更新: 2531 个文件 - 2026-03-17 21:00:03
这个提交包含在:
hao
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "nextjs-nextjs--CVE-2024-51479-20260318024239",
|
||||
"system_id": "nextjs",
|
||||
"advisory_id": "nextjs--CVE-2024-51479",
|
||||
"repro_profile_id": "nextjs-authz-bypass",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318024239/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "nextjs.authz-bypass",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318024239/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318024239/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318024239/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318024239/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318024239/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T02:42:39+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "nextjs--CVE-2024-51479"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T02:42:39+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "nextjs-authz-bypass"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T02:42:40+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T02:42:43+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T02:42:43+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T02:42:43+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T02:42:43+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T02:42:43+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T02:42:43+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T02:42:44+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T02:42:44+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "nextjs-nextjs--CVE-2024-51479-20260318024239"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side authorization recheck was bypassed"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T02:42:39+00:00",
|
||||
"finished_at": "2026-03-18T02:42:44+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318024239",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318024239/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318024239/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318024239/timeline.mmd"
|
||||
}
|
||||
}
|
||||
在新工单中引用
屏蔽一个用户