hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 558 个文件 - 2026-03-17 21:15:02

浏览代码
这个提交包含在:
hao
2026-03-17 21:15:03 -07:00
父节点 080e55a98c
当前提交 16a40646a3
修改 558 个文件,包含 29800 行新增13001 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

552
08-threat-intel/generated/dashboard/architecture.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-18T03:59:28+00:00",
"generated_at": "2026-03-18T04:06:37+00:00",
"title": "\u5f53\u524d\u67b6\u6784\u5e93",
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
"sections": [
@@ -27,7 +27,7 @@
},
{
"label": "\u5f53\u524d\u8fd0\u884c",
"value": "114"
"value": "140"
},
{
"label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
@@ -49,7 +49,7 @@
},
{
"label": "\u751f\u6210\u65f6\u95f4",
"value": "2026-03-18T03:59:28+00:00"
"value": "2026-03-18T04:06:37+00:00"
}
],
"links": [
@@ -5853,7 +5853,7 @@
"stats": [
{
"label": "Run \u6570",
"value": "114"
"value": "140"
},
{
"label": "Advisory \u6570",
@@ -5861,11 +5861,11 @@
},
{
"label": "\u72b6\u6001\u7c7b\u578b",
"value": "2"
"value": "1"
},
{
"label": "\u6700\u8fd1\u5931\u8d25",
"value": "20"
"value": "0"
}
],
"items": [
@@ -5876,7 +5876,7 @@
"items": [
{
"title": "\u771f\u5b9e\u7248\u672c\u5df2\u5b9e\u8bc1",
"summary": "\u5f53\u524d\u7d2f\u8ba1 67 \u6761\u3002",
"summary": "\u5f53\u524d\u7d2f\u8ba1 89 \u6761\u3002",
"open": false,
"fields": [
{
@@ -5885,22 +5885,7 @@
},
{
"label": "\u6570\u91cf",
"value": "67"
}
]
},
{
"title": "\u4eba\u5de5\u5206\u8bca",
"summary": "\u5f53\u524d\u7d2f\u8ba1 22 \u6761\u3002",
"open": false,
"fields": [
{
"label": "\u72b6\u6001\u7f16\u7801",
"value": "triage-manual"
},
{
"label": "\u6570\u91cf",
"value": "22"
"value": "89"
}
]
}
@@ -5912,524 +5897,9 @@
"open": false,
"items": [
{
"title": "Undici has an HTTP Request/Response Smuggling issue",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1525"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1528"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "ProxyAgent vulnerable to MITM",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2022-32210"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-2229"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1527"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-1526"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-2581"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "undici Denial of Service attack via bad certificate data",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2025-47279"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-31125"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite's `server.fs` settings were not applied to HTML files",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-58752"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite middleware may serve files starting with the same name with the public directory",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-58751"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "vite allows server.fs.deny bypass via backslash on Windows",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-62522"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-32395"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2024-45811"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-31486"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite's server.fs.deny bypassed with /. for files under project root",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-46565"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Vite bypasses server.fs.deny when using ?raw??",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "vite--CVE-2025-30208"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2026-22036"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2023-45143"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Use of Insufficiently Random Values in undici",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "undici--CVE-2025-22150"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
"title": "\u6682\u65e0\u5931\u8d25\u6837\u672c",
"summary": "\u5f53\u524d summary.json \u4e2d\u6ca1\u6709 recent_failures\u3002",
"open": false
}
]
}