更新: 2531 个文件 - 2026-03-17 21:00:03
这个提交包含在:
hao
@@ -8,11 +8,11 @@
|
||||
- 总案例数: `12`
|
||||
- 近 30 天新增/更新: `0`
|
||||
- 重点 Markdown 案例数: `12`
|
||||
- 已实证(真实版本): `0`
|
||||
- 已实证(真实版本): `3`
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `12`
|
||||
- 最近渲染时间: `2026-03-18T01:29:35+00:00`
|
||||
- 待人工/缺浏览器证据: `9`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -40,7 +40,7 @@
|
||||
| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
|
||||
| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
|
||||
| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
|
||||
| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
|
||||
| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
|
||||
| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
|
||||
| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
|
||||
| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
|
||||
| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
|
||||
| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:17:01.410592Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2024-23331-20260318024306"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -43,12 +43,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8r
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2024-23331-20260318024306`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:04:22.977459Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2024-45812-20260318025921"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -49,12 +49,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g4
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2024-45812-20260318025921`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:37:03.076966Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2025-24010-20260318024314"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -44,12 +44,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rc
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2025-24010-20260318024314`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
在新工单中引用
屏蔽一个用户