更新: 219 个文件 - 2026-03-16 23:45:01
这个提交包含在:
hao
@@ -49,19 +49,19 @@
|
||||
],
|
||||
"status": "generated",
|
||||
"triage_reasons": [],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"last_verified_at": null,
|
||||
"last_run_id": null,
|
||||
"evidence_bundle": null,
|
||||
"verification_status": "blocked-artifact",
|
||||
"verification_mode": "real",
|
||||
"last_verified_at": "2026-03-17T06:33:30+00:00",
|
||||
"last_run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
|
||||
"evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330",
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
},
|
||||
"repro_profile_id": "file-upload-generic",
|
||||
"artifact_mode": "synthetic",
|
||||
"blocked_reason": null,
|
||||
"artifact_mode": "official-image",
|
||||
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
|
||||
"metadata": {
|
||||
"source_names": [
|
||||
"OSV Gitea"
|
||||
|
||||
@@ -61,18 +61,18 @@
|
||||
"status": "generated",
|
||||
"triage_reasons": [],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"last_verified_at": null,
|
||||
"last_run_id": null,
|
||||
"evidence_bundle": null,
|
||||
"verification_mode": "real",
|
||||
"last_verified_at": "2026-03-17T06:30:47+00:00",
|
||||
"last_run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
|
||||
"evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047",
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
},
|
||||
"repro_profile_id": "authz-bypass-generic",
|
||||
"artifact_mode": "synthetic",
|
||||
"blocked_reason": null,
|
||||
"artifact_mode": "official-source",
|
||||
"blocked_reason": "dry-run only",
|
||||
"metadata": {
|
||||
"source_names": [
|
||||
"OSV Next.js"
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
|
||||
"system_id": "gitea",
|
||||
"advisory_id": "gitea--CVE-2025-68939",
|
||||
"repro_profile_id": "file-upload-generic",
|
||||
"verification_status": "blocked-artifact",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "official-image",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [],
|
||||
"attack_steps": [],
|
||||
"browser_refs": [],
|
||||
"container_log_refs": [],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json"
|
||||
],
|
||||
"timeline": [],
|
||||
"started_at": "2026-03-17T06:33:30+00:00",
|
||||
"finished_at": "2026-03-17T06:33:30+00:00",
|
||||
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,40 @@
|
||||
{
|
||||
"run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
|
||||
"system_id": "nextjs",
|
||||
"advisory_id": "nextjs--CVE-2025-29927",
|
||||
"repro_profile_id": "authz-bypass-generic",
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "real",
|
||||
"artifact_mode": "official-source",
|
||||
"target_env": "local-docker",
|
||||
"compose_services": [
|
||||
"app"
|
||||
],
|
||||
"baseline_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
|
||||
],
|
||||
"attack_steps": [
|
||||
{
|
||||
"kind": "note",
|
||||
"tool": null,
|
||||
"args": [],
|
||||
"status": "planned"
|
||||
}
|
||||
],
|
||||
"browser_refs": [],
|
||||
"container_log_refs": [],
|
||||
"request_log_refs": [
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
|
||||
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
|
||||
],
|
||||
"timeline": [],
|
||||
"started_at": "2026-03-17T06:30:47+00:00",
|
||||
"finished_at": "2026-03-17T06:30:47+00:00",
|
||||
"blocked_reason": "dry-run only",
|
||||
"report_refs": {
|
||||
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047",
|
||||
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
|
||||
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
|
||||
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd"
|
||||
}
|
||||
}
|
||||
@@ -15,8 +15,8 @@
|
||||
],
|
||||
"verified_real": 0,
|
||||
"verified_synthetic": 0,
|
||||
"blocked_count": 0,
|
||||
"manual_count": 37,
|
||||
"blocked_count": 1,
|
||||
"manual_count": 36,
|
||||
"items": [
|
||||
"gitea--CVE-2026-0798",
|
||||
"gitea--CVE-2026-20736",
|
||||
|
||||
在新工单中引用
屏蔽一个用户