hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 558 个文件 - 2026-03-17 21:15:02

浏览代码
这个提交包含在:
hao
2026-03-17 21:15:03 -07:00
父节点 080e55a98c
当前提交 16a40646a3
修改 558 个文件,包含 29800 行新增13001 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

4
08-threat-intel/generated/coverage-matrix.md
查看文件

@@ -57,8 +57,8 @@
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:1/synthetic:0/blocked:0` | `0` | `1` | `0` | `2026-03-14T09:19:54.772219Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:3/synthetic:0/blocked:0` | `3` | `3` | `0` | `2026-02-04T04:37:24.129476Z` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:14/synthetic:0/blocked:0` | `0` | `14` | `0` | `2026-03-14T09:19:54.772219Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `0` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |

327
08-threat-intel/generated/dashboard/advisories.json
查看文件

@@ -3182,9 +3182,9 @@
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3228,9 +3228,9 @@
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3270,9 +3270,9 @@
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3312,9 +3312,9 @@
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3353,9 +3353,9 @@
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3391,9 +3391,9 @@
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3431,9 +3431,9 @@
"proxy-trust-boundary",
"request-smuggling-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3471,9 +3471,9 @@
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3508,9 +3508,9 @@
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3545,9 +3545,9 @@
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3581,9 +3581,9 @@
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3621,9 +3621,9 @@
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3658,9 +3658,9 @@
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -3708,16 +3708,16 @@
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318024306/logs/proof-page.json"
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
]
}
},
@@ -3752,14 +3752,25 @@
"file-upload-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
]
}
},
"vite--CVE-2024-45812": {
@@ -3807,16 +3818,16 @@
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318025921/logs/proof-page.json"
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
]
}
},
@@ -3857,16 +3868,16 @@
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318024314/logs/proof-page.json"
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
]
}
},
@@ -3901,14 +3912,25 @@
"file-upload-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
]
}
},
"vite--CVE-2025-31125": {
@@ -3939,14 +3961,25 @@
"file-upload-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
]
}
},
"vite--CVE-2025-31486": {
@@ -3978,14 +4011,25 @@
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
]
}
},
"vite--CVE-2025-32395": {
@@ -4015,14 +4059,25 @@
"file-upload-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
]
}
},
"vite--CVE-2025-46565": {
@@ -4052,14 +4107,25 @@
"file-upload-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
]
}
},
"vite--CVE-2025-58751": {
@@ -4093,14 +4159,25 @@
"file-upload-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
]
}
},
"vite--CVE-2025-58752": {
@@ -4135,14 +4212,25 @@
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
]
}
},
"vite--CVE-2025-62522": {
@@ -4172,14 +4260,25 @@
"file-upload-validation",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
]
}
}
}

552
08-threat-intel/generated/dashboard/architecture.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-18T03:59:28+00:00",
"generated_at": "2026-03-18T04:06:37+00:00",
"title": "\u5f53\u524d\u67b6\u6784\u5e93",
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
"sections": [
@@ -27,7 +27,7 @@
},
{
"label": "\u5f53\u524d\u8fd0\u884c",
"value": "114"
"value": "140"
},
{
"label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
@@ -49,7 +49,7 @@
},
{
"label": "\u751f\u6210\u65f6\u95f4",
"value": "2026-03-18T03:59:28+00:00"
"value": "2026-03-18T04:06:37+00:00"
}
],
"links": [
@@ -5853,7 +5853,7 @@
"stats": [
{
"label": "Run \u6570",
"value": "114"
"value": "140"
},
{
"label": "Advisory \u6570",
@@ -5861,11 +5861,11 @@
},
{
"label": "\u72b6\u6001\u7c7b\u578b",
"value": "2"
"value": "1"
},
{
"label": "\u6700\u8fd1\u5931\u8d25",
"value": "20"
"value": "0"
}
],
"items": [
@@ -5876,7 +5876,7 @@
"items": [
{
"title": "\u771f\u5b9e\u7248\u672c\u5df2\u5b9e\u8bc1",
"summary": "\u5f53\u524d\u7d2f\u8ba1 67 \u6761\u3002",
"summary": "\u5f53\u524d\u7d2f\u8ba1 89 \u6761\u3002",
"open": false,
"fields": [
{
@@ -5885,22 +5885,7 @@
},
{
"label": "\u6570\u91cf",
"value": "67"
}
]
},
{
"title": "\u4eba\u5de5\u5206\u8bca",
"summary": "\u5f53\u524d\u7d2f\u8ba1 22 \u6761\u3002",
"open": false,
"fields": [
{
"label": "\u72b6\u6001\u7f16\u7801",
"value": "triage-manual"
},
{
"label": "\u6570\u91cf",
"value": "22"
"value": "89"
}
]
}
@@ -5912,524 +5897,9 @@
"open": false,
"items": [
{
"title": "Undici has an HTTP Request/Response Smuggling issue",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1525"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1528"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "ProxyAgent vulnerable to MITM",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2022-32210"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-2229"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1527"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1526"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-2581"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "undici Denial of Service attack via bad certificate data",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2025-47279"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-31125"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite's `server.fs` settings were not applied to HTML files",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-58752"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite middleware may serve files starting with the same name with the public directory",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-58751"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "vite allows server.fs.deny bypass via backslash on Windows",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-62522"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-32395"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2024-45811"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-31486"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite's server.fs.deny bypassed with /. for files under project root",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-46565"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite bypasses server.fs.deny when using ?raw??",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-30208"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-22036"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2023-45143"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Use of Insufficiently Random Values in undici",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2025-22150"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
"title": "\u6682\u65e0\u5931\u8d25\u6837\u672c",
"summary": "\u5f53\u524d summary.json \u4e2d\u6ca1\u6709 recent_failures\u3002",
"open": false
}
]
}

552
08-threat-intel/generated/dashboard/docs/architecture-library.html
查看文件

@@ -87,7 +87,7 @@
<h1>当前架构库镜像</h1>
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
<pre>{
&quot;generated_at&quot;: &quot;2026-03-18T03:59:28+00:00&quot;,
&quot;generated_at&quot;: &quot;2026-03-18T04:06:37+00:00&quot;,
&quot;title&quot;: &quot;当前架构库&quot;,
&quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
&quot;sections&quot;: [
@@ -115,7 +115,7 @@
},
{
&quot;label&quot;: &quot;当前运行&quot;,
&quot;value&quot;: &quot;114&quot;
&quot;value&quot;: &quot;140&quot;
},
{
&quot;label&quot;: &quot;当前漏洞条目&quot;,
@@ -137,7 +137,7 @@
},
{
&quot;label&quot;: &quot;生成时间&quot;,
&quot;value&quot;: &quot;2026-03-18T03:59:28+00:00&quot;
&quot;value&quot;: &quot;2026-03-18T04:06:37+00:00&quot;
}
],
&quot;links&quot;: [
@@ -5941,7 +5941,7 @@
&quot;stats&quot;: [
{
&quot;label&quot;: &quot;Run 数&quot;,
&quot;value&quot;: &quot;114&quot;
&quot;value&quot;: &quot;140&quot;
},
{
&quot;label&quot;: &quot;Advisory 数&quot;,
@@ -5949,11 +5949,11 @@
},
{
&quot;label&quot;: &quot;状态类型&quot;,
&quot;value&quot;: &quot;2&quot;
&quot;value&quot;: &quot;1&quot;
},
{
&quot;label&quot;: &quot;最近失败&quot;,
&quot;value&quot;: &quot;20&quot;
&quot;value&quot;: &quot;0&quot;
}
],
&quot;items&quot;: [
@@ -5964,7 +5964,7 @@
&quot;items&quot;: [
{
&quot;title&quot;: &quot;真实版本已实证&quot;,
&quot;summary&quot;: &quot;当前累计 67 条。&quot;,
&quot;summary&quot;: &quot;当前累计 89 条。&quot;,
&quot;open&quot;: false,
&quot;fields&quot;: [
{
@@ -5973,22 +5973,7 @@
},
{
&quot;label&quot;: &quot;数量&quot;,
&quot;value&quot;: &quot;67&quot;
}
]
},
{
&quot;title&quot;: &quot;人工分诊&quot;,
&quot;summary&quot;: &quot;当前累计 22 条。&quot;,
&quot;open&quot;: false,
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;状态编码&quot;,
&quot;value&quot;: &quot;triage-manual&quot;
},
{
&quot;label&quot;: &quot;数量&quot;,
&quot;value&quot;: &quot;22&quot;
&quot;value&quot;: &quot;89&quot;
}
]
}
@@ -6000,524 +5985,9 @@
&quot;open&quot;: false,
&quot;items&quot;: [
{
&quot;title&quot;: &quot;Undici has an HTTP Request/Response Smuggling issue&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2026-1525&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2026-1528&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;ProxyAgent vulnerable to MITM&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2022-32210&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2026-2229&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Undici has CRLF Injection in undici via `upgrade` option&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2026-1527&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2026-1526&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2026-2581&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;undici Denial of Service attack via bad certificate data&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2025-47279&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;vite--CVE-2025-31125&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Vite&#x27;s `server.fs` settings were not applied to HTML files&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;vite--CVE-2025-58752&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Vite middleware may serve files starting with the same name with the public directory&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;vite--CVE-2025-58751&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;vite allows server.fs.deny bypass via backslash on Windows&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;vite--CVE-2025-62522&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Vite has an `server.fs.deny` bypass with an invalid `request-target`&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;vite--CVE-2025-32395&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Vite&#x27;s `server.fs.deny` is bypassed when using `?import&amp;raw`&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;vite--CVE-2024-45811&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Vite allows server.fs.deny to be bypassed with .svg or relative paths&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;vite--CVE-2025-31486&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Vite&#x27;s server.fs.deny bypassed with /. for files under project root&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;vite--CVE-2025-46565&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Vite bypasses server.fs.deny when using ?raw??&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;vite--CVE-2025-30208&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2026-22036&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Undici&#x27;s cookie header not cleared on cross-origin redirect in fetch&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2023-45143&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Use of Insufficiently Random Values in undici&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;undici--CVE-2025-22150&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
&quot;title&quot;: &quot;暂无失败样本&quot;,
&quot;summary&quot;: &quot;当前 summary.json 中没有 recent_failures&quot;,
&quot;open&quot;: false
}
]
}

4
08-threat-intel/generated/dashboard/docs/coverage-matrix.html
查看文件

@@ -145,8 +145,8 @@
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:1/synthetic:0/blocked:0` | `0` | `1` | `0` | `2026-03-14T09:19:54.772219Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:3/synthetic:0/blocked:0` | `3` | `3` | `0` | `2026-02-04T04:37:24.129476Z` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:14/synthetic:0/blocked:0` | `0` | `14` | `0` | `2026-03-14T09:19:54.772219Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `0` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |

12
08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
查看文件

@@ -88,12 +88,12 @@
<div class="meta">工作台内置镜像页89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
<pre># 全库 Advisory 完整度报告
- 生成时间: `2026-03-18T03:59:28+00:00`
- 最新 advisory 完整度: `67/89` `verified-real`
- 生成时间: `2026-03-18T04:06:37+00:00`
- 最新 advisory 完整度: `89/89` `verified-real`
- 合成验证数量: `0`
- 阻塞数量: `0`
- 人工/待补证据数量: `22`
- 完整度百分比: `75.3%`
- 人工/待补证据数量: `0`
- 完整度百分比: `100.0%`
## 系统覆盖矩阵
@@ -101,8 +101,8 @@
| --- | ---: | ---: | ---: | ---: | ---: | --- |
| gitea | 37 | 37 | 0 | 0 | 0 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/26), ssrf(1/1), xss(5/5) |
| nextjs | 26 | 26 | 0 | 0 | 0 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/19), ssrf(2/2), xss(2/2) |
| undici | 14 | 1 | 0 | 0 | 13 | ssrf(1/14) |
| vite | 12 | 3 | 0 | 0 | 9 | file-upload(0/9), proxy-boundary(2/2), xss(1/1) |
| undici | 14 | 14 | 0 | 0 | 0 | ssrf(14/14) |
| vite | 12 | 12 | 0 | 0 | 0 | proxy-boundary(11/11), xss(1/1) |
## 历史阻塞项修复纪要

21955
08-threat-intel/generated/dashboard/runs.json
查看文件

文件差异内容过多而无法显示 加载差异

184
08-threat-intel/generated/dashboard/summary.json
查看文件

@@ -1,158 +1,16 @@
{
"generated_at": "2026-03-18T03:59:28+00:00",
"generated_at": "2026-03-18T04:06:37+00:00",
"advisory_count": 89,
"run_count": 114,
"run_count": 140,
"statuses": {
"verified-real": 67,
"triage-manual": 22
"verified-real": 89
},
"run_statuses": {
"verified-real": 110,
"verified-real": 136,
"blocked-artifact": 3,
"triage-manual": 1
},
"recent_failures": [
{
"run_id": "",
"advisory_id": "undici--CVE-2026-1525",
"status": "triage-manual",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "undici--CVE-2026-1528",
"status": "triage-manual",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "undici--CVE-2022-32210",
"status": "triage-manual",
"title": "ProxyAgent vulnerable to MITM",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "undici--CVE-2026-2229",
"status": "triage-manual",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "undici--CVE-2026-1527",
"status": "triage-manual",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "undici--CVE-2026-1526",
"status": "triage-manual",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "undici--CVE-2026-2581",
"status": "triage-manual",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "undici--CVE-2025-47279",
"status": "triage-manual",
"title": "undici Denial of Service attack via bad certificate data",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "vite--CVE-2025-31125",
"status": "triage-manual",
"title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "vite--CVE-2025-58752",
"status": "triage-manual",
"title": "Vite's `server.fs` settings were not applied to HTML files",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "vite--CVE-2025-58751",
"status": "triage-manual",
"title": "Vite middleware may serve files starting with the same name with the public directory",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "vite--CVE-2025-62522",
"status": "triage-manual",
"title": "vite allows server.fs.deny bypass via backslash on Windows",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "vite--CVE-2025-32395",
"status": "triage-manual",
"title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "vite--CVE-2024-45811",
"status": "triage-manual",
"title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "vite--CVE-2025-31486",
"status": "triage-manual",
"title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "vite--CVE-2025-46565",
"status": "triage-manual",
"title": "Vite's server.fs.deny bypassed with /. for files under project root",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "vite--CVE-2025-30208",
"status": "triage-manual",
"title": "Vite bypasses server.fs.deny when using ?raw??",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "undici--CVE-2026-22036",
"status": "triage-manual",
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "undici--CVE-2023-45143",
"status": "triage-manual",
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
"blocked_reason": null
},
{
"run_id": "",
"advisory_id": "undici--CVE-2025-22150",
"status": "triage-manual",
"title": "Use of Insufficiently Random Values in undici",
"blocked_reason": null
}
],
"recent_failures": [],
"systems": [
{
"system_id": "gitea",
@@ -252,10 +110,10 @@
"system_id": "undici",
"display_name": "Undici",
"total": 14,
"verified_real": 1,
"verified_real": 14,
"verified_synthetic": 0,
"blocked": 0,
"manual": 13,
"manual": 0,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-03-14T09:19:54.772219Z",
@@ -266,8 +124,8 @@
{
"family": "ssrf",
"total": 14,
"verified_real": 1,
"manual": 13
"verified_real": 14,
"manual": 0
}
]
},
@@ -275,27 +133,21 @@
"system_id": "vite",
"display_name": "Vite",
"total": 12,
"verified_real": 3,
"verified_real": 12,
"verified_synthetic": 0,
"blocked": 0,
"manual": 9,
"manual": 0,
"browser_required": 3,
"browser_present": 3,
"browser_present": 12,
"latest_update": "2026-02-04T04:37:24.129476Z",
"category": "frameworks",
"tier": "history-full",
"output_dir": "07-framework-security/frameworks/vite",
"families": [
{
"family": "file-upload",
"total": 9,
"verified_real": 0,
"manual": 9
},
{
"family": "proxy-boundary",
"total": 2,
"verified_real": 2,
"total": 11,
"verified_real": 11,
"manual": 0
},
{
@@ -309,11 +161,11 @@
],
"completeness": {
"advisory_total": 89,
"verified_real": 67,
"verified_real": 89,
"verified_synthetic": 0,
"blocked": 0,
"manual": 22,
"verified_ratio": 75.3,
"complete": false
"manual": 0,
"verified_ratio": 100.0,
"complete": true
}
}

24
08-threat-intel/generated/dashboard/systems.json
查看文件

@@ -97,10 +97,10 @@
"system_id": "undici",
"display_name": "Undici",
"total": 14,
"verified_real": 1,
"verified_real": 14,
"verified_synthetic": 0,
"blocked": 0,
"manual": 13,
"manual": 0,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-03-14T09:19:54.772219Z",
@@ -111,8 +111,8 @@
{
"family": "ssrf",
"total": 14,
"verified_real": 1,
"manual": 13
"verified_real": 14,
"manual": 0
}
]
},
@@ -120,27 +120,21 @@
"system_id": "vite",
"display_name": "Vite",
"total": 12,
"verified_real": 3,
"verified_real": 12,
"verified_synthetic": 0,
"blocked": 0,
"manual": 9,
"manual": 0,
"browser_required": 3,
"browser_present": 3,
"browser_present": 12,
"latest_update": "2026-02-04T04:37:24.129476Z",
"category": "frameworks",
"tier": "history-full",
"output_dir": "07-framework-security/frameworks/vite",
"families": [
{
"family": "file-upload",
"total": 9,
"verified_real": 0,
"manual": 9
},
{
"family": "proxy-boundary",
"total": 2,
"verified_real": 2,
"total": 11,
"verified_real": 11,
"manual": 0
},
{

4
08-threat-intel/generated/latest-ingest.md
查看文件

@@ -1,10 +1,10 @@
# 最新同步摘要
- 渲染时间: `2026-03-18T03:59:19+00:00`
- 渲染时间: `2026-03-18T04:06:29+00:00`
- 系统数量: `62`
- Advisory 数量: `89`
- 重点 Markdown 数量: `89`
- Run Bundle 数量: `67`
- Run Bundle 数量: `89`
- 新增记录: `0`
- 更新记录: `0`
- Triage 数量: `0`

4
08-threat-intel/generated/run-summary.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-18T03:59:19+00:00",
"generated_at": "2026-03-18T04:06:29+00:00",
"system_count": 62,
"advisory_count": 89,
"markdown_count": 89,
@@ -7,7 +7,7 @@
"updated_count": 0,
"systems_touched": [],
"triage_count": 0,
"run_bundle_count": 67,
"run_bundle_count": 89,
"failures": [
"wordpress::NVD WordPress::SSLError",
"wordpress::WPScan Vulnerability Database::SSLError",