更新: 558 个文件 - 2026-03-17 21:15:02

2026-03-17 21:15:03 -07:00
--- a/07-framework-security/frameworks/vite/INDEX.md
+++ b/07-framework-security/frameworks/vite/INDEX.md
@@ -8,11 +8,11 @@
 - 总案例数: `12`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `12`
- 已实证(真实版本): `3`
+- 已实证(真实版本): `12`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-18T03:58:58+00:00`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-18T04:06:09+00:00`

 ## 目标约束

@@ -32,15 +32,15 @@

 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
-| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
-| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
-| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
-| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
-| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
-| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
-| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
+| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
+| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
+| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
+| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
+| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
+| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
+| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
+| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
 | Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
 | Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
-| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
+| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
 | Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md
@@ -11,7 +11,7 @@ source_confidence: "official"
 verification_status: "verified-real"
 verification_mode: "real"
 artifact_mode: "local-fixture"
-last_run_id: "vite-vite--CVE-2024-23331-20260318024306"
+last_run_id: "vite-vite--CVE-2024-23331-20260318040445"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -46,9 +46,9 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8r
 - 实证状态: `verified-real`
 - 实证方式: `real`
 - Artifact 模式: `local-fixture`
- 最近运行: `vite-vite--CVE-2024-23331-20260318024306`
+- 最近运行: `vite-vite--CVE-2024-23331-20260318040445`
 - 浏览器证据: `present`
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:05:31.919291Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "vite-vite--CVE-2024-45811-20260318040452"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -47,12 +47,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-28

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `vite-vite--CVE-2024-45811-20260318040452`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md
@@ -11,7 +11,7 @@ source_confidence: "official"
 verification_status: "verified-real"
 verification_mode: "real"
 artifact_mode: "local-fixture"
-last_run_id: "vite-vite--CVE-2024-45812-20260318025921"
+last_run_id: "vite-vite--CVE-2024-45812-20260318040458"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -52,9 +52,9 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g4
 - 实证状态: `verified-real`
 - 实证方式: `real`
 - Artifact 模式: `local-fixture`
- 最近运行: `vite-vite--CVE-2024-45812-20260318025921`
+- 最近运行: `vite-vite--CVE-2024-45812-20260318040458`
 - 浏览器证据: `present`
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md
@@ -11,7 +11,7 @@ source_confidence: "official"
 verification_status: "verified-real"
 verification_mode: "real"
 artifact_mode: "local-fixture"
-last_run_id: "vite-vite--CVE-2025-24010-20260318024314"
+last_run_id: "vite-vite--CVE-2025-24010-20260318040505"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -47,9 +47,9 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rc
 - 实证状态: `verified-real`
 - 实证方式: `real`
 - Artifact 模式: `local-fixture`
- 最近运行: `vite-vite--CVE-2025-24010-20260318024314`
+- 最近运行: `vite-vite--CVE-2025-24010-20260318040505`
 - 浏览器证据: `present`
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T03:13:24.371631Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "vite-vite--CVE-2025-30208-20260318040511"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -45,12 +45,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m8

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `vite-vite--CVE-2025-30208-20260318040511`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:37:24.129476Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "vite-vite--CVE-2025-31125-20260318040518"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -45,12 +45,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `vite-vite--CVE-2025-31125-20260318040518`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T03:51:38.412061Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "vite-vite--CVE-2025-31486-20260318040525"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -46,12 +46,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `vite-vite--CVE-2025-31486-20260318040525`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:11:44.900383Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "vite-vite--CVE-2025-32395-20260318040532"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -45,12 +45,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `vite-vite--CVE-2025-32395-20260318040532`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T03:27:17.681639Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "vite-vite--CVE-2025-46565-20260318040538"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -45,12 +45,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-859w-59

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `vite-vite--CVE-2025-46565-20260318040538`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:33:22.508417Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "vite-vite--CVE-2025-58751-20260318040545"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -43,12 +43,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `vite-vite--CVE-2025-58751-20260318040545`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:35:16.287471Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "vite-vite--CVE-2025-58752-20260318040552"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -44,12 +44,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `vite-vite--CVE-2025-58752-20260318040552`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552`

 ## 事件层

--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md
@@ -8,10 +8,10 @@ updated_date: "2026-02-04T04:13:38.886554Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "vite-vite--CVE-2025-62522-20260318040559"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -46,12 +46,12 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-66

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `vite-vite--CVE-2025-62522-20260318040559`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559`

 ## 事件层