  - "5.2.2"
  - "5.2.3"
  - "5.2.4"
  - "5.2.5"
  - "5.2.6"
  - "5.2.7"
  - "5.2.8"
  - "5.2.9"
  - "5.2a1"
  - "5.2b1"
  - "5.2rc1"
  - "4.2"
 fixed_versions:
  - "6.0.2"
  - "5.2.11"
  - "4.2.28"
 secure_code_topics:
  - "xss-output-encoding"
  - "path-traversal-guard"
  - "file-upload-validation"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2025-14550"
 ---
 # Django has Inefficient Algorithmic Complexity
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `django--CVE-2025-14550`
 - 系统: `django`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2025-14550
 - 影响版本: `6.0, 6.0.1, 6.0a1, 6.0b1, 6.0rc1, 5.2, 5.2.1, 5.2.10, 5.2.2, 5.2.3`
 - 修复版本: `6.0.2, 5.2.11, 4.2.28`
 ## 其他来源
 - https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
 - https://docs.djangoproject.com/en/dev/releases/security
 - https://github.com/django/django
 - https://groups.google.com/g/django-announce
 - https://www.djangoproject.com/weblog/2026/feb/03/security-releases
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
--- a/07-framework-security/frameworks/django/cases/django-cve-2026-1285.md
+++ b/07-framework-security/frameworks/django/cases/django-cve-2026-1285.md
@@ -0,0 +1,120 @@
 ---
 title: "Django has Inefficient Algorithmic Complexity"
 system_id: "django"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-02-03T15:30:23Z"
 updated_date: "2026-02-22T23:26:02.134436Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-django-2026-1285"
  - "CVE-2026-1285"
  - "GHSA-4rrr-2h4v-f3j9"
 affected_versions:
  - "6.0"
  - "6.0.1"
  - "6.0a1"
  - "6.0b1"
  - "6.0rc1"
  - "5.2"
  - "5.2.1"
  - "5.2.10"
  - "5.2.2"
  - "5.2.3"
  - "5.2.4"
  - "5.2.5"
  - "5.2.6"
  - "5.2.7"
  - "5.2.8"
  - "5.2.9"
  - "5.2a1"
  - "5.2b1"
  - "5.2rc1"
  - "4.2"
 fixed_versions:
  - "6.0.2"
  - "5.2.11"
  - "4.2.28"
 secure_code_topics:
  - "xss-output-encoding"
  - "path-traversal-guard"
  - "file-upload-validation"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2026-1285"
 ---
 # Django has Inefficient Algorithmic Complexity
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `django--CVE-2026-1285`
 - 系统: `django`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2026-1285
 - 影响版本: `6.0, 6.0.1, 6.0a1, 6.0b1, 6.0rc1, 5.2, 5.2.1, 5.2.10, 5.2.2, 5.2.3`
 - 修复版本: `6.0.2, 5.2.11, 4.2.28`
 ## 其他来源
 - https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
 - https://docs.djangoproject.com/en/dev/releases/security
 - https://github.com/django/django
 - https://groups.google.com/g/django-announce
 - https://www.djangoproject.com/weblog/2026/feb/03/security-releases
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
--- a/07-framework-security/frameworks/django/cases/django-cve-2026-25673.md
+++ b/07-framework-security/frameworks/django/cases/django-cve-2026-25673.md
@@ -0,0 +1,119 @@
 ---
 title: "Django vulnerable to Uncontrolled Resource Consumption"
 system_id: "django"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-03T15:31:41Z"
 updated_date: "2026-03-06T19:44:13.458245Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-django-2026-25673"
  - "CVE-2026-25673"
  - "GHSA-8p8v-wh79-9r56"
 affected_versions:
  - "6.0"
  - "6.0.1"
  - "6.0.2"
  - "5.2"
  - "5.2.1"
  - "5.2.10"
  - "5.2.11"
  - "5.2.2"
  - "5.2.3"
  - "5.2.4"
  - "5.2.5"
  - "5.2.6"
  - "5.2.7"
  - "5.2.8"
  - "5.2.9"
  - "4.2"
  - "4.2.1"
  - "4.2.10"
  - "4.2.11"
  - "4.2.12"
 fixed_versions:
  - "6.0.3"
  - "5.2.12"
  - "4.2.29"
 secure_code_topics:
  - "xss-output-encoding"
  - "path-traversal-guard"
  - "file-upload-validation"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2026-25673"
 ---
 # Django vulnerable to Uncontrolled Resource Consumption
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `django--CVE-2026-25673`
 - 系统: `django`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2026-25673
 - 影响版本: `6.0, 6.0.1, 6.0.2, 5.2, 5.2.1, 5.2.10, 5.2.11, 5.2.2, 5.2.3, 5.2.4`
 - 修复版本: `6.0.3, 5.2.12, 4.2.29`
 ## 其他来源
 - https://docs.djangoproject.com/en/dev/releases/security
 - https://github.com/django/django
 - https://groups.google.com/g/django-announce
 - https://www.djangoproject.com/weblog/2026/mar/03/security-releases
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
--- a/07-framework-security/frameworks/django/cases/django-cve-2026-25674.md
+++ b/07-framework-security/frameworks/django/cases/django-cve-2026-25674.md
@@ -0,0 +1,119 @@
 ---
 title: "Django has a Race Condition vulnerability"
 system_id: "django"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-03T15:31:41Z"
 updated_date: "2026-03-06T19:44:14.996605Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-django-2026-25674"
  - "CVE-2026-25674"
  - "GHSA-mjgh-79qc-68w3"
 affected_versions:
  - "6.0"
  - "6.0.1"
  - "6.0.2"
  - "5.2"
  - "5.2.1"
  - "5.2.10"
  - "5.2.11"
  - "5.2.2"
  - "5.2.3"
  - "5.2.4"
  - "5.2.5"
  - "5.2.6"
  - "5.2.7"
  - "5.2.8"
  - "5.2.9"
  - "4.2"
  - "4.2.1"
  - "4.2.10"
  - "4.2.11"
  - "4.2.12"
 fixed_versions:
  - "6.0.3"
  - "5.2.12"
  - "4.2.29"
 secure_code_topics:
  - "xss-output-encoding"
  - "path-traversal-guard"
  - "file-upload-validation"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2026-25674"
 ---
 # Django has a Race Condition vulnerability
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `django--CVE-2026-25674`
 - 系统: `django`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2026-25674
 - 影响版本: `6.0, 6.0.1, 6.0.2, 5.2, 5.2.1, 5.2.10, 5.2.11, 5.2.2, 5.2.3, 5.2.4`
 - 修复版本: `6.0.3, 5.2.12, 4.2.29`
 ## 其他来源
 - https://docs.djangoproject.com/en/dev/releases/security
 - https://github.com/django/django
 - https://groups.google.com/g/django-announce
 - https://www.djangoproject.com/weblog/2026/mar/03/security-releases
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
--- a/07-framework-security/frameworks/echo/INDEX.md
+++ b/07-framework-security/frameworks/echo/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `echo`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `2`
 - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `2`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -30,4 +30,5 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Open redirect in github.com/labstack/echo/v4 | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-20T16:03:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/echo/cases/echo-cve-2022-40083.md) |
 | Directory traversal on Windows in github.com/labstack/echo/v4 | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-20T16:03:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/echo/cases/echo-cve-2020-36565.md) |
--- a/07-framework-security/frameworks/echo/cases/echo-cve-2020-36565.md
+++ b/07-framework-security/frameworks/echo/cases/echo-cve-2020-36565.md
@@ -0,0 +1,95 @@
 ---
 title: "Directory traversal on Windows in github.com/labstack/echo/v4"
 system_id: "echo"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2021-04-14T20:04:52Z"
 updated_date: "2024-05-20T16:03:47Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2020-36565"
  - "GHSA-j453-hm5x-c46w"
  - "GO-2021-0051"
 affected_versions:
  - "introduced=0, fixed<4.1.18-0.20201215153152-4422e3b66b9f"
 fixed_versions:
  - "4.1.18-0.20201215153152-4422e3b66b9f"
 secure_code_topics:
  - "proxy-trust-boundary"
  - "token-cookie-storage"
  - "path-traversal-guard"
 primary_source: "https://github.com/labstack/echo/pull/1718"
 ---
 # Directory traversal on Windows in github.com/labstack/echo/v4
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `echo--CVE-2020-36565`
 - 系统: `echo`
 - 严重度: `unknown`
 - 来源置信度: `official`
 - 官方主源: https://github.com/labstack/echo/pull/1718
 - 影响版本: `introduced=0, fixed<4.1.18-0.20201215153152-4422e3b66b9f`
 - 修复版本: `4.1.18-0.20201215153152-4422e3b66b9f`
 ## 其他来源
 - https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
--- a/07-framework-security/frameworks/echo/cases/echo-cve-2022-40083.md
+++ b/07-framework-security/frameworks/echo/cases/echo-cve-2022-40083.md
@@ -0,0 +1,95 @@
 ---
 title: "Open redirect in github.com/labstack/echo/v4"
 system_id: "echo"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2022-10-11T21:29:24Z"
 updated_date: "2024-05-20T16:03:47Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2022-40083"
  - "GHSA-crxj-hrmp-4rwf"
  - "GO-2022-1031"
 affected_versions:
  - "introduced=0, fixed<4.9.0"
 fixed_versions:
  - "4.9.0"
 secure_code_topics:
  - "proxy-trust-boundary"
  - "token-cookie-storage"
  - "ssrf-url-validation"
 primary_source: "https://github.com/labstack/echo/issues/2259"
 ---
 # Open redirect in github.com/labstack/echo/v4
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `echo--CVE-2022-40083`
 - 系统: `echo`
 - 严重度: `unknown`
 - 来源置信度: `official`
 - 官方主源: https://github.com/labstack/echo/issues/2259
 - 影响版本: `introduced=0, fixed<4.9.0`
 - 修复版本: `4.9.0`
 ## 其他来源
 - https://github.com/labstack/echo/pull/2260
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
 - [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
 - [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
 - [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
 - [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
 - [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
 - [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
 - [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
 - [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
--- a/07-framework-security/frameworks/esbuild/INDEX.md
+++ b/07-framework-security/frameworks/esbuild/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `esbuild`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `1`
 - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `1`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -26,9 +26,10 @@
 - `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=npm; mode=core)
 - `official` [OSV esbuild](https://osv.dev/) (mode=core)
 - `ecosystem-authority` [NVD esbuild](https://nvd.nist.gov/vuln/search) (keyword=esbuild; mode=core)
 ## 案例列表
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| esbuild enables any website to send any requests to the development server and read the response | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:50:58.022803Z` | [link](/Users/x/websafe/07-framework-security/frameworks/esbuild/cases/esbuild-ghsa-67mh-4wv8-2f99.md) |
--- a/07-framework-security/frameworks/esbuild/cases/esbuild-ghsa-67mh-4wv8-2f99.md
+++ b/07-framework-security/frameworks/esbuild/cases/esbuild-ghsa-67mh-4wv8-2f99.md
@@ -0,0 +1,85 @@
 ---
 title: "esbuild enables any website to send any requests to the development server and read the response"
 system_id: "esbuild"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2025-02-10T17:48:07Z"
 updated_date: "2026-02-04T02:50:58.022803Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "GHSA-67mh-4wv8-2f99"
 affected_versions:
  - "introduced=0, fixed<0.25.0"
 fixed_versions:
  - "0.25.0"
 secure_code_topics:
  - "dependency-upgrade-policy"
  - "file-upload-validation"
 primary_source: "https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99"
 ---
 # esbuild enables any website to send any requests to the development server and read the response
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `esbuild--GHSA-67mh-4wv8-2f99`
 - 系统: `esbuild`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99
 - 影响版本: `introduced=0, fixed<0.25.0`
 - 修复版本: `0.25.0`
 ## 其他来源
 - https://github.com/evanw/esbuild/commit/de85afd65edec9ebc44a11e245fd9e9a2e99760d
 - https://github.com/evanw/esbuild
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
--- a/07-framework-security/frameworks/express/INDEX.md
+++ b/07-framework-security/frameworks/express/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `express`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `1`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `1`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -26,9 +26,10 @@
 - `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=npm; mode=core)
 - `official` [OSV Express](https://osv.dev/) (mode=core)
 - `ecosystem-authority` [NVD Express.js](https://nvd.nist.gov/vuln/search) (keyword=Express.js; mode=core)
 ## 案例列表
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| CVE-2025-67731 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-17T19:40:55.690` | - |
--- a/07-framework-security/frameworks/fastify/INDEX.md
+++ b/07-framework-security/frameworks/fastify/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `fastify`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `1`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `1`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,4 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16T03:05:26.332715Z` | [link](/Users/x/websafe/07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3419.md) |
--- a/07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3419.md
+++ b/07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3419.md
@@ -0,0 +1,109 @@
 ---
 title: "Fastify's Missing End Anchor in 'subtypeNameReg' Allows Malformed Content-Types to Pass Validation"
 system_id: "fastify"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-05T21:29:54Z"
 updated_date: "2026-03-16T03:05:26.332715Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2026-3419"
  - "GHSA-573f-x89g-hqp9"
 affected_versions:
  - "introduced=5.7.2, fixed<5.8.1"
 fixed_versions:
  - "5.8.1"
 secure_code_topics:
  - "proxy-trust-boundary"
  - "ssrf-url-validation"
  - "xss-output-encoding"
  - "token-cookie-storage"
 primary_source: "https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9"
 ---
 # Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `fastify--CVE-2026-3419`
 - 系统: `fastify`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9
 - 影响版本: `introduced=5.7.2, fixed<5.8.1`
 - 修复版本: `5.8.1`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2026-3419
 - https://github.com/fastify/fastify/commit/67f6c9b32cb3623d3c9470cc17ed830dd2f083d7
 - https://cna.openjsf.org/security-advisories.html
 - https://github.com/advisories/GHSA-573f-x89g-hqp9
 - https://github.com/fastify/fastify
 - https://httpwg.org/specs/rfc9110.html#field.content-type
 - https://www.cve.org/CVERecord?id=CVE-2026-3419
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
 - [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
 - [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
 - [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
 - [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
 - [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
 - [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
 - [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
 - [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/flask/INDEX.md
+++ b/07-framework-security/frameworks/flask/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `flask`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `1`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `1`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,4 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Flask session does not add `Vary: Cookie` header when accessed in some ways | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23T23:43:45.778179Z` | [link](/Users/x/websafe/07-framework-security/frameworks/flask/cases/flask-cve-2026-27205.md) |
--- a/07-framework-security/frameworks/flask/cases/flask-cve-2026-27205.md
+++ b/07-framework-security/frameworks/flask/cases/flask-cve-2026-27205.md
@@ -0,0 +1,125 @@
 ---
 title: "Flask session does not add `Vary: Cookie` header when accessed in some ways"
 system_id: "flask"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-02-19T20:45:41Z"
 updated_date: "2026-02-23T23:43:45.778179Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2026-27205"
  - "GHSA-68rp-wp8r-4726"
 affected_versions:
  - "0.1"
  - "0.10"
  - "0.10.1"
  - "0.11"
  - "0.11.1"
  - "0.12"
  - "0.12.1"
  - "0.12.2"
  - "0.12.3"
  - "0.12.4"
  - "0.12.5"
  - "0.2"
  - "0.3"
  - "0.3.1"
  - "0.4"
  - "0.5"
  - "0.5.1"
  - "0.5.2"
  - "0.6"
  - "0.6.1"
 fixed_versions:
  - "3.1.3"
 secure_code_topics:
  - "xss-output-encoding"
  - "ssrf-url-validation"
  - "token-cookie-storage"
  - "proxy-trust-boundary"
 primary_source: "https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726"
 ---
 # Flask session does not add `Vary: Cookie` header when accessed in some ways
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `flask--CVE-2026-27205`
 - 系统: `flask`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726
 - 影响版本: `0.1, 0.10, 0.10.1, 0.11, 0.11.1, 0.12, 0.12.1, 0.12.2, 0.12.3, 0.12.4`
 - 修复版本: `3.1.3`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2026-27205
 - https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4
 - https://github.com/pallets/flask
 - https://github.com/pallets/flask/releases/tag/3.1.3
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
 - [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
 - [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
 - [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
 - [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
 - [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
 - [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
 - [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/gin/INDEX.md
+++ b/07-framework-security/frameworks/gin/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `gin`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `1`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `1`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -30,4 +30,4 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T10:41:18.820930Z` | [link](/Users/x/websafe/07-framework-security/frameworks/gin/cases/gin-cve-2020-28483.md) |
--- a/07-framework-security/frameworks/gin/cases/gin-cve-2020-28483.md
+++ b/07-framework-security/frameworks/gin/cases/gin-cve-2020-28483.md
@@ -0,0 +1,111 @@
 ---
 title: "Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin"
 system_id: "gin"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2021-06-23T17:53:21Z"
 updated_date: "2026-03-14T10:41:18.820930Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2020-28483"
  - "GO-2021-0052"
  - "GHSA-h395-qcrw-5vmq"
 affected_versions:
  - "introduced=0, fixed<1.7.7"
 fixed_versions:
  - "1.7.7"
 secure_code_topics:
  - "proxy-trust-boundary"
  - "xss-output-encoding"
  - "dependency-upgrade-policy"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2020-28483"
 ---
 # Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `gin--CVE-2020-28483`
 - 系统: `gin`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2020-28483
 - 影响版本: `introduced=0, fixed<1.7.7`
 - 修复版本: `1.7.7`
 ## 其他来源
 - https://github.com/gin-gonic/gin/issues/2862
 - https://github.com/gin-gonic/gin/issues/2232
 - https://github.com/gin-gonic/gin/issues/2473
 - https://github.com/gin-gonic/gin/pull/2474
 - https://github.com/gin-gonic/gin/pull/2474#23issuecomment-729696437
 - https://github.com/gin-gonic/gin/pull/2632
 - https://github.com/gin-gonic/gin/pull/2675
 - https://github.com/gin-gonic/gin/pull/2844
 - https://github.com/gin-gonic/gin/pull/2844/files#diff-e6ce689a25eaef174c2dd51fe869fabbe04a6c6afbd416b23eda138c82e761baR1432
 - https://github.com/gin-gonic/gin/commit/03e5e05ae089bc989f1ca41841f05504d29e3fd9
 - https://github.com/gin-gonic/gin/commit/5929d521715610c9dd14898ebbe1d188d5de8937
 - https://github.com/gin-gonic/gin/commit/bfc8ca285eb46dad60e037d57c545cd260636711
 - https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736
 - https://pkg.go.dev/vuln/GO-2021-0052
 - https://github.com/gin-gonic/gin/releases/tag/v1.7.7
 - https://github.com/gin-gonic/gin/releases/tag/v1.7.0
 - https://github.com/gin-gonic/gin
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
--- a/07-framework-security/frameworks/hapi/INDEX.md
+++ b/07-framework-security/frameworks/hapi/INDEX.md
@@ -4,15 +4,15 @@
 - 系统 ID: `hapi`
 - 分类: `frameworks`
- 覆盖策略: `rolling-24m`
+- 覆盖策略: `history-full`
- 总案例数: `0`
+- 总案例数: `1`
 - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `1`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,4 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Denial of Service in @hapi/hapi | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2020-08-31T19:00:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/hapi/cases/hapi-ghsa-23vw-mhv5-grv5.md) |
--- a/07-framework-security/frameworks/hapi/README.md
+++ b/07-framework-security/frameworks/hapi/README.md
@@ -3,7 +3,7 @@
 > `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
 - 分类: `frameworks`
- 覆盖层级: `rolling-24m`
+- 覆盖层级: `history-full`
 - Advisory 模式: core
 - 输出目录: `07-framework-security/frameworks/hapi`
 - 修复主题: proxy-trust-boundary, token-cookie-storage
--- a/07-framework-security/frameworks/hapi/cases/hapi-ghsa-23vw-mhv5-grv5.md
+++ b/07-framework-security/frameworks/hapi/cases/hapi-ghsa-23vw-mhv5-grv5.md
@@ -0,0 +1,86 @@
 ---
 title: "Denial of Service in @hapi/hapi"
 system_id: "hapi"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2020-09-03T15:48:43Z"
 updated_date: "2020-08-31T19:00:56Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "GHSA-23vw-mhv5-grv5"
 affected_versions:
  - "introduced=0, fixed<18.4.1"
  - "introduced=19.0.0, fixed<19.1.1"
 fixed_versions:
  - "18.4.1"
  - "19.1.1"
 secure_code_topics:
  - "proxy-trust-boundary"
  - "token-cookie-storage"
 primary_source: "https://www.npmjs.com/advisories/1482"
 ---
 # Denial of Service in @hapi/hapi
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `hapi--GHSA-23vw-mhv5-grv5`
 - 系统: `hapi`
 - 严重度: `unknown`
 - 来源置信度: `official`
 - 官方主源: https://www.npmjs.com/advisories/1482
 - 影响版本: `introduced=0, fixed<18.4.1, introduced=19.0.0, fixed<19.1.1`
 - 修复版本: `18.4.1, 19.1.1`
 ## 其他来源
 - 无额外来源
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/koa/INDEX.md
+++ b/07-framework-security/frameworks/koa/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `koa`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `1`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `1`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,4 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Koa has Host Header Injection via ctx.hostname | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-26T23:36:36.294040Z` | [link](/Users/x/websafe/07-framework-security/frameworks/koa/cases/koa-cve-2026-27959.md) |
--- a/07-framework-security/frameworks/koa/cases/koa-cve-2026-27959.md
+++ b/07-framework-security/frameworks/koa/cases/koa-cve-2026-27959.md
@@ -0,0 +1,108 @@
 ---
 title: "Koa has Host Header Injection via ctx.hostname"
 system_id: "koa"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-02-26T22:42:57Z"
 updated_date: "2026-02-26T23:36:36.294040Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2026-27959"
  - "GHSA-7gcc-r8m5-44qm"
 affected_versions:
  - "introduced=3.0.0, fixed<3.1.2"
  - "introduced=0, fixed<2.16.4"
 fixed_versions:
  - "3.1.2"
  - "2.16.4"
 secure_code_topics:
  - "proxy-trust-boundary"
  - "ssrf-url-validation"
  - "xss-output-encoding"
  - "token-cookie-storage"
 primary_source: "https://github.com/koajs/koa/security/advisories/GHSA-7gcc-r8m5-44qm"
 ---
 # Koa has Host Header Injection via ctx.hostname
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `koa--CVE-2026-27959`
 - 系统: `koa`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/koajs/koa/security/advisories/GHSA-7gcc-r8m5-44qm
 - 影响版本: `introduced=3.0.0, fixed<3.1.2, introduced=0, fixed<2.16.4`
 - 修复版本: `3.1.2, 2.16.4`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2026-27959
 - https://github.com/koajs/koa/commit/55ab9bab044ead4e82c70a30a4f9dc0fc9c1b6df
 - https://github.com/koajs/koa/commit/b76ddc01fdb703e51652b0fd131d16394cadcfeb
 - https://github.com/koajs/koa
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
 - [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
 - [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
 - [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
 - [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
 - [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
 - [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
 - [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
 - [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/laravel/INDEX.md
+++ b/07-framework-security/frameworks/laravel/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `laravel`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `2`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `2`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,5 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Laravel Framework XSS in Blade templating engine | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:01:16.767646Z` | [link](/Users/x/websafe/07-framework-security/frameworks/laravel/cases/laravel-cve-2021-43808.md) |
 | Query Binding Exploitation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:34.333730Z` | [link](/Users/x/websafe/07-framework-security/frameworks/laravel/cases/laravel-cve-2021-21263.md) |
--- a/07-framework-security/frameworks/laravel/cases/laravel-cve-2021-21263.md
+++ b/07-framework-security/frameworks/laravel/cases/laravel-cve-2021-21263.md
@@ -0,0 +1,125 @@
 ---
 title: "Query Binding Exploitation"
 system_id: "laravel"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2021-01-19T19:36:51Z"
 updated_date: "2026-03-13T22:15:34.333730Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-laravel-2021-21263"
  - "CVE-2021-21263"
  - "GHSA-3p32-j457-pg5x"
 affected_versions:
  - "v8.0.0"
  - "v8.0.1"
  - "v8.0.2"
  - "v8.0.3"
  - "v8.0.4"
  - "v8.1.0"
  - "v8.10.0"
  - "v8.11.0"
  - "v8.11.1"
  - "v8.11.2"
  - "v8.12.0"
  - "v8.12.1"
  - "v8.12.2"
  - "v8.12.3"
  - "v8.13.0"
  - "v8.14.0"
  - "v8.15.0"
  - "v8.16.0"
  - "v8.16.1"
  - "v8.17.0"
 fixed_versions:
  - "8.22.1"
  - "7.30.3"
  - "6.20.12"
  - "6.20.11"
  - "7.30.2"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "file-upload-validation"
 primary_source: "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
 ---
 # Query Binding Exploitation
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `laravel--CVE-2021-21263`
 - 系统: `laravel`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x
 - 影响版本: `v8.0.0, v8.0.1, v8.0.2, v8.0.3, v8.0.4, v8.1.0, v8.10.0, v8.11.0, v8.11.1, v8.11.2`
 - 修复版本: `8.22.1, 7.30.3, 6.20.12, 6.20.11, 7.30.2`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2021-21263
 - https://github.com/laravel/framework/pull/35865
 - https://blog.laravel.com/security-laravel-62011-7302-8221-released
 - https://blog.laravel.com/security-laravel-62012-7303-released
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/database/CVE-2021-21263.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2021-21263.yaml
 - https://packagist.org/packages/illuminate/database
 - https://packagist.org/packages/laravel/framework
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
--- a/07-framework-security/frameworks/laravel/cases/laravel-cve-2021-43808.md
+++ b/07-framework-security/frameworks/laravel/cases/laravel-cve-2021-43808.md
@@ -0,0 +1,125 @@
 ---
 title: "Laravel Framework XSS in Blade templating engine"
 system_id: "laravel"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2021-12-08T19:57:36Z"
 updated_date: "2026-03-13T22:01:16.767646Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2021-43808"
  - "GHSA-66hf-2p6w-jqfw"
 affected_versions:
  - "5.0.30"
  - "5.2.41"
  - "v4.0.0"
  - "v4.0.0-BETA2"
  - "v4.0.0-BETA3"
  - "v4.0.0-BETA4"
  - "v4.0.1"
  - "v4.0.10"
  - "v4.0.11"
  - "v4.0.2"
  - "v4.0.3"
  - "v4.0.4"
  - "v4.0.5"
  - "v4.0.6"
  - "v4.0.7"
  - "v4.0.8"
  - "v4.0.9"
  - "v4.1.0"
  - "v4.1.1"
  - "v4.1.10"
 fixed_versions:
  - "6.20.42"
  - "7.30.6"
  - "8.75.0"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "file-upload-validation"
 primary_source: "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
 ---
 # Laravel Framework XSS in Blade templating engine
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `laravel--CVE-2021-43808`
 - 系统: `laravel`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
 - 影响版本: `5.0.30, 5.2.41, v4.0.0, v4.0.0-BETA2, v4.0.0-BETA3, v4.0.0-BETA4, v4.0.1, v4.0.10, v4.0.11, v4.0.2`
 - 修复版本: `6.20.42, 7.30.6, 8.75.0`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2021-43808
 - https://github.com/laravel/framework/pull/39906
 - https://github.com/laravel/framework/pull/39908
 - https://github.com/laravel/framework/pull/39909
 - https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/view/CVE-2021-43808.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2021-43808.yaml
 - https://github.com/laravel/framework
 - https://github.com/laravel/framework/releases/tag/v6.20.42
 - https://github.com/laravel/framework/releases/tag/v7.30.6
 - https://github.com/laravel/framework/releases/tag/v8.75.0
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
--- a/07-framework-security/frameworks/nestjs/INDEX.md
+++ b/07-framework-security/frameworks/nestjs/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `nestjs`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `2`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `2`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -26,9 +26,11 @@
 - `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=npm; mode=core)
 - `official` [OSV NestJS](https://osv.dev/) (mode=core)
 - `ecosystem-authority` [NVD NestJS](https://nvd.nist.gov/vuln/search) (keyword=NestJS; mode=core)
 ## 案例列表
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| CVE-2026-2293 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-02T20:30:10.923` | - |
 | CVE-2025-69211 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-02-20T16:58:36.320` | - |
--- a/07-framework-security/frameworks/nextjs/INDEX.md
+++ b/07-framework-security/frameworks/nextjs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-18T18:34:26+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -74,6 +74,7 @@
 | Directory traversal vulnerability in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:00:21.025418Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2018-6184.md) |
 | Next.js Directory Traversal Vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-22T19:49:35Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2017-16877.md) |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Denial of Service in Partial Pre Rendering | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
@@ -85,15 +86,15 @@
 | Security 
           36 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Server Actions Source Code Exposure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Star
            138k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Denial of Service with Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Denial of Service in Image Optimizer | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Unbounded next/image disk cache growth can exhaust storage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | null origin can bypass dev HMR websocket CSRF checks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | HTTP request smuggling in rewrites | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Pull requests 
--- a/07-framework-security/frameworks/nodejs/INDEX.md
+++ b/07-framework-security/frameworks/nodejs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `8`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
--- a/07-framework-security/frameworks/nuxt/INDEX.md
+++ b/07-framework-security/frameworks/nuxt/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `28`
- 最近渲染时间: `2026-03-18T18:34:30+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -57,9 +57,10 @@
 | Pull requests 
           118 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | nuxt | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | nuxt | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | DOS via cache poisoning with payload rendering response | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Star
            59.9k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/frameworks/rails/INDEX.md
+++ b/07-framework-security/frameworks/rails/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `rails`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `42`
 - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `10`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `42`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -26,9 +26,51 @@
 - `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=rubygems; mode=core)
 - `official` [OSV Rails](https://osv.dev/) (mode=core)
 - `ecosystem-authority` [NVD Ruby on Rails](https://nvd.nist.gov/vuln/search) (keyword=Ruby on Rails; mode=core)
 ## 案例列表
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Rails has possible XSS Vulnerability in Action Controller | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-20T10:42:26.578616Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2024-26143.md) |
 | Ruby on Rails vulnerable to code injection | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-03T14:58:34.698394Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2006-4111.md) |
 | Rails Denial of Service vulnerability | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-03T15:46:47.783301Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2006-4112.md) |
 | Moderate severity vulnerability that affects rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T15:30:21.670801Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-3227.md) |
 | Moderate severity vulnerability that affects rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-05-01T18:49:06.777708Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-5379.md) |
 | Session fixation vulnerability in Rails  | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T15:30:02.622007Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-5380.md) |
 | session fixation protection mechanism in cgi_process.rb in Rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T15:55:51.425352Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2007-6077.md) |
 | rails is vulnerable to CRLF injection | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T17:02:22.936736Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2008-5189.md) |
 | Moderate severity vulnerability that affects rails | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-04-09T20:05:53.148849Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2009-4214.md) |
 | Rails vulnerable to Cross-site Scripting | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-08T05:43:59.579843Z` | [link](/Users/x/websafe/07-framework-security/frameworks/rails/cases/rails-cve-2014-0081.md) |
 | CVE-2013-0156 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2013-0155 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-6497 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-6496 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-3465 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-3464 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-3463 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-3424 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-2695 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-2694 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-2661 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-2660 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-1099 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2012-1098 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-4319 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-3187 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-3186 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-2932 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-2931 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-2930 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-2929 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-2197 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-0449 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-0448 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-0447 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2011-0446 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2010-3933 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-11T00:51:21.963` | - |
 | CVE-2008-7248 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
 | CVE-2009-3086 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
 | CVE-2009-3009 | `medium` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
 | CVE-2009-2422 | `critical` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
 | CVE-2008-4094 | `high` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2025-04-09T00:30:58.490` | - |
--- a/07-framework-security/frameworks/rails/cases/rails-cve-2006-4111.md
+++ b/07-framework-security/frameworks/rails/cases/rails-cve-2006-4111.md
@@ -0,0 +1,113 @@
 ---
 title: "Ruby on Rails vulnerable to code injection"
 system_id: "rails"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2017-10-24T18:33:38Z"
 updated_date: "2025-04-03T14:58:34.698394Z"
 severity: "high"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2006-4111"
  - "GHSA-rvpq-5xqx-pfpp"
 affected_versions:
  - "1.1.0"
  - "1.1.1"
  - "1.1.2"
  - "1.1.3"
  - "1.1.4"
  - "1.1.5"
  - "introduced=1.1.0, fixed<1.1.6"
 fixed_versions:
  - "1.1.6"
 secure_code_topics:
  - "xss-output-encoding"
  - "file-upload-validation"
  - "authz-server-side-recheck"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2006-4111"
 ---
 # Ruby on Rails vulnerable to code injection
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `rails--CVE-2006-4111`
 - 系统: `rails`
 - 严重度: `high`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2006-4111
 - 影响版本: `1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, introduced=1.1.0, fixed<1.1.6`
 - 修复版本: `1.1.6`
 ## 其他来源
 - http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html
 - https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md
 - https://github.com/rails/rails
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml
 - https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
 - https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
 - http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits
 - http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
 - http://www.novell.com/linux/security/advisories/2006_21_sr.html
 - http://secunia.com/advisories/21466
 - http://secunia.com/advisories/21749
 - http://securitytracker.com/id?1016673
 - http://www.securityfocus.com/bid/19454
 - http://www.vupen.com/english/advisories/2006/3237
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
--- a/07-framework-security/frameworks/rails/cases/rails-cve-2006-4112.md
+++ b/07-framework-security/frameworks/rails/cases/rails-cve-2006-4112.md
@@ -0,0 +1,124 @@
 ---
 title: "Rails Denial of Service vulnerability"
 system_id: "rails"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2017-10-24T18:33:38Z"
 updated_date: "2025-04-03T15:46:47.783301Z"
 severity: "high"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2006-4112"
  - "GHSA-9wrq-xvmp-xjc8"
 affected_versions:
  - "1.1.0"
  - "1.1.1"
  - "1.1.2"
  - "1.1.3"
  - "1.1.4"
  - "1.1.5"
  - "introduced=1.1.0, fixed<1.1.6"
 fixed_versions:
  - "1.1.6"
 secure_code_topics:
  - "xss-output-encoding"
  - "file-upload-validation"
  - "authz-server-side-recheck"
  - "dependency-upgrade-policy"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2006-4112"
 ---
 # Rails Denial of Service vulnerability
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `rails--CVE-2006-4112`
 - 系统: `rails`
 - 严重度: `high`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2006-4112
 - 影响版本: `1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, introduced=1.1.0, fixed<1.1.6`
 - 修复版本: `1.1.6`
 ## 其他来源
 - http://secunia.com/advisories/21424
 - https://exchange.xforce.ibmcloud.com/vulnerabilities/28364
 - https://github.com/rails/rails
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml
 - https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
 - https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded
 - https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
 - http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure
 - http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
 - http://www.kb.cert.org/vuls/id/699540
 - http://www.novell.com/linux/security/advisories/2006_21_sr.html
 - http://secunia.com/advisories/21466
 - http://secunia.com/advisories/21749
 - http://securitytracker.com/id?1016673
 - http://www.securityfocus.com/archive/1/442934/100/0/threaded
 - http://www.securityfocus.com/bid/19454
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
--- a/07-framework-security/frameworks/rails/cases/rails-cve-2007-3227.md
+++ b/07-framework-security/frameworks/rails/cases/rails-cve-2007-3227.md
@@ -0,0 +1,128 @@
 ---
 title: "Moderate severity vulnerability that affects rails"
 system_id: "rails"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2017-10-24T18:33:38Z"
 updated_date: "2025-04-09T15:30:21.670801Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2007-3227"
  - "GHSA-gm25-fpmr-43fj"
 affected_versions:
  - "0.10.0"
  - "0.10.1"
  - "0.11.0"
  - "0.11.1"
  - "0.12.0"
  - "0.12.1"
  - "0.13.0"
  - "0.13.1"
  - "0.14.1"
  - "0.14.2"
  - "0.14.3"
  - "0.14.4"
  - "0.8.0"
  - "0.8.5"
  - "0.9.0"
  - "0.9.1"
  - "0.9.2"
  - "0.9.3"
  - "0.9.4"
  - "0.9.4.1"
 fixed_versions:
  - "1.2.5"
 secure_code_topics:
  - "xss-output-encoding"
  - "file-upload-validation"
  - "authz-server-side-recheck"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2007-3227"
 ---
 # Moderate severity vulnerability that affects rails
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `rails--CVE-2007-3227`
 - 系统: `rails`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2007-3227
 - 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
 - 修复版本: `1.2.5`
 ## 其他来源
 - http://bugs.gentoo.org/show_bug.cgi?id=195315
 - https://github.com/advisories/GHSA-gm25-fpmr-43fj
 - https://github.com/rails/rails
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml
 - http://dev.rubyonrails.org/ticket/8371
 - http://osvdb.org/36378
 - http://pastie.caboo.se/65550.txt
 - http://secunia.com/advisories/25699
 - http://secunia.com/advisories/27657
 - http://secunia.com/advisories/27756
 - http://security.gentoo.org/glsa/glsa-200711-17.xml
 - http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release
 - http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
 - http://www.novell.com/linux/security/advisories/2007_24_sr.html
 - http://www.securityfocus.com/bid/24161
 - http://www.vupen.com/english/advisories/2007/2216
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
--- a/07-framework-security/frameworks/rails/cases/rails-cve-2007-5379.md
+++ b/07-framework-security/frameworks/rails/cases/rails-cve-2007-5379.md
@@ -0,0 +1,129 @@
 ---
 title: "Moderate severity vulnerability that affects rails"
 system_id: "rails"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2017-10-24T18:33:38Z"
 updated_date: "2025-05-01T18:49:06.777708Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2007-5379"
  - "GHSA-fjfg-q662-gm6j"
 affected_versions:
  - "0.10.0"
  - "0.10.1"
  - "0.11.0"
  - "0.11.1"
  - "0.12.0"
  - "0.12.1"
  - "0.13.0"
  - "0.13.1"
  - "0.14.1"
  - "0.14.2"
  - "0.14.3"
  - "0.14.4"
  - "0.8.0"
  - "0.8.5"
  - "0.9.0"
  - "0.9.1"
  - "0.9.2"
  - "0.9.3"
  - "0.9.4"
  - "0.9.4.1"
 fixed_versions:
  - "1.2.4"
 secure_code_topics:
  - "xss-output-encoding"
  - "file-upload-validation"
  - "authz-server-side-recheck"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2007-5379"
 ---
 # Moderate severity vulnerability that affects rails
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `rails--CVE-2007-5379`
 - 系统: `rails`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2007-5379
 - 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
 - 修复版本: `1.2.4`
 ## 其他来源
 - http://bugs.gentoo.org/show_bug.cgi?id=195315
 - https://github.com/rails/rails
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml
 - https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
 - https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453
 - http://docs.info.apple.com/article.html?artnum=307179
 - http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
 - http://security.gentoo.org/glsa/glsa-200711-17.xml
 - http://www.us-cert.gov/cas/techalerts/TA07-352A.html
 - http://www.vupen.com/english/advisories/2007/3508
 - http://www.vupen.com/english/advisories/2007/4238
 - http://dev.rubyonrails.org/ticket/8453
 - http://osvdb.org/40717
 - http://secunia.com/advisories/27657
 - http://secunia.com/advisories/28136
 - http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
 - http://www.securityfocus.com/bid/26096
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
--- a/07-framework-security/frameworks/rails/cases/rails-cve-2007-5380.md
+++ b/07-framework-security/frameworks/rails/cases/rails-cve-2007-5380.md
@@ -0,0 +1,137 @@
 ---
 title: "Session fixation vulnerability in Rails "
 system_id: "rails"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2017-10-24T18:33:38Z"
 updated_date: "2025-04-09T15:30:02.622007Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2007-5380"
  - "GHSA-jwhv-rgqc-fqj5"
 affected_versions:
  - "0.10.0"
  - "0.10.1"
  - "0.11.0"
  - "0.11.1"
  - "0.12.0"
  - "0.12.1"
  - "0.13.0"
  - "0.13.1"
  - "0.14.1"
  - "0.14.2"
  - "0.14.3"
  - "0.14.4"
  - "0.8.0"
  - "0.8.5"
  - "0.9.0"
  - "0.9.1"
  - "0.9.2"
  - "0.9.3"
  - "0.9.4"
  - "0.9.4.1"
 fixed_versions:
  - "1.2.4"
 secure_code_topics:
  - "xss-output-encoding"
  - "file-upload-validation"
  - "authz-server-side-recheck"
  - "token-cookie-storage"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2007-5380"
 ---
 # Session fixation vulnerability in Rails 
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `rails--CVE-2007-5380`
 - 系统: `rails`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2007-5380
 - 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
 - 修复版本: `1.2.4`
 ## 其他来源
 - http://bugs.gentoo.org/show_bug.cgi?id=195315
 - https://github.com/advisories/GHSA-jwhv-rgqc-fqj5
 - https://github.com/rails/rails
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml
 - http://docs.info.apple.com/article.html?artnum=307179
 - http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
 - http://secunia.com/advisories/27657
 - http://secunia.com/advisories/27965
 - http://secunia.com/advisories/28136
 - http://security.gentoo.org/glsa/glsa-200711-17.xml
 - http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
 - http://www.novell.com/linux/security/advisories/2007_25_sr.html
 - http://www.securityfocus.com/bid/26096
 - http://www.us-cert.gov/cas/techalerts/TA07-352A.html
 - http://www.vupen.com/english/advisories/2007/3508
 - http://www.vupen.com/english/advisories/2007/4238
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/rails/cases/rails-cve-2007-6077.md
+++ b/07-framework-security/frameworks/rails/cases/rails-cve-2007-6077.md
@@ -0,0 +1,135 @@
 ---
 title: "session fixation protection mechanism in cgi_process.rb in Rails"
 system_id: "rails"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2017-10-24T18:33:38Z"
 updated_date: "2025-04-09T15:55:51.425352Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2007-6077"
  - "GHSA-p4c6-77gc-694x"
 affected_versions:
  - "0.10.0"
  - "0.10.1"
  - "0.11.0"
  - "0.11.1"
  - "0.12.0"
  - "0.12.1"
  - "0.13.0"
  - "0.13.1"
  - "0.14.1"
  - "0.14.2"
  - "0.14.3"
  - "0.14.4"
  - "0.8.0"
  - "0.8.5"
  - "0.9.0"
  - "0.9.1"
  - "0.9.2"
  - "0.9.3"
  - "0.9.4"
  - "0.9.4.1"
 fixed_versions:
  - "1.2.6"
 secure_code_topics:
  - "xss-output-encoding"
  - "file-upload-validation"
  - "authz-server-side-recheck"
  - "token-cookie-storage"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2007-6077"
 ---
 # session fixation protection mechanism in cgi_process.rb in Rails
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `rails--CVE-2007-6077`
 - 系统: `rails`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2007-6077
 - 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
 - 修复版本: `1.2.6`
 ## 其他来源
 - http://dev.rubyonrails.org/changeset/8177
 - https://github.com/advisories/GHSA-p4c6-77gc-694x
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml
 - https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
 - http://dev.rubyonrails.org/ticket/10048
 - http://docs.info.apple.com/article.html?artnum=307179
 - http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
 - http://secunia.com/advisories/27781
 - http://secunia.com/advisories/28136
 - http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
 - http://www.securityfocus.com/bid/26598
 - http://www.us-cert.gov/cas/techalerts/TA07-352A.html
 - http://www.vupen.com/english/advisories/2007/4009
 - http://www.vupen.com/english/advisories/2007/4238
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/rails/cases/rails-cve-2008-5189.md
+++ b/07-framework-security/frameworks/rails/cases/rails-cve-2008-5189.md
@@ -0,0 +1,119 @@
 ---
 title: "rails is vulnerable to CRLF injection"
 system_id: "rails"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2017-10-24T18:33:38Z"
 updated_date: "2025-04-09T17:02:22.936736Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2008-5189"
  - "GHSA-jmgf-p46x-982h"
 affected_versions:
  - "0.10.0"
  - "0.10.1"
  - "0.11.0"
  - "0.11.1"
  - "0.12.0"
  - "0.12.1"
  - "0.13.0"
  - "0.13.1"
  - "0.14.1"
  - "0.14.2"
  - "0.14.3"
  - "0.14.4"
  - "0.8.0"
  - "0.8.5"
  - "0.9.0"
  - "0.9.1"
  - "0.9.2"
  - "0.9.3"
  - "0.9.4"
  - "0.9.4.1"
 fixed_versions:
  - "2.0.5"
 secure_code_topics:
  - "xss-output-encoding"
  - "file-upload-validation"
  - "authz-server-side-recheck"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2008-5189"
 ---
 # rails is vulnerable to CRLF injection
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `rails--CVE-2008-5189`
 - 系统: `rails`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2008-5189
 - 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
 - 修复版本: `2.0.5`
 ## 其他来源
 - http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml
 - http://github.com/rails/rails
 - http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
 - http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing
 - http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
 - http://www.securityfocus.com/bid/32359
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
--- a/07-framework-security/frameworks/rails/cases/rails-cve-2009-4214.md
+++ b/07-framework-security/frameworks/rails/cases/rails-cve-2009-4214.md
@@ -0,0 +1,140 @@
 ---
 title: "Moderate severity vulnerability that affects rails"
 system_id: "rails"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2017-10-24T18:33:38Z"
 updated_date: "2025-04-09T20:05:53.148849Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2009-4214"
  - "GHSA-9p3v-wf2w-v29c"
 affected_versions:
  - "0.10.0"
  - "0.10.1"
  - "0.11.0"
  - "0.11.1"
  - "0.12.0"
  - "0.12.1"
  - "0.13.0"
  - "0.13.1"
  - "0.14.1"
  - "0.14.2"
  - "0.14.3"
  - "0.14.4"
  - "0.8.0"
  - "0.8.5"
  - "0.9.0"
  - "0.9.1"
  - "0.9.2"
  - "0.9.3"
  - "0.9.4"
  - "0.9.4.1"
 fixed_versions:
  - "2.2.2"
  - "2.3.5"
 secure_code_topics:
  - "xss-output-encoding"
  - "file-upload-validation"
  - "authz-server-side-recheck"
  - "token-cookie-storage"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2009-4214"
 ---
 # Moderate severity vulnerability that affects rails
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `rails--CVE-2009-4214`
 - 系统: `rails`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2009-4214
 - 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
 - 修复版本: `2.2.2, 2.3.5`
 ## 其他来源
 - http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5
 - https://github.com/advisories/GHSA-9p3v-wf2w-v29c
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml
 - http://github.com/rails/rails
 - http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
 - http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
 - http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
 - http://secunia.com/advisories/37446
 - http://secunia.com/advisories/38915
 - http://support.apple.com/kb/HT4077
 - http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
 - http://www.debian.org/security/2011/dsa-2260
 - http://www.debian.org/security/2011/dsa-2301
 - http://www.openwall.com/lists/oss-security/2009/11/27/2
 - http://www.openwall.com/lists/oss-security/2009/12/08/3
 - http://www.securityfocus.com/bid/37142
 - http://www.securitytracker.com/id?1023245
 - http://www.vupen.com/english/advisories/2009/3352
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/rails/cases/rails-cve-2014-0081.md
+++ b/07-framework-security/frameworks/rails/cases/rails-cve-2014-0081.md
@@ -0,0 +1,124 @@
 ---
 title: "Rails vulnerable to Cross-site Scripting"
 system_id: "rails"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2017-10-24T18:33:36Z"
 updated_date: "2024-12-08T05:43:59.579843Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2014-0081"
  - "GHSA-m46p-ggm5-5j83"
 affected_versions:
  - "3.0.0"
  - "3.0.1"
  - "3.0.10"
  - "3.0.10.rc1"
  - "3.0.11"
  - "3.0.12"
  - "3.0.12.rc1"
  - "3.0.13"
  - "3.0.13.rc1"
  - "3.0.14"
  - "3.0.15"
  - "3.0.16"
  - "3.0.17"
  - "3.0.18"
  - "3.0.19"
  - "3.0.2"
  - "3.0.20"
  - "3.0.3"
  - "3.0.4"
  - "3.0.4.rc1"
 fixed_versions:
  - "3.2.17"
  - "4.0.3"
 secure_code_topics:
  - "xss-output-encoding"
  - "file-upload-validation"
  - "authz-server-side-recheck"
 primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2014-0081"
 ---
 # Rails vulnerable to Cross-site Scripting
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `rails--CVE-2014-0081`
 - 系统: `rails`
 - 严重度: `unknown`
 - 来源置信度: `official`
 - 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2014-0081
 - 影响版本: `3.0.0, 3.0.1, 3.0.10, 3.0.10.rc1, 3.0.11, 3.0.12, 3.0.12.rc1, 3.0.13, 3.0.13.rc1, 3.0.14`
 - 修复版本: `3.2.17, 4.0.3`
 ## 其他来源
 - https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb
 - https://github.com/rails/rails
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml
 - https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782
 - https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647
 - https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ
 - http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
 - http://openwall.com/lists/oss-security/2014/02/18/8
 - http://rhn.redhat.com/errata/RHSA-2014-0215.html
 - http://rhn.redhat.com/errata/RHSA-2014-0306.html
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
--- a/07-framework-security/frameworks/rails/cases/rails-cve-2024-26143.md
+++ b/07-framework-security/frameworks/rails/cases/rails-cve-2024-26143.md
@@ -0,0 +1,121 @@
 ---
 title: "Rails has possible XSS Vulnerability in Action Controller"
 system_id: "rails"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2024-02-27T21:41:12Z"
 updated_date: "2024-12-20T10:42:26.578616Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-rails-2024-26143"
  - "CVE-2024-26143"
  - "GHSA-9822-6m93-xqf4"
 affected_versions:
  - "7.0.0"
  - "7.0.1"
  - "7.0.2"
  - "7.0.2.1"
  - "7.0.2.2"
  - "7.0.2.3"
  - "7.0.2.4"
  - "7.0.3"
  - "7.0.3.1"
  - "7.0.4"
  - "7.0.4.1"
  - "7.0.4.2"
  - "7.0.4.3"
  - "7.0.5"
  - "7.0.5.1"
  - "7.0.6"
  - "7.0.7"
  - "7.0.7.1"
  - "7.0.7.2"
  - "7.0.8"
 fixed_versions:
  - "7.0.8.1"
  - "7.1.3.1"
 secure_code_topics:
  - "xss-output-encoding"
  - "file-upload-validation"
  - "authz-server-side-recheck"
 primary_source: "https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4"
 ---
 # Rails has possible XSS Vulnerability in Action Controller
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `rails--CVE-2024-26143`
 - 系统: `rails`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
 - 影响版本: `7.0.0, 7.0.1, 7.0.2, 7.0.2.1, 7.0.2.2, 7.0.2.3, 7.0.2.4, 7.0.3, 7.0.3.1, 7.0.4`
 - 修复版本: `7.0.8.1, 7.1.3.1`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2024-26143
 - https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
 - https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
 - https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
 - https://github.com/rails/rails
 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
 - https://security.netapp.com/advisory/ntap-20240510-0004
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
 - [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
 - [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
 - [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
 - [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
 - [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
 - [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
 - [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
--- a/07-framework-security/frameworks/react/INDEX.md
+++ b/07-framework-security/frameworks/react/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `21`
- 最近渲染时间: `2026-03-18T18:34:21+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -52,7 +52,8 @@
 | Pull requests 
           371 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Denial of Service Vulnerabilities in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Star
            244k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Models | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/frameworks/spring-boot/INDEX.md
+++ b/07-framework-security/frameworks/spring-boot/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `spring-boot`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `2`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `1`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `1`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -32,4 +32,5 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-13T21:59:19.426456Z` | [link](/Users/x/websafe/07-framework-security/frameworks/spring-boot/cases/spring-boot-cve-2022-27772.md) |
 | Spring Boot | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/frameworks/spring-boot/cases/spring-boot-cve-2022-27772.md
+++ b/07-framework-security/frameworks/spring-boot/cases/spring-boot-cve-2022-27772.md
@@ -0,0 +1,106 @@
 ---
 title: "Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot"
 system_id: "spring-boot"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2022-07-11T20:59:02Z"
 updated_date: "2026-03-13T21:59:19.426456Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "ecosystem-authority"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2022-27772"
  - "GHSA-cm59-pr5q-cw85"
 affected_versions:
  - "1.0.0.RELEASE"
  - "1.0.1.RELEASE"
  - "1.0.2.RELEASE"
  - "1.1.0.RELEASE"
  - "1.1.1.RELEASE"
  - "1.1.10.RELEASE"
  - "1.1.11.RELEASE"
  - "1.1.12.RELEASE"
  - "1.1.2.RELEASE"
  - "1.1.3.RELEASE"
  - "1.1.4.RELEASE"
  - "1.1.5.RELEASE"
  - "1.1.6.RELEASE"
  - "1.1.7.RELEASE"
  - "1.1.8.RELEASE"
  - "1.1.9.RELEASE"
  - "1.2.0.RELEASE"
  - "1.2.1.RELEASE"
  - "1.2.2.RELEASE"
  - "1.2.3.RELEASE"
 fixed_versions:
  - "2.2.11.RELEASE"
 secure_code_topics:
  - "proxy-trust-boundary"
  - "authz-server-side-recheck"
 primary_source: "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85"
 ---
 # Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `spring-boot--CVE-2022-27772`
 - 系统: `spring-boot`
 - 严重度: `low`
 - 来源置信度: `ecosystem-authority`
 - 官方主源: https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
 - 影响版本: `1.0.0.RELEASE, 1.0.1.RELEASE, 1.0.2.RELEASE, 1.1.0.RELEASE, 1.1.1.RELEASE, 1.1.10.RELEASE, 1.1.11.RELEASE, 1.1.12.RELEASE, 1.1.2.RELEASE, 1.1.3.RELEASE`
 - 修复版本: `2.2.11.RELEASE`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2022-27772
 - https://github.com/spring-projects/spring-boot/commit/667ccdae84822072f9ea1a27ed5c77964c71002d
 - https://github.com/spring-projects/spring-boot
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
--- a/07-framework-security/frameworks/spring-framework/INDEX.md
+++ b/07-framework-security/frameworks/spring-framework/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `spring-framework`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `11`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `11`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -32,4 +32,14 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| CVE-2025-41254: Spring Framework STOMP CSRF Vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CVE-2025-41249: Spring Framework Annotation Detection Vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CVE-2026-22718: Command injection on user machine using VSCode extension for Spring CLI | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CVE-2025-41253: Using Spring Expression Language To Expose Environment Variables and System Properties | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CVE-2025-41243: Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Spring Framework | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/frameworks/spring-security/INDEX.md
+++ b/07-framework-security/frameworks/spring-security/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `spring-security`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `3`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -32,4 +32,6 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Spring Security Advisories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
 | Spring Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
--- a/07-framework-security/frameworks/sveltekit/INDEX.md
+++ b/07-framework-security/frameworks/sveltekit/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `sveltekit`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `3`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `3`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `3`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,6 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| SvelteKit  has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only) | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-28T06:27:26.115188Z` | [link](/Users/x/websafe/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-fpg4-jhqr-589c.md) |
 | CPU exhaustion in SvelteKit remote form deserialization (experimental only) | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:23:11.893790Z` | [link](/Users/x/websafe/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-88qp-p4qg-rqm6.md) |
 |  Memory exhaustion in SvelteKit remote form deserialization (experimental only) | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-22T23:25:49.392878Z` | [link](/Users/x/websafe/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-vrhm-gvg7-fpcf.md) |
--- a/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-88qp-p4qg-rqm6.md
+++ b/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-88qp-p4qg-rqm6.md
@@ -0,0 +1,95 @@
 ---
 title: "CPU exhaustion in SvelteKit remote form deserialization (experimental only)"
 system_id: "sveltekit"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-02-19T20:30:25Z"
 updated_date: "2026-02-22T23:23:11.893790Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "GHSA-88qp-p4qg-rqm6"
 affected_versions:
  - "introduced=2.49.0, fixed<2.52.2"
 fixed_versions:
  - "2.52.2"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "token-cookie-storage"
  - "deserialization-safety"
 primary_source: "https://github.com/sveltejs/kit/security/advisories/GHSA-88qp-p4qg-rqm6"
 ---
 # CPU exhaustion in SvelteKit remote form deserialization (experimental only)
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `sveltekit--GHSA-88qp-p4qg-rqm6`
 - 系统: `sveltekit`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/sveltejs/kit/security/advisories/GHSA-88qp-p4qg-rqm6
 - 影响版本: `introduced=2.49.0, fixed<2.52.2`
 - 修复版本: `2.52.2`
 ## 其他来源
 - https://github.com/sveltejs/kit/commit/3e607b314aec9e5f278d32847945b8b6323e1cb8
 - https://github.com/sveltejs/kit
 - https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.52.2
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
 - [javascript-typescript:deserialization-safety](/Users/x/websafe/05-defense/secure-code/javascript-typescript/deserialization-safety.md)
 - [nodejs:deserialization-safety](/Users/x/websafe/05-defense/secure-code/nodejs/deserialization-safety.md)
 - [java:deserialization-safety](/Users/x/websafe/05-defense/secure-code/java/deserialization-safety.md)
 - [php:deserialization-safety](/Users/x/websafe/05-defense/secure-code/php/deserialization-safety.md)
 - [python:deserialization-safety](/Users/x/websafe/05-defense/secure-code/python/deserialization-safety.md)
 - [ruby:deserialization-safety](/Users/x/websafe/05-defense/secure-code/ruby/deserialization-safety.md)
 - [csharp:deserialization-safety](/Users/x/websafe/05-defense/secure-code/csharp/deserialization-safety.md)
 - [go:deserialization-safety](/Users/x/websafe/05-defense/secure-code/go/deserialization-safety.md)
--- a/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-fpg4-jhqr-589c.md
+++ b/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-fpg4-jhqr-589c.md
@@ -0,0 +1,95 @@
 ---
 title: "SvelteKit  has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)"
 system_id: "sveltekit"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-02-28T02:04:39Z"
 updated_date: "2026-02-28T06:27:26.115188Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "GHSA-fpg4-jhqr-589c"
 affected_versions:
  - "introduced=2.49.0, fixed<2.53.3"
 fixed_versions:
  - "2.53.3"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "token-cookie-storage"
  - "deserialization-safety"
 primary_source: "https://github.com/sveltejs/kit/security/advisories/GHSA-fpg4-jhqr-589c"
 ---
 # SvelteKit  has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `sveltekit--GHSA-fpg4-jhqr-589c`
 - 系统: `sveltekit`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/sveltejs/kit/security/advisories/GHSA-fpg4-jhqr-589c
 - 影响版本: `introduced=2.49.0, fixed<2.53.3`
 - 修复版本: `2.53.3`
 ## 其他来源
 - https://github.com/sveltejs/kit/commit/faba869db3644077169bf5d7c6e41fd5f3d6c65e
 - https://github.com/sveltejs/kit
 - https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.53.3
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
 - [javascript-typescript:deserialization-safety](/Users/x/websafe/05-defense/secure-code/javascript-typescript/deserialization-safety.md)
 - [nodejs:deserialization-safety](/Users/x/websafe/05-defense/secure-code/nodejs/deserialization-safety.md)
 - [java:deserialization-safety](/Users/x/websafe/05-defense/secure-code/java/deserialization-safety.md)
 - [php:deserialization-safety](/Users/x/websafe/05-defense/secure-code/php/deserialization-safety.md)
 - [python:deserialization-safety](/Users/x/websafe/05-defense/secure-code/python/deserialization-safety.md)
 - [ruby:deserialization-safety](/Users/x/websafe/05-defense/secure-code/ruby/deserialization-safety.md)
 - [csharp:deserialization-safety](/Users/x/websafe/05-defense/secure-code/csharp/deserialization-safety.md)
 - [go:deserialization-safety](/Users/x/websafe/05-defense/secure-code/go/deserialization-safety.md)
--- a/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-vrhm-gvg7-fpcf.md
+++ b/07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-vrhm-gvg7-fpcf.md
@@ -0,0 +1,95 @@
 ---
 title: " Memory exhaustion in SvelteKit remote form deserialization (experimental only)"
 system_id: "sveltekit"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-02-19T20:29:42Z"
 updated_date: "2026-02-22T23:25:49.392878Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "GHSA-vrhm-gvg7-fpcf"
 affected_versions:
  - "introduced=2.49.0, fixed<2.52.2"
 fixed_versions:
  - "2.52.2"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "token-cookie-storage"
  - "deserialization-safety"
 primary_source: "https://github.com/sveltejs/kit/security/advisories/GHSA-vrhm-gvg7-fpcf"
 ---
 #  Memory exhaustion in SvelteKit remote form deserialization (experimental only)
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `sveltekit--GHSA-vrhm-gvg7-fpcf`
 - 系统: `sveltekit`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/sveltejs/kit/security/advisories/GHSA-vrhm-gvg7-fpcf
 - 影响版本: `introduced=2.49.0, fixed<2.52.2`
 - 修复版本: `2.52.2`
 ## 其他来源
 - https://github.com/sveltejs/kit/commit/f47c01bd8100328c24fdb8522fe35913b0735f35
 - https://github.com/sveltejs/kit
 - https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.52.2
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
 - [javascript-typescript:deserialization-safety](/Users/x/websafe/05-defense/secure-code/javascript-typescript/deserialization-safety.md)
 - [nodejs:deserialization-safety](/Users/x/websafe/05-defense/secure-code/nodejs/deserialization-safety.md)
 - [java:deserialization-safety](/Users/x/websafe/05-defense/secure-code/java/deserialization-safety.md)
 - [php:deserialization-safety](/Users/x/websafe/05-defense/secure-code/php/deserialization-safety.md)
 - [python:deserialization-safety](/Users/x/websafe/05-defense/secure-code/python/deserialization-safety.md)
 - [ruby:deserialization-safety](/Users/x/websafe/05-defense/secure-code/ruby/deserialization-safety.md)
 - [csharp:deserialization-safety](/Users/x/websafe/05-defense/secure-code/csharp/deserialization-safety.md)
 - [go:deserialization-safety](/Users/x/websafe/05-defense/secure-code/go/deserialization-safety.md)
--- a/07-framework-security/frameworks/symfony/INDEX.md
+++ b/07-framework-security/frameworks/symfony/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `symfony`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `9`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `9`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `9`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -31,4 +31,12 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| CSV Injection in symfony/serializer | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T21:59:52.395727Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41270.md) |
 | Cookie persistence after password changes in symfony/security-bundle | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:23.582059Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41268.md) |
 | Webcache Poisoning in symfony/http-kernel | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:11.423907Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41267.md) |
 | Authentication granted to all firewalls instead of just one | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:01:16.333089Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-32693.md) |
 | Prevent user enumeration using Guard or the new Authenticator-based Security | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:16:14.858636Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-21424.md) |
 | RCE in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:38.594283Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-15094.md) |
 | Firewall configured with unanimous strategy was not actually unanimous in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:16:03.504887Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5275.md) |
 | Exceptions displayed in non-debug configurations in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:59.230149Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5274.md) |
 | Prevent cache poisoning via a Response Content-Type header in Symfony | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:01:08.748385Z` | [link](/Users/x/websafe/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5255.md) |
--- a/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-15094.md
+++ b/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-15094.md
@@ -0,0 +1,124 @@
 ---
 title: "RCE in Symfony"
 system_id: "symfony"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2020-09-02T17:29:56Z"
 updated_date: "2026-03-13T22:14:38.594283Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-symfony-2020-15094"
  - "CVE-2020-15094"
  - "GHSA-754h-5r27-7x3r"
 affected_versions:
  - "v4.3.0"
  - "v4.3.1"
  - "v4.3.10"
  - "v4.3.11"
  - "v4.3.2"
  - "v4.3.3"
  - "v4.3.4"
  - "v4.3.5"
  - "v4.3.6"
  - "v4.3.7"
  - "v4.3.8"
  - "v4.3.9"
  - "v4.4.0"
  - "v4.4.0-BETA1"
  - "v4.4.0-BETA2"
  - "v4.4.0-RC1"
  - "v4.4.1"
  - "v4.4.10"
  - "v4.4.11"
  - "v4.4.12"
 fixed_versions:
  - "4.4.13"
  - "5.1.5"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "path-traversal-guard"
 primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
 ---
 # RCE in Symfony
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `symfony--CVE-2020-15094`
 - 系统: `symfony`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r
 - 影响版本: `v4.3.0, v4.3.1, v4.3.10, v4.3.11, v4.3.2, v4.3.3, v4.3.4, v4.3.5, v4.3.6, v4.3.7`
 - 修复版本: `4.4.13, 5.1.5`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2020-15094
 - https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2020-15094.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-15094.yaml
 - https://github.com/symfony/symfony
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC
 - https://packagist.org/packages/symfony/http-kernel
 - https://packagist.org/packages/symfony/symfony
 - https://symfony.com/cve-2020-15094
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
--- a/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5255.md
+++ b/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5255.md
@@ -0,0 +1,117 @@
 ---
 title: "Prevent cache poisoning via a Response Content-Type header in Symfony"
 system_id: "symfony"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2020-03-30T20:09:16Z"
 updated_date: "2026-03-13T22:01:08.748385Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-symfony-2020-5255"
  - "CVE-2020-5255"
  - "GHSA-mcx4-f5f5-4859"
 affected_versions:
  - "v4.4.0"
  - "v4.4.1"
  - "v4.4.2"
  - "v4.4.3"
  - "v4.4.4"
  - "v4.4.5"
  - "v4.4.6"
  - "v5.0.0"
  - "v5.0.1"
  - "v5.0.2"
  - "v5.0.3"
  - "v5.0.4"
  - "v5.0.5"
  - "v5.0.6"
  - "introduced=4.4.0, fixed<4.4.7"
  - "introduced=5.0.0, fixed<5.0.7"
 fixed_versions:
  - "4.4.7"
  - "5.0.7"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "path-traversal-guard"
 primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859"
 ---
 # Prevent cache poisoning via a Response Content-Type header in Symfony
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `symfony--CVE-2020-5255`
 - 系统: `symfony`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859
 - 影响版本: `v4.4.0, v4.4.1, v4.4.2, v4.4.3, v4.4.4, v4.4.5, v4.4.6, v5.0.0, v5.0.1, v5.0.2`
 - 修复版本: `4.4.7, 5.0.7`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2020-5255
 - https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2020-5255.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5255.yaml
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ
 - https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header
 - https://symfony.com/cve-2020-5255
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
--- a/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5274.md
+++ b/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5274.md
@@ -0,0 +1,110 @@
 ---
 title: "Exceptions displayed in non-debug configurations in Symfony"
 system_id: "symfony"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2020-03-30T20:09:31Z"
 updated_date: "2026-03-13T22:15:59.230149Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-symfony-2020-5274"
  - "CVE-2020-5274"
  - "GHSA-m884-279h-32v2"
 affected_versions:
  - "v4.4.0"
  - "v4.4.1"
  - "v4.4.2"
  - "v4.4.3"
  - "v5.0.0"
  - "v5.0.1"
  - "v5.0.2"
  - "v5.0.3"
  - "introduced=4.4.0, fixed<4.4.4"
  - "introduced=5.0.0, fixed<5.0.4"
 fixed_versions:
  - "4.4.4"
  - "5.0.4"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "path-traversal-guard"
 primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2"
 ---
 # Exceptions displayed in non-debug configurations in Symfony
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `symfony--CVE-2020-5274`
 - 系统: `symfony`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2
 - 影响版本: `v4.4.0, v4.4.1, v4.4.2, v4.4.3, v5.0.0, v5.0.1, v5.0.2, v5.0.3, introduced=4.4.0, fixed<4.4.4, introduced=5.0.0, fixed<5.0.4`
 - 修复版本: `4.4.4, 5.0.4`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2020-5274
 - https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db
 - https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/error-handler/CVE-2020-5274.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5274.yaml
 - https://symfony.com/cve-2020-5274
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
--- a/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5275.md
+++ b/07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5275.md
@@ -0,0 +1,117 @@
 ---
 title: "Firewall configured with unanimous strategy was not actually unanimous in Symfony"
 system_id: "symfony"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2020-03-30T20:09:44Z"
 updated_date: "2026-03-13T22:16:03.504887Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-symfony-2020-5275"
  - "CVE-2020-5275"
  - "GHSA-g4m9-5hpf-hx72"
 affected_versions:
  - "v4.4.0"
  - "v4.4.1"
  - "v4.4.2"
  - "v4.4.3"
  - "v4.4.4"
  - "v4.4.5"
  - "v4.4.6"
  - "v5.0.0"
  - "v5.0.1"
  - "v5.0.2"
  - "v5.0.3"
  - "v5.0.4"
  - "v5.0.5"
  - "v5.0.6"
  - "introduced=4.4.0, fixed<4.4.7"
  - "introduced=5.0.0, fixed<5.0.7"
 fixed_versions:
  - "4.4.7"
  - "5.0.7"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "path-traversal-guard"
 primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72"
 ---
 # Firewall configured with unanimous strategy was not actually unanimous in Symfony
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `symfony--CVE-2020-5275`
 - 系统: `symfony`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72
 - 影响版本: `v4.4.0, v4.4.1, v4.4.2, v4.4.3, v4.4.4, v4.4.5, v4.4.6, v5.0.0, v5.0.1, v5.0.2`
 - 修复版本: `4.4.7, 5.0.7`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2020-5275
 - https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2020-5275.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2020-5275.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5275.yaml
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ
 - https://symfony.com/cve-2020-5275
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
--- a/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-21424.md
+++ b/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-21424.md
@@ -0,0 +1,141 @@
 ---
 title: "Prevent user enumeration using Guard or the new Authenticator-based Security"
 system_id: "symfony"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2021-05-13T20:23:02Z"
 updated_date: "2026-03-13T22:16:14.858636Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-symfony-2021-21424"
  - "CVE-2021-21424"
  - "GHSA-5pv8-ppvj-4h68"
 affected_versions:
  - "v2.8.0"
  - "v2.8.1"
  - "v2.8.10"
  - "v2.8.11"
  - "v2.8.12"
  - "v2.8.13"
  - "v2.8.14"
  - "v2.8.15"
  - "v2.8.16"
  - "v2.8.17"
  - "v2.8.18"
  - "v2.8.19"
  - "v2.8.2"
  - "v2.8.20"
  - "v2.8.21"
  - "v2.8.22"
  - "v2.8.23"
  - "v2.8.24"
  - "v2.8.25"
  - "v2.8.26"
 fixed_versions:
  - "5.2.8"
  - "3.4.48"
  - "4.4.23"
  - "2.10.7"
  - "2.11.3"
  - "1.29.2"
  - "1.31.1"
  - "3.4.49"
  - "4.4.24"
  - "5.2.9"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "path-traversal-guard"
 primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68"
 ---
 # Prevent user enumeration using Guard or the new Authenticator-based Security
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `symfony--CVE-2021-21424`
 - 系统: `symfony`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
 - 影响版本: `v2.8.0, v2.8.1, v2.8.10, v2.8.11, v2.8.12, v2.8.13, v2.8.14, v2.8.15, v2.8.16, v2.8.17`
 - 修复版本: `5.2.8, 3.4.48, 4.4.23, 2.10.7, 2.11.3, 1.29.2, 1.31.1, 3.4.49, 4.4.24, 5.2.9`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2021-21424
 - https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
 - https://symfony.com/cve-2021-21424
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
 - https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
 - https://github.com/symfony/symfony
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
--- a/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-32693.md
+++ b/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-32693.md
@@ -0,0 +1,113 @@
 ---
 title: "Authentication granted to all firewalls instead of just one"
 system_id: "symfony"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2021-06-21T17:03:44Z"
 updated_date: "2026-03-13T22:01:16.333089Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-symfony-2021-32693"
  - "CVE-2021-32693"
  - "GHSA-rfcf-m67m-jcrq"
 affected_versions:
  - "v5.3.0"
  - "v5.3.1"
  - "introduced=5.3.0, fixed<5.3.2"
 fixed_versions:
  - "5.3.2"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "path-traversal-guard"
  - "token-cookie-storage"
 primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq"
 ---
 # Authentication granted to all firewalls instead of just one
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `symfony--CVE-2021-32693`
 - 系统: `symfony`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
 - 影响版本: `v5.3.0, v5.3.1, introduced=5.3.0, fixed<5.3.2`
 - 修复版本: `5.3.2`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2021-32693
 - https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129
 - https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-32693.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-32693.yaml
 - https://github.com/symfony/security-http
 - https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one
 - https://symfony.com/cve-2021-32693
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41267.md
+++ b/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41267.md
@@ -0,0 +1,129 @@
 ---
 title: "Webcache Poisoning in symfony/http-kernel"
 system_id: "symfony"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2021-11-24T20:04:25Z"
 updated_date: "2026-03-13T22:00:11.423907Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-symfony-2021-41267"
  - "CVE-2021-41267"
  - "GHSA-q3j3-w37x-hq2q"
 affected_versions:
  - "v5.2.0"
  - "v5.2.1"
  - "v5.2.10"
  - "v5.2.11"
  - "v5.2.12"
  - "v5.2.13"
  - "v5.2.14"
  - "v5.2.2"
  - "v5.2.3"
  - "v5.2.4"
  - "v5.2.5"
  - "v5.2.6"
  - "v5.2.7"
  - "v5.2.8"
  - "v5.2.9"
  - "v5.3.0"
  - "v5.3.0-BETA1"
  - "v5.3.0-BETA2"
  - "v5.3.0-BETA3"
  - "v5.3.0-BETA4"
 fixed_versions:
  - "5.3.12"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "path-traversal-guard"
  - "proxy-trust-boundary"
 primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q"
 ---
 # Webcache Poisoning in symfony/http-kernel
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `symfony--CVE-2021-41267`
 - 系统: `symfony`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
 - 影响版本: `v5.2.0, v5.2.1, v5.2.10, v5.2.11, v5.2.12, v5.2.13, v5.2.14, v5.2.2, v5.2.3, v5.2.4`
 - 修复版本: `5.3.12`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2021-41267
 - https://github.com/symfony/symfony/pull/44243
 - https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml
 - https://github.com/symfony/symfony/releases/tag/v5.3.12
 - https://symfony.com/cve-2021-41267
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41268.md
+++ b/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41268.md
@@ -0,0 +1,123 @@
 ---
 title: "Cookie persistence after password changes in symfony/security-bundle"
 system_id: "symfony"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2021-11-24T20:05:22Z"
 updated_date: "2026-03-13T22:14:23.582059Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-symfony-2021-41268"
  - "CVE-2021-41268"
  - "GHSA-qw36-p97w-vcqr"
 affected_versions:
  - "v5.3.0"
  - "v5.3.11"
  - "v5.3.2"
  - "v5.3.3"
  - "v5.3.4"
  - "v5.3.7"
  - "v5.3.8"
  - "v5.3.1"
  - "v5.3.10"
  - "v5.3.5"
  - "v5.3.6"
  - "v5.3.9"
  - "introduced=5.3.0, fixed<5.3.12"
 fixed_versions:
  - "5.3.12"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "path-traversal-guard"
  - "token-cookie-storage"
 primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr"
 ---
 # Cookie persistence after password changes in symfony/security-bundle
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `symfony--CVE-2021-41268`
 - 系统: `symfony`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
 - 影响版本: `v5.3.0, v5.3.11, v5.3.2, v5.3.3, v5.3.4, v5.3.7, v5.3.8, v5.3.1, v5.3.10, v5.3.5`
 - 修复版本: `5.3.12`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2021-41268
 - https://github.com/symfony/symfony/pull/44243
 - https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml
 - https://github.com/symfony/symfony
 - https://github.com/symfony/symfony/releases/tag/v5.3.12
 - https://symfony.com/cve-2021-41268
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
 - [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
 - [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
 - [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
 - [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
 - [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
 - [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
 - [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
 - [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41270.md
+++ b/07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41270.md
@@ -0,0 +1,126 @@
 ---
 title: "CSV Injection in symfony/serializer"
 system_id: "symfony"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2021-11-24T21:01:23Z"
 updated_date: "2026-03-13T21:59:52.395727Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "BIT-symfony-2021-41270"
  - "CVE-2021-41270"
  - "GHSA-2xhg-w2g5-w95x"
 affected_versions:
  - "v5.0.0"
  - "v5.0.1"
  - "v5.0.10"
  - "v5.0.11"
  - "v5.0.2"
  - "v5.0.3"
  - "v5.0.4"
  - "v5.0.5"
  - "v5.0.6"
  - "v5.0.7"
  - "v5.0.8"
  - "v5.0.9"
  - "v5.1.0"
  - "v5.1.0-BETA1"
  - "v5.1.0-RC1"
  - "v5.1.0-RC2"
  - "v5.1.1"
  - "v5.1.10"
  - "v5.1.11"
  - "v5.1.2"
 fixed_versions:
  - "5.3.12"
  - "4.4.35"
 secure_code_topics:
  - "xss-output-encoding"
  - "authz-server-side-recheck"
  - "path-traversal-guard"
 primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x"
 ---
 # CSV Injection in symfony/serializer
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `symfony--CVE-2021-41270`
 - 系统: `symfony`
 - 严重度: `low`
 - 来源置信度: `official`
 - 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x
 - 影响版本: `v5.0.0, v5.0.1, v5.0.10, v5.0.11, v5.0.2, v5.0.3, v5.0.4, v5.0.5, v5.0.6, v5.0.7`
 - 修复版本: `5.3.12, 4.4.35`
 ## 其他来源
 - https://nvd.nist.gov/vuln/detail/CVE-2021-41270
 - https://github.com/symfony/symfony/pull/44243
 - https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml
 - https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml
 - https://github.com/symfony/symfony
 - https://github.com/symfony/symfony/releases/tag/v5.3.12
 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP
 - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP
 - https://symfony.com/cve-2021-41270
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
 - [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
 - [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
 - [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
 - [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
 - [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
 - [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
 - [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
 - [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
 - [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
 - [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
 - [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
 - [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
 - [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
 - [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
 - [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
 - [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
 - [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
 - [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
 - [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
 - [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
 - [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
 - [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
 - [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
--- a/07-framework-security/frameworks/undici/INDEX.md
+++ b/07-framework-security/frameworks/undici/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `undici`
 - 分类: `frameworks`
 - 覆盖策略: `rolling-24m`
- 总案例数: `0`
+- 总案例数: `16`
- 近 30 天新增/更新: `0`
+- 近 30 天新增/更新: `7`
- 重点 Markdown 案例数: `0`
+- 重点 Markdown 案例数: `15`
- 已实证(真实版本): `0`
+- 已实证(真实版本): `7`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
+- 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
+- 最近渲染时间: `2026-03-18T21:16:45+00:00`
 ## 目标约束
@@ -26,9 +26,25 @@
 - `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=npm; mode=core)
 - `official` [OSV Undici](https://osv.dev/) (mode=core)
 - `ecosystem-authority` [NVD Undici](https://nvd.nist.gov/vuln/search) (keyword=undici; mode=core)
 ## 案例列表
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `high` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
 | Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `high` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
 | Undici has CRLF Injection in undici via `upgrade` option | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
 | Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
 | Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `high` | `generated` | `verified-real` | `real` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
 | Undici has an HTTP Request/Response Smuggling issue | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
 | CVE-2026-21636 | `critical` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-01-30T20:20:56.843` | - |
 | Undici vulnerable to data leak when using response.arrayBuffer() | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-07-09T13:57:47.271493Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-38372.md) |
 | Undici proxy-authorization header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-02T13:15:07Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-24758.md) |
 | fetch(url) leads to a memory leak in undici | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-19T09:30:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-24750.md) |
 | CRLF Injection in Nodejs ‘undici’ via host | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-16T15:26:50.318903Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-23936.md) |
 | Regular Expression Denial of Service in Headers | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:11:48.635999Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-24807.md) |
 | Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:53.836338Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-35948.md) |
 | `undici.request` vulnerable to SSRF using absolute URL on `pathname` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:53.898548Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-35949.md) |
 | undici before v5.8.0 vulnerable to CRLF injection in request headers | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:27.728154Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31150.md) |
 | ProxyAgent vulnerable to MITM | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-31150.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-31150.md
@@ -0,0 +1,100 @@
 ---
 title: "undici before v5.8.0 vulnerable to CRLF injection in request headers"
 system_id: "undici"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2022-07-21T20:30:10Z"
 updated_date: "2023-11-08T04:09:27.728154Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
 verification_status: "triage-manual"
 verification_mode: "synthetic"
 artifact_mode: "synthetic"
 last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
  - "authorized-third-party"
 allow_public_validation: "yes, with ownership or explicit authorization"
 authorization_prerequisite: "asset ownership proof or explicit written authorization"
 minimal_validation: "read-only probe, controlled payload, reversible test"
 aliases:
  - "CVE-2022-31150"
  - "GHSA-3cvr-822r-rqcc"
 affected_versions:
  - "introduced=0, fixed<5.8.0"
 fixed_versions:
  - "5.8.0"
 secure_code_topics:
  - "ssrf-url-validation"
  - "proxy-trust-boundary"
  - "dependency-upgrade-policy"
 primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc"
 ---
 # undici before v5.8.0 vulnerable to CRLF injection in request headers
 ## 本地实证状态
 - 实证状态: `triage-manual`
 - 实证方式: `synthetic`
 - Artifact 模式: `synthetic`
 - 最近运行: `-`
 - 浏览器证据: `missing`
 - Run Bundle: `-`
 ## 事件层
 - Canonical ID: `undici--CVE-2022-31150`
 - 系统: `undici`
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc
 - 影响版本: `introduced=0, fixed<5.8.0`
 - 修复版本: `5.8.0`
 ## 其他来源
 - https://github.com/nodejs/undici/releases/tag/v5.8.0
 - https://nvd.nist.gov/vuln/detail/CVE-2022-31150
 - https://github.com/nodejs/undici/commit/a29a151d0140d095742d21a004023d024fe93259
 - https://hackerone.com/reports/409943
 - https://github.com/nodejs/undici
 - https://security.netapp.com/advisory/ntap-20220915-0002
 - https://security.netapp.com/advisory/ntap-20220915-0002/
 ## 实验层
 - 仅用于自有资产、测试环境或已明确授权目标。
 - 允许公网可达目标，但必须满足资产归属或明确授权前提。
 - 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
 - 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
 - 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
 ## 修复示例
 - [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
 - [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
 - [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
 - [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
 - [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
 - [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
 - [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
 - [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
 - [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
 - [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
 - [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
 - [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
 - [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
 - [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
 - [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
 - [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
 - [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
 - [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
 - [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
 - [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
 - [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
 - [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
 - [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
 - [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
--- a/显示更多
+++ b/显示更多