更新: 558 个文件 - 2026-03-17 21:15:02
这个提交包含在:
hao
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:09+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:09+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:09+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:09+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:09+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:09+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:09+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:57+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:08+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:09+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:57+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:08+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:55+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:05+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:09+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -8,11 +8,11 @@
|
||||
- 总案例数: `14`
|
||||
- 近 30 天新增/更新: `7`
|
||||
- 重点 Markdown 案例数: `14`
|
||||
- 已实证(真实版本): `1`
|
||||
- 已实证(真实版本): `14`
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `13`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -31,17 +31,17 @@
|
||||
|
||||
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|
||||
|------|--------|----------|----------|----------|------------|----------|--------|
|
||||
| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
|
||||
| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
|
||||
| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
|
||||
| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
|
||||
| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
|
||||
| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
|
||||
| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
|
||||
| undici Denial of Service attack via bad certificate data | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
|
||||
| Use of Insufficiently Random Values in undici | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
|
||||
| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
|
||||
| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
|
||||
| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
|
||||
| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
|
||||
| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
|
||||
| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
|
||||
| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
|
||||
| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
|
||||
| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
|
||||
| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
|
||||
| undici Denial of Service attack via bad certificate data | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
|
||||
| Use of Insufficiently Random Values in undici | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
|
||||
| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `verified-real` | `real` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
|
||||
| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `verified-real` | `real` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
|
||||
| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
|
||||
| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
|
||||
| ProxyAgent vulnerable to MITM | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
|
||||
| ProxyAgent vulnerable to MITM | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
|
||||
|
||||
@@ -11,7 +11,7 @@ source_confidence: "official"
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2022-31151-20260318024301"
|
||||
last_run_id: "undici-undici--CVE-2022-31151-20260318040233"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -41,9 +41,9 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2022-31151-20260318024301`
|
||||
- 最近运行: `undici-undici--CVE-2022-31151-20260318040233`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318024301`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-03-13T22:15:23.541247Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2022-32210-20260318040238"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -36,12 +36,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2022-32210-20260318040238`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T02:35:56.289390Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2023-45143-20260318040242"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -37,12 +37,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2023-45143-20260318040242`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2025-11-04T19:44:28Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2024-30260-20260318040247"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -38,12 +38,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2024-30260-20260318040247`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2025-11-04T19:44:42Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2024-30261-20260318040251"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -38,12 +38,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2024-30261-20260318040251`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T02:29:26.373390Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2025-22150-20260318040256"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -40,12 +40,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2025-22150-20260318040256`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-06T22:08:08.311705Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2025-47279-20260318040300"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -40,12 +40,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2025-47279-20260318040300`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-03-14T09:19:54.772219Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2026-1525-20260318040304"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -39,12 +39,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2026-1525-20260318040304`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-03-13T20:54:25.563997Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2026-1526-20260318040309"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -39,12 +39,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2026-1526-20260318040309`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-03-13T20:54:25.572106Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2026-1527-20260318040314"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -38,12 +38,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2026-1527-20260318040314`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-03-14T09:17:45.838435Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2026-1528-20260318040318"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -38,12 +38,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2026-1528-20260318040318`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T02:56:17.456091Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2026-22036-20260318040323"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -38,12 +38,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2026-22036-20260318040323`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-03-13T20:54:26.149214Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2026-2229-20260318040328"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -39,12 +39,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2026-2229-20260318040328`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-03-13T20:54:25.417862Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "undici-undici--CVE-2026-2581-20260318040332"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -36,12 +36,12 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `undici-undici--CVE-2026-2581-20260318040332`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,11 +8,11 @@
|
||||
- 总案例数: `12`
|
||||
- 近 30 天新增/更新: `0`
|
||||
- 重点 Markdown 案例数: `12`
|
||||
- 已实证(真实版本): `3`
|
||||
- 已实证(真实版本): `12`
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `9`
|
||||
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T04:06:09+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -32,15 +32,15 @@
|
||||
|
||||
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|
||||
|------|--------|----------|----------|----------|------------|----------|--------|
|
||||
| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
|
||||
| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
|
||||
| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
|
||||
| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
|
||||
| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
|
||||
| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
|
||||
| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
|
||||
| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
|
||||
| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
|
||||
| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
|
||||
| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
|
||||
| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
|
||||
| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
|
||||
| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
|
||||
| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
|
||||
| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
|
||||
| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
|
||||
| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
|
||||
| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
|
||||
| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
|
||||
| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
|
||||
|
||||
@@ -11,7 +11,7 @@ source_confidence: "official"
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2024-23331-20260318024306"
|
||||
last_run_id: "vite-vite--CVE-2024-23331-20260318040445"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -46,9 +46,9 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8r
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2024-23331-20260318024306`
|
||||
- 最近运行: `vite-vite--CVE-2024-23331-20260318040445`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:05:31.919291Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2024-45811-20260318040452"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -47,12 +47,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-28
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2024-45811-20260318040452`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ source_confidence: "official"
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2024-45812-20260318025921"
|
||||
last_run_id: "vite-vite--CVE-2024-45812-20260318040458"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -52,9 +52,9 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g4
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2024-45812-20260318025921`
|
||||
- 最近运行: `vite-vite--CVE-2024-45812-20260318040458`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ source_confidence: "official"
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2025-24010-20260318024314"
|
||||
last_run_id: "vite-vite--CVE-2025-24010-20260318040505"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -47,9 +47,9 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rc
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2025-24010-20260318024314`
|
||||
- 最近运行: `vite-vite--CVE-2025-24010-20260318040505`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T03:13:24.371631Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2025-30208-20260318040511"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -45,12 +45,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m8
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2025-30208-20260318040511`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:37:24.129476Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2025-31125-20260318040518"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -45,12 +45,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2025-31125-20260318040518`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T03:51:38.412061Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2025-31486-20260318040525"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -46,12 +46,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2025-31486-20260318040525`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:11:44.900383Z"
|
||||
severity: "medium"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2025-32395-20260318040532"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -45,12 +45,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2025-32395-20260318040532`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T03:27:17.681639Z"
|
||||
severity: "medium"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2025-46565-20260318040538"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -45,12 +45,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-859w-59
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2025-46565-20260318040538`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:33:22.508417Z"
|
||||
severity: "medium"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2025-58751-20260318040545"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -43,12 +43,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2025-58751-20260318040545`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:35:16.287471Z"
|
||||
severity: "medium"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2025-58752-20260318040552"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -44,12 +44,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2025-58752-20260318040552`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:13:38.886554Z"
|
||||
severity: "medium"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
verification_status: "triage-manual"
|
||||
verification_mode: "synthetic"
|
||||
artifact_mode: "synthetic"
|
||||
last_run_id: ""
|
||||
verification_status: "verified-real"
|
||||
verification_mode: "real"
|
||||
artifact_mode: "local-fixture"
|
||||
last_run_id: "vite-vite--CVE-2025-62522-20260318040559"
|
||||
target_types:
|
||||
- "lab-local"
|
||||
- "lab-public"
|
||||
@@ -46,12 +46,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-66
|
||||
|
||||
## 本地实证状态
|
||||
|
||||
- 实证状态: `triage-manual`
|
||||
- 实证方式: `synthetic`
|
||||
- Artifact 模式: `synthetic`
|
||||
- 最近运行: `-`
|
||||
- 浏览器证据: `missing`
|
||||
- Run Bundle: `-`
|
||||
- 实证状态: `verified-real`
|
||||
- 实证方式: `real`
|
||||
- Artifact 模式: `local-fixture`
|
||||
- 最近运行: `vite-vite--CVE-2025-62522-20260318040559`
|
||||
- 浏览器证据: `present`
|
||||
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559`
|
||||
|
||||
## 事件层
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:57+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:08+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:59:03+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:13+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:59:03+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:13+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:59:03+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:13+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:59:03+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:13+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:59:03+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:13+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:59:03+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:13+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:59:03+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:13+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T03:58:59+00:00`
|
||||
- 最近渲染时间: `2026-03-18T04:06:10+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
在新工单中引用
屏蔽一个用户