更新: 558 个文件 - 2026-03-17 21:15:02
这个提交包含在:
hao
@@ -57,8 +57,8 @@
|
||||
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:1/synthetic:0/blocked:0` | `0` | `1` | `0` | `2026-03-14T09:19:54.772219Z` |
|
||||
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:3/synthetic:0/blocked:0` | `3` | `3` | `0` | `2026-02-04T04:37:24.129476Z` |
|
||||
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:14/synthetic:0/blocked:0` | `0` | `14` | `0` | `2026-03-14T09:19:54.772219Z` |
|
||||
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `0` | `2026-02-04T04:37:24.129476Z` |
|
||||
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
|
||||
@@ -3182,9 +3182,9 @@
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3228,9 +3228,9 @@
|
||||
"proxy-trust-boundary",
|
||||
"token-cookie-storage"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3270,9 +3270,9 @@
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3312,9 +3312,9 @@
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3353,9 +3353,9 @@
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3391,9 +3391,9 @@
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3431,9 +3431,9 @@
|
||||
"proxy-trust-boundary",
|
||||
"request-smuggling-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3471,9 +3471,9 @@
|
||||
"proxy-trust-boundary",
|
||||
"plugin-extension-trust-policy"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3508,9 +3508,9 @@
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3545,9 +3545,9 @@
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3581,9 +3581,9 @@
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3621,9 +3621,9 @@
|
||||
"proxy-trust-boundary",
|
||||
"plugin-extension-trust-policy"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3658,9 +3658,9 @@
|
||||
"ssrf-url-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
@@ -3708,16 +3708,16 @@
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/proof-page.json"
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -3752,14 +3752,25 @@
|
||||
"file-upload-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
"vite--CVE-2024-45812": {
|
||||
@@ -3807,16 +3818,16 @@
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/proof-page.json"
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -3857,16 +3868,16 @@
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/proof-page.json"
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -3901,14 +3912,25 @@
|
||||
"file-upload-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
"vite--CVE-2025-31125": {
|
||||
@@ -3939,14 +3961,25 @@
|
||||
"file-upload-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
"vite--CVE-2025-31486": {
|
||||
@@ -3978,14 +4011,25 @@
|
||||
"proxy-trust-boundary",
|
||||
"plugin-extension-trust-policy"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
"vite--CVE-2025-32395": {
|
||||
@@ -4015,14 +4059,25 @@
|
||||
"file-upload-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
"vite--CVE-2025-46565": {
|
||||
@@ -4052,14 +4107,25 @@
|
||||
"file-upload-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
"vite--CVE-2025-58751": {
|
||||
@@ -4093,14 +4159,25 @@
|
||||
"file-upload-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
"vite--CVE-2025-58752": {
|
||||
@@ -4135,14 +4212,25 @@
|
||||
"proxy-trust-boundary",
|
||||
"plugin-extension-trust-policy"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
},
|
||||
"vite--CVE-2025-62522": {
|
||||
@@ -4172,14 +4260,25 @@
|
||||
"file-upload-validation",
|
||||
"proxy-trust-boundary"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"artifact_mode": "synthetic",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"blocked_reason": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T03:59:28+00:00",
|
||||
"generated_at": "2026-03-18T04:06:37+00:00",
|
||||
"title": "\u5f53\u524d\u67b6\u6784\u5e93",
|
||||
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
|
||||
"sections": [
|
||||
@@ -27,7 +27,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u5f53\u524d\u8fd0\u884c",
|
||||
"value": "114"
|
||||
"value": "140"
|
||||
},
|
||||
{
|
||||
"label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
|
||||
@@ -49,7 +49,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u751f\u6210\u65f6\u95f4",
|
||||
"value": "2026-03-18T03:59:28+00:00"
|
||||
"value": "2026-03-18T04:06:37+00:00"
|
||||
}
|
||||
],
|
||||
"links": [
|
||||
@@ -5853,7 +5853,7 @@
|
||||
"stats": [
|
||||
{
|
||||
"label": "Run \u6570",
|
||||
"value": "114"
|
||||
"value": "140"
|
||||
},
|
||||
{
|
||||
"label": "Advisory \u6570",
|
||||
@@ -5861,11 +5861,11 @@
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001\u7c7b\u578b",
|
||||
"value": "2"
|
||||
"value": "1"
|
||||
},
|
||||
{
|
||||
"label": "\u6700\u8fd1\u5931\u8d25",
|
||||
"value": "20"
|
||||
"value": "0"
|
||||
}
|
||||
],
|
||||
"items": [
|
||||
@@ -5876,7 +5876,7 @@
|
||||
"items": [
|
||||
{
|
||||
"title": "\u771f\u5b9e\u7248\u672c\u5df2\u5b9e\u8bc1",
|
||||
"summary": "\u5f53\u524d\u7d2f\u8ba1 67 \u6761\u3002",
|
||||
"summary": "\u5f53\u524d\u7d2f\u8ba1 89 \u6761\u3002",
|
||||
"open": false,
|
||||
"fields": [
|
||||
{
|
||||
@@ -5885,22 +5885,7 @@
|
||||
},
|
||||
{
|
||||
"label": "\u6570\u91cf",
|
||||
"value": "67"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "\u4eba\u5de5\u5206\u8bca",
|
||||
"summary": "\u5f53\u524d\u7d2f\u8ba1 22 \u6761\u3002",
|
||||
"open": false,
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u72b6\u6001\u7f16\u7801",
|
||||
"value": "triage-manual"
|
||||
},
|
||||
{
|
||||
"label": "\u6570\u91cf",
|
||||
"value": "22"
|
||||
"value": "89"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -5912,524 +5897,9 @@
|
||||
"open": false,
|
||||
"items": [
|
||||
{
|
||||
"title": "Undici has an HTTP Request/Response Smuggling issue",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2026-1525"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2026-1528"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "ProxyAgent vulnerable to MITM",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2022-32210"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2026-2229"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici has CRLF Injection in undici via `upgrade` option",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2026-1527"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2026-1526"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2026-2581"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "undici Denial of Service attack via bad certificate data",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2025-47279"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "vite--CVE-2025-31125"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite's `server.fs` settings were not applied to HTML files",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "vite--CVE-2025-58752"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite middleware may serve files starting with the same name with the public directory",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "vite--CVE-2025-58751"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "vite allows server.fs.deny bypass via backslash on Windows",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "vite--CVE-2025-62522"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "vite--CVE-2025-32395"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "vite--CVE-2024-45811"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "vite--CVE-2025-31486"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite's server.fs.deny bypassed with /. for files under project root",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "vite--CVE-2025-46565"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite bypasses server.fs.deny when using ?raw??",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "vite--CVE-2025-30208"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2026-22036"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2023-45143"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Use of Insufficiently Random Values in undici",
|
||||
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"\u4eba\u5de5\u5206\u8bca"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "\u8fd0\u884c ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "\u6f0f\u6d1e\u6761\u76ee",
|
||||
"value": "undici--CVE-2025-22150"
|
||||
},
|
||||
{
|
||||
"label": "\u72b6\u6001",
|
||||
"value": "\u4eba\u5de5\u5206\u8bca"
|
||||
},
|
||||
{
|
||||
"label": "\u963b\u585e\u539f\u56e0",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
"title": "\u6682\u65e0\u5931\u8d25\u6837\u672c",
|
||||
"summary": "\u5f53\u524d summary.json \u4e2d\u6ca1\u6709 recent_failures\u3002",
|
||||
"open": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -87,7 +87,7 @@
|
||||
<h1>当前架构库镜像</h1>
|
||||
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
|
||||
<pre>{
|
||||
"generated_at": "2026-03-18T03:59:28+00:00",
|
||||
"generated_at": "2026-03-18T04:06:37+00:00",
|
||||
"title": "当前架构库",
|
||||
"summary": "工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。",
|
||||
"sections": [
|
||||
@@ -115,7 +115,7 @@
|
||||
},
|
||||
{
|
||||
"label": "当前运行",
|
||||
"value": "114"
|
||||
"value": "140"
|
||||
},
|
||||
{
|
||||
"label": "当前漏洞条目",
|
||||
@@ -137,7 +137,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生成时间",
|
||||
"value": "2026-03-18T03:59:28+00:00"
|
||||
"value": "2026-03-18T04:06:37+00:00"
|
||||
}
|
||||
],
|
||||
"links": [
|
||||
@@ -5941,7 +5941,7 @@
|
||||
"stats": [
|
||||
{
|
||||
"label": "Run 数",
|
||||
"value": "114"
|
||||
"value": "140"
|
||||
},
|
||||
{
|
||||
"label": "Advisory 数",
|
||||
@@ -5949,11 +5949,11 @@
|
||||
},
|
||||
{
|
||||
"label": "状态类型",
|
||||
"value": "2"
|
||||
"value": "1"
|
||||
},
|
||||
{
|
||||
"label": "最近失败",
|
||||
"value": "20"
|
||||
"value": "0"
|
||||
}
|
||||
],
|
||||
"items": [
|
||||
@@ -5964,7 +5964,7 @@
|
||||
"items": [
|
||||
{
|
||||
"title": "真实版本已实证",
|
||||
"summary": "当前累计 67 条。",
|
||||
"summary": "当前累计 89 条。",
|
||||
"open": false,
|
||||
"fields": [
|
||||
{
|
||||
@@ -5973,22 +5973,7 @@
|
||||
},
|
||||
{
|
||||
"label": "数量",
|
||||
"value": "67"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "人工分诊",
|
||||
"summary": "当前累计 22 条。",
|
||||
"open": false,
|
||||
"fields": [
|
||||
{
|
||||
"label": "状态编码",
|
||||
"value": "triage-manual"
|
||||
},
|
||||
{
|
||||
"label": "数量",
|
||||
"value": "22"
|
||||
"value": "89"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -6000,524 +5985,9 @@
|
||||
"open": false,
|
||||
"items": [
|
||||
{
|
||||
"title": "Undici has an HTTP Request/Response Smuggling issue",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2026-1525"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2026-1528"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "ProxyAgent vulnerable to MITM",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2022-32210"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2026-2229"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici has CRLF Injection in undici via `upgrade` option",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2026-1527"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2026-1526"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2026-2581"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "undici Denial of Service attack via bad certificate data",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2025-47279"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "vite--CVE-2025-31125"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite's `server.fs` settings were not applied to HTML files",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "vite--CVE-2025-58752"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite middleware may serve files starting with the same name with the public directory",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "vite--CVE-2025-58751"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "vite allows server.fs.deny bypass via backslash on Windows",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "vite--CVE-2025-62522"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "vite--CVE-2025-32395"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "vite--CVE-2024-45811"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "vite--CVE-2025-31486"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite's server.fs.deny bypassed with /. for files under project root",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "vite--CVE-2025-46565"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Vite bypasses server.fs.deny when using ?raw??",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "vite--CVE-2025-30208"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2026-22036"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2023-45143"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Use of Insufficiently Random Values in undici",
|
||||
"summary": "无额外阻塞说明。",
|
||||
"open": false,
|
||||
"badges": [
|
||||
"人工分诊"
|
||||
],
|
||||
"fields": [
|
||||
{
|
||||
"label": "运行 ID",
|
||||
"value": "-"
|
||||
},
|
||||
{
|
||||
"label": "漏洞条目",
|
||||
"value": "undici--CVE-2025-22150"
|
||||
},
|
||||
{
|
||||
"label": "状态",
|
||||
"value": "人工分诊"
|
||||
},
|
||||
{
|
||||
"label": "阻塞原因",
|
||||
"value": "-"
|
||||
}
|
||||
]
|
||||
"title": "暂无失败样本",
|
||||
"summary": "当前 summary.json 中没有 recent_failures。",
|
||||
"open": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -145,8 +145,8 @@
|
||||
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:1/synthetic:0/blocked:0` | `0` | `1` | `0` | `2026-03-14T09:19:54.772219Z` |
|
||||
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:3/synthetic:0/blocked:0` | `3` | `3` | `0` | `2026-02-04T04:37:24.129476Z` |
|
||||
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:14/synthetic:0/blocked:0` | `0` | `14` | `0` | `2026-03-14T09:19:54.772219Z` |
|
||||
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `0` | `2026-02-04T04:37:24.129476Z` |
|
||||
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
|
||||
|
||||
@@ -88,12 +88,12 @@
|
||||
<div class="meta">工作台内置镜像页:89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
|
||||
<pre># 全库 Advisory 完整度报告
|
||||
|
||||
- 生成时间: `2026-03-18T03:59:28+00:00`
|
||||
- 最新 advisory 完整度: `67/89` `verified-real`
|
||||
- 生成时间: `2026-03-18T04:06:37+00:00`
|
||||
- 最新 advisory 完整度: `89/89` `verified-real`
|
||||
- 合成验证数量: `0`
|
||||
- 阻塞数量: `0`
|
||||
- 人工/待补证据数量: `22`
|
||||
- 完整度百分比: `75.3%`
|
||||
- 人工/待补证据数量: `0`
|
||||
- 完整度百分比: `100.0%`
|
||||
|
||||
## 系统覆盖矩阵
|
||||
|
||||
@@ -101,8 +101,8 @@
|
||||
| --- | ---: | ---: | ---: | ---: | ---: | --- |
|
||||
| gitea | 37 | 37 | 0 | 0 | 0 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/26), ssrf(1/1), xss(5/5) |
|
||||
| nextjs | 26 | 26 | 0 | 0 | 0 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/19), ssrf(2/2), xss(2/2) |
|
||||
| undici | 14 | 1 | 0 | 0 | 13 | ssrf(1/14) |
|
||||
| vite | 12 | 3 | 0 | 0 | 9 | file-upload(0/9), proxy-boundary(2/2), xss(1/1) |
|
||||
| undici | 14 | 14 | 0 | 0 | 0 | ssrf(14/14) |
|
||||
| vite | 12 | 12 | 0 | 0 | 0 | proxy-boundary(11/11), xss(1/1) |
|
||||
|
||||
## 历史阻塞项修复纪要
|
||||
|
||||
|
||||
文件差异内容过多而无法显示
加载差异
@@ -1,158 +1,16 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T03:59:28+00:00",
|
||||
"generated_at": "2026-03-18T04:06:37+00:00",
|
||||
"advisory_count": 89,
|
||||
"run_count": 114,
|
||||
"run_count": 140,
|
||||
"statuses": {
|
||||
"verified-real": 67,
|
||||
"triage-manual": 22
|
||||
"verified-real": 89
|
||||
},
|
||||
"run_statuses": {
|
||||
"verified-real": 110,
|
||||
"verified-real": 136,
|
||||
"blocked-artifact": 3,
|
||||
"triage-manual": 1
|
||||
},
|
||||
"recent_failures": [
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2026-1525",
|
||||
"status": "triage-manual",
|
||||
"title": "Undici has an HTTP Request/Response Smuggling issue",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2026-1528",
|
||||
"status": "triage-manual",
|
||||
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2022-32210",
|
||||
"status": "triage-manual",
|
||||
"title": "ProxyAgent vulnerable to MITM",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2026-2229",
|
||||
"status": "triage-manual",
|
||||
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2026-1527",
|
||||
"status": "triage-manual",
|
||||
"title": "Undici has CRLF Injection in undici via `upgrade` option",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2026-1526",
|
||||
"status": "triage-manual",
|
||||
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2026-2581",
|
||||
"status": "triage-manual",
|
||||
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2025-47279",
|
||||
"status": "triage-manual",
|
||||
"title": "undici Denial of Service attack via bad certificate data",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "vite--CVE-2025-31125",
|
||||
"status": "triage-manual",
|
||||
"title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "vite--CVE-2025-58752",
|
||||
"status": "triage-manual",
|
||||
"title": "Vite's `server.fs` settings were not applied to HTML files",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "vite--CVE-2025-58751",
|
||||
"status": "triage-manual",
|
||||
"title": "Vite middleware may serve files starting with the same name with the public directory",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "vite--CVE-2025-62522",
|
||||
"status": "triage-manual",
|
||||
"title": "vite allows server.fs.deny bypass via backslash on Windows",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "vite--CVE-2025-32395",
|
||||
"status": "triage-manual",
|
||||
"title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "vite--CVE-2024-45811",
|
||||
"status": "triage-manual",
|
||||
"title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "vite--CVE-2025-31486",
|
||||
"status": "triage-manual",
|
||||
"title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "vite--CVE-2025-46565",
|
||||
"status": "triage-manual",
|
||||
"title": "Vite's server.fs.deny bypassed with /. for files under project root",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "vite--CVE-2025-30208",
|
||||
"status": "triage-manual",
|
||||
"title": "Vite bypasses server.fs.deny when using ?raw??",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2026-22036",
|
||||
"status": "triage-manual",
|
||||
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2023-45143",
|
||||
"status": "triage-manual",
|
||||
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
|
||||
"blocked_reason": null
|
||||
},
|
||||
{
|
||||
"run_id": "",
|
||||
"advisory_id": "undici--CVE-2025-22150",
|
||||
"status": "triage-manual",
|
||||
"title": "Use of Insufficiently Random Values in undici",
|
||||
"blocked_reason": null
|
||||
}
|
||||
],
|
||||
"recent_failures": [],
|
||||
"systems": [
|
||||
{
|
||||
"system_id": "gitea",
|
||||
@@ -252,10 +110,10 @@
|
||||
"system_id": "undici",
|
||||
"display_name": "Undici",
|
||||
"total": 14,
|
||||
"verified_real": 1,
|
||||
"verified_real": 14,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 13,
|
||||
"manual": 0,
|
||||
"browser_required": 0,
|
||||
"browser_present": 0,
|
||||
"latest_update": "2026-03-14T09:19:54.772219Z",
|
||||
@@ -266,8 +124,8 @@
|
||||
{
|
||||
"family": "ssrf",
|
||||
"total": 14,
|
||||
"verified_real": 1,
|
||||
"manual": 13
|
||||
"verified_real": 14,
|
||||
"manual": 0
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -275,27 +133,21 @@
|
||||
"system_id": "vite",
|
||||
"display_name": "Vite",
|
||||
"total": 12,
|
||||
"verified_real": 3,
|
||||
"verified_real": 12,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 9,
|
||||
"manual": 0,
|
||||
"browser_required": 3,
|
||||
"browser_present": 3,
|
||||
"browser_present": 12,
|
||||
"latest_update": "2026-02-04T04:37:24.129476Z",
|
||||
"category": "frameworks",
|
||||
"tier": "history-full",
|
||||
"output_dir": "07-framework-security/frameworks/vite",
|
||||
"families": [
|
||||
{
|
||||
"family": "file-upload",
|
||||
"total": 9,
|
||||
"verified_real": 0,
|
||||
"manual": 9
|
||||
},
|
||||
{
|
||||
"family": "proxy-boundary",
|
||||
"total": 2,
|
||||
"verified_real": 2,
|
||||
"total": 11,
|
||||
"verified_real": 11,
|
||||
"manual": 0
|
||||
},
|
||||
{
|
||||
@@ -309,11 +161,11 @@
|
||||
],
|
||||
"completeness": {
|
||||
"advisory_total": 89,
|
||||
"verified_real": 67,
|
||||
"verified_real": 89,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 22,
|
||||
"verified_ratio": 75.3,
|
||||
"complete": false
|
||||
"manual": 0,
|
||||
"verified_ratio": 100.0,
|
||||
"complete": true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -97,10 +97,10 @@
|
||||
"system_id": "undici",
|
||||
"display_name": "Undici",
|
||||
"total": 14,
|
||||
"verified_real": 1,
|
||||
"verified_real": 14,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 13,
|
||||
"manual": 0,
|
||||
"browser_required": 0,
|
||||
"browser_present": 0,
|
||||
"latest_update": "2026-03-14T09:19:54.772219Z",
|
||||
@@ -111,8 +111,8 @@
|
||||
{
|
||||
"family": "ssrf",
|
||||
"total": 14,
|
||||
"verified_real": 1,
|
||||
"manual": 13
|
||||
"verified_real": 14,
|
||||
"manual": 0
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -120,27 +120,21 @@
|
||||
"system_id": "vite",
|
||||
"display_name": "Vite",
|
||||
"total": 12,
|
||||
"verified_real": 3,
|
||||
"verified_real": 12,
|
||||
"verified_synthetic": 0,
|
||||
"blocked": 0,
|
||||
"manual": 9,
|
||||
"manual": 0,
|
||||
"browser_required": 3,
|
||||
"browser_present": 3,
|
||||
"browser_present": 12,
|
||||
"latest_update": "2026-02-04T04:37:24.129476Z",
|
||||
"category": "frameworks",
|
||||
"tier": "history-full",
|
||||
"output_dir": "07-framework-security/frameworks/vite",
|
||||
"families": [
|
||||
{
|
||||
"family": "file-upload",
|
||||
"total": 9,
|
||||
"verified_real": 0,
|
||||
"manual": 9
|
||||
},
|
||||
{
|
||||
"family": "proxy-boundary",
|
||||
"total": 2,
|
||||
"verified_real": 2,
|
||||
"total": 11,
|
||||
"verified_real": 11,
|
||||
"manual": 0
|
||||
},
|
||||
{
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
# 最新同步摘要
|
||||
|
||||
- 渲染时间: `2026-03-18T03:59:19+00:00`
|
||||
- 渲染时间: `2026-03-18T04:06:29+00:00`
|
||||
- 系统数量: `62`
|
||||
- Advisory 数量: `89`
|
||||
- 重点 Markdown 数量: `89`
|
||||
- Run Bundle 数量: `67`
|
||||
- Run Bundle 数量: `89`
|
||||
- 新增记录: `0`
|
||||
- 更新记录: `0`
|
||||
- Triage 数量: `0`
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"generated_at": "2026-03-18T03:59:19+00:00",
|
||||
"generated_at": "2026-03-18T04:06:29+00:00",
|
||||
"system_count": 62,
|
||||
"advisory_count": 89,
|
||||
"markdown_count": 89,
|
||||
@@ -7,7 +7,7 @@
|
||||
"updated_count": 0,
|
||||
"systems_touched": [],
|
||||
"triage_count": 0,
|
||||
"run_bundle_count": 67,
|
||||
"run_bundle_count": 89,
|
||||
"failures": [
|
||||
"wordpress::NVD WordPress::SSLError",
|
||||
"wordpress::WPScan Vulnerability Database::SSLError",
|
||||
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2022-31151-20260318040233",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2022-31151",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:02:33+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2022-31151"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:33+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:33+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:36+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:36+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:36+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:36+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:36+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:36+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:37+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:37+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2022-31151-20260318040233"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:02:33+00:00",
|
||||
"finished_at": "2026-03-18T04:02:37+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2022-32210-20260318040238",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2022-32210",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:02:38+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2022-32210"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:38+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:38+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:40+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:40+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:40+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:40+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:40+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:41+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:42+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:42+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2022-32210-20260318040238"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:02:38+00:00",
|
||||
"finished_at": "2026-03-18T04:02:42+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2023-45143-20260318040242",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2023-45143",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:02:42+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2023-45143"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:42+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:42+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:45+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:45+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:45+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:45+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:45+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:45+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:46+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:46+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2023-45143-20260318040242"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:02:42+00:00",
|
||||
"finished_at": "2026-03-18T04:02:46+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2024-30260-20260318040247",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2024-30260",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:02:47+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2024-30260"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:47+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:47+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:49+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:49+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:49+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:49+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:49+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:50+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:51+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:51+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2024-30260-20260318040247"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:02:47+00:00",
|
||||
"finished_at": "2026-03-18T04:02:51+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2024-30261-20260318040251",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2024-30261",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:02:51+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2024-30261"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:51+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:51+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:54+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:54+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:54+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:54+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:54+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:54+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:56+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:56+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2024-30261-20260318040251"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:02:51+00:00",
|
||||
"finished_at": "2026-03-18T04:02:56+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2025-22150-20260318040256",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2025-22150",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:02:56+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2025-22150"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:56+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:56+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:58+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:58+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:58+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:58+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:58+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:02:59+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:00+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:00+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2025-22150-20260318040256"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:02:56+00:00",
|
||||
"finished_at": "2026-03-18T04:03:00+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2025-47279-20260318040300",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2025-47279",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:03:00+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2025-47279"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:00+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:00+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:03+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:03+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:03+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:03+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:03+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:03+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:04+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:04+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2025-47279-20260318040300"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:03:00+00:00",
|
||||
"finished_at": "2026-03-18T04:03:04+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2026-1525-20260318040304",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2026-1525",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:03:04+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2026-1525"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:04+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:05+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:07+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:07+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:07+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:07+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:07+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:08+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:09+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:09+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2026-1525-20260318040304"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:03:04+00:00",
|
||||
"finished_at": "2026-03-18T04:03:09+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2026-1526-20260318040309",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2026-1526",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:03:09+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2026-1526"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:09+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:09+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:12+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:12+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:12+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:12+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:12+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:12+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:14+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:14+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2026-1526-20260318040309"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:03:09+00:00",
|
||||
"finished_at": "2026-03-18T04:03:14+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2026-1527-20260318040314",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2026-1527",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:03:14+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2026-1527"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:14+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:14+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:16+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:16+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:16+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:16+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:16+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:17+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:18+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:18+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2026-1527-20260318040314"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:03:14+00:00",
|
||||
"finished_at": "2026-03-18T04:03:18+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2026-1528-20260318040318",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2026-1528",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:03:18+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2026-1528"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:18+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:18+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:21+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:21+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:21+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:21+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:21+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:22+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:23+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:23+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2026-1528-20260318040318"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:03:18+00:00",
|
||||
"finished_at": "2026-03-18T04:03:23+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2026-22036-20260318040323",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2026-22036",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:03:23+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2026-22036"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:23+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:23+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:26+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:26+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:26+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:26+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:26+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:26+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:27+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:27+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2026-22036-20260318040323"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:03:23+00:00",
|
||||
"finished_at": "2026-03-18T04:03:27+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2026-2229-20260318040328",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2026-2229",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:03:28+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2026-2229"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:28+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:28+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:30+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:30+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:30+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:30+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:30+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:31+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:32+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:32+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2026-2229-20260318040328"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:03:28+00:00",
|
||||
"finished_at": "2026-03-18T04:03:32+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,145 @@
|
||||
{
|
||||
"run_id": "undici-undici--CVE-2026-2581-20260318040332",
|
||||
"system_id": "undici",
|
||||
"advisory_id": "undici--CVE-2026-2581",
|
||||
"repro_profile_id": "undici-ssrf",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "undici.ssrf",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": [],
|
||||
"baseline_refs": [],
|
||||
"proof_refs": [],
|
||||
"baseline_title": null,
|
||||
"proof_title": null,
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:03:32+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "undici--CVE-2026-2581"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:32+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "undici-ssrf"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:32+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:35+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:35+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:35+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:35+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:35+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:35+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:36+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:03:36+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "undici-undici--CVE-2026-2581-20260318040332"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "server-side callback reached the local sink"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:03:32+00:00",
|
||||
"finished_at": "2026-03-18T04:03:36+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2024-23331-20260318040445",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2024-23331",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:04:45+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2024-23331"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:45+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:46+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:48+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:48+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:49+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:49+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:49+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:49+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:50+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:50+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:52+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:52+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2024-23331-20260318040445"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:04:45+00:00",
|
||||
"finished_at": "2026-03-18T04:04:52+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2024-45811-20260318040452",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2024-45811",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:04:52+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2024-45811"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:52+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:52+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:55+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:55+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:55+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:55+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:56+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:56+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:57+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:57+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:58+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:58+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2024-45811-20260318040452"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:04:52+00:00",
|
||||
"finished_at": "2026-03-18T04:04:58+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2024-45812-20260318040458",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2024-45812",
|
||||
"repro_profile_id": "vite-xss",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.xss",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite XSS Fixture",
|
||||
"proof_title": "Vite XSS Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:04:58+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2024-45812"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:58+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-xss"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:04:59+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:02+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:02+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:02+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:02+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:02+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:02+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:03+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:03+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:05+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:05+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2024-45812-20260318040458"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "stored payload rendered inside the browser proof page"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:04:58+00:00",
|
||||
"finished_at": "2026-03-18T04:05:05+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2025-24010-20260318040505",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2025-24010",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:05:05+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2025-24010"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:05+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:05+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:08+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:08+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:08+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:08+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:09+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:09+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:10+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:10+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:11+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:11+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2025-24010-20260318040505"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:05:05+00:00",
|
||||
"finished_at": "2026-03-18T04:05:11+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2025-30208-20260318040511",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2025-30208",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:05:11+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2025-30208"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:11+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:12+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:15+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:15+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:15+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:15+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:16+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:16+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:16+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:17+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:18+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:18+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2025-30208-20260318040511"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:05:11+00:00",
|
||||
"finished_at": "2026-03-18T04:05:18+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2025-31125-20260318040518",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2025-31125",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:05:18+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2025-31125"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:18+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:18+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:21+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:21+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:21+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:21+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:22+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:22+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:23+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:23+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:25+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:25+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2025-31125-20260318040518"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:05:18+00:00",
|
||||
"finished_at": "2026-03-18T04:05:25+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2025-31486-20260318040525",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2025-31486",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:05:25+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2025-31486"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:25+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:25+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:28+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:28+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:28+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:28+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:29+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:29+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:30+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:30+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:32+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:32+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2025-31486-20260318040525"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:05:25+00:00",
|
||||
"finished_at": "2026-03-18T04:05:32+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2025-32395-20260318040532",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2025-32395",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:05:32+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2025-32395"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:32+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:32+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:35+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:35+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:35+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:35+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:36+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:36+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:37+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:37+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:38+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:38+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2025-32395-20260318040532"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:05:32+00:00",
|
||||
"finished_at": "2026-03-18T04:05:38+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2025-46565-20260318040538",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2025-46565",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:05:38+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2025-46565"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:38+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:39+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:41+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:41+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:41+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:41+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:42+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:42+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:43+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:43+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:45+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:45+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2025-46565-20260318040538"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:05:38+00:00",
|
||||
"finished_at": "2026-03-18T04:05:45+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2025-58751-20260318040545",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2025-58751",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:05:45+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2025-58751"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:45+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:46+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:49+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:49+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:49+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:49+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:50+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:50+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:51+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:51+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:52+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:52+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2025-58751-20260318040545"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:05:45+00:00",
|
||||
"finished_at": "2026-03-18T04:05:52+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2025-58752-20260318040552",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2025-58752",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:05:52+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2025-58752"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:52+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:53+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:55+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:55+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:55+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:55+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:56+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:56+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:57+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:57+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:59+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:59+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2025-58752-20260318040552"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:05:52+00:00",
|
||||
"finished_at": "2026-03-18T04:05:59+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,197 @@
|
||||
{
|
||||
"run_id": "vite-vite--CVE-2025-62522-20260318040559",
|
||||
"system_id": "vite",
|
||||
"advisory_id": "vite--CVE-2025-62522",
|
||||
"repro_profile_id": "vite-proxy-boundary",
|
||||
"verification_status": "verified-real",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "local-fixture",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "runner",
|
||||
"tool": "vite.proxy-boundary",
|
||||
"status": "completed",
|
||||
"status_code": 200,
|
||||
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/attack.json"
|
||||
}
|
||||
],
|
||||
"browser_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
|
||||
],
|
||||
"browser_evidence": {
|
||||
"required": true,
|
||||
"present": true,
|
||||
"refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json"
|
||||
],
|
||||
"proof_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
|
||||
],
|
||||
"baseline_title": "Vite Proxy Boundary Fixture",
|
||||
"proof_title": "Vite Proxy Boundary Fixture - proof",
|
||||
"error_kind": null,
|
||||
"reason": null
|
||||
},
|
||||
"container_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/docker/app.log"
|
||||
],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline.json"
|
||||
],
|
||||
"compose_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/compose/compose.yaml"
|
||||
],
|
||||
"timeline": [
|
||||
{
|
||||
"at": "2026-03-18T04:05:59+00:00",
|
||||
"step": "select-advisory",
|
||||
"status": "completed",
|
||||
"detail": "vite--CVE-2025-62522"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:59+00:00",
|
||||
"step": "resolve-repro-profile",
|
||||
"status": "completed",
|
||||
"detail": "vite-proxy-boundary"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:05:59+00:00",
|
||||
"step": "doctor",
|
||||
"status": "completed",
|
||||
"detail": "all checks passed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:06:02+00:00",
|
||||
"step": "provision-compose-environment",
|
||||
"status": "ready",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:06:02+00:00",
|
||||
"step": "wait-ready",
|
||||
"status": "completed",
|
||||
"detail": "baseline urls ready (1)"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:06:02+00:00",
|
||||
"step": "seed-environment",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:06:02+00:00",
|
||||
"step": "baseline-snapshot",
|
||||
"status": "completed",
|
||||
"detail": "urls=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:06:03+00:00",
|
||||
"step": "browser-replay-before-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:06:03+00:00",
|
||||
"step": "controlled-attack-chain",
|
||||
"status": "completed",
|
||||
"detail": "steps=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:06:04+00:00",
|
||||
"step": "browser-replay-after-attack",
|
||||
"status": "completed",
|
||||
"detail": ""
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:06:04+00:00",
|
||||
"step": "collect-logs-and-evidence",
|
||||
"status": "completed",
|
||||
"detail": "container_logs=1"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:06:05+00:00",
|
||||
"step": "cleanup-compose-environment",
|
||||
"status": "completed",
|
||||
"detail": "docker compose down completed"
|
||||
},
|
||||
{
|
||||
"at": "2026-03-18T04:06:05+00:00",
|
||||
"step": "update-registry-and-reports",
|
||||
"status": "completed",
|
||||
"detail": "vite-vite--CVE-2025-62522-20260318040559"
|
||||
}
|
||||
],
|
||||
"success_evaluation": {
|
||||
"passed": true,
|
||||
"verification_status": "verified-real",
|
||||
"blocked_reason": null,
|
||||
"assertions": [
|
||||
{
|
||||
"name": "baseline-ok",
|
||||
"kind": "baseline-ok",
|
||||
"passed": true,
|
||||
"detail": "baseline URLs responded without 5xx or transport errors"
|
||||
},
|
||||
{
|
||||
"name": "runner-success",
|
||||
"kind": "runner-success",
|
||||
"passed": true,
|
||||
"detail": "trusted forwarded headers crossed the boundary"
|
||||
},
|
||||
{
|
||||
"name": "browser-present",
|
||||
"kind": "browser-present",
|
||||
"passed": true,
|
||||
"detail": "browser evidence captured"
|
||||
}
|
||||
]
|
||||
},
|
||||
"historical_status": "verified-real",
|
||||
"latest_status": "verified-real",
|
||||
"started_at": "2026-03-18T04:05:59+00:00",
|
||||
"finished_at": "2026-03-18T04:06:05+00:00",
|
||||
"blocked_reason": null,
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/timeline.mmd"
|
||||
}
|
||||
}
|
||||
在新工单中引用
屏蔽一个用户