hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 489 个文件 - 2026-03-26 16:06:46

浏览代码
这个提交包含在:
hao
2026-03-26 16:06:46 -07:00
父节点 1e447fe97f
当前提交 1f7a3d6c60
修改 489 个文件,包含 36042 行新增4391 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

187
08-threat-intel/registry/advisories/fastify--CVE-2026-3635.json 普通文件
查看文件

@@ -0,0 +1,187 @@
{
"canonical_id": "fastify--CVE-2026-3635",
"system_id": "fastify",
"display_name": "Fastify",
"category": "frameworks",
"advisory_mode": "core",
"title": "fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections",
"summary": "## Summary\n\nWhen `trustProxy` is configured with a restrictive trust function (e.g., a specific IP like `trustProxy: '10.0.0.1'`, a subnet, a hop count, or a custom function), the `request.protocol` and `request.host` getters read `X-Forwarded-Proto` and `X-Forwarded-Host` headers from any connection \u2014 including connections from untrusted IPs. This allows an attacker connecting directly to Fastify (bypassing the proxy) to spoof both the protocol and host seen by the application.\n\n## Affected Versions\n\nfastify <= 5.8.2\n\n## Impact\n\nApplications using `request.protocol` or `request.host` for security decisions (HTTPS enforcement, secure cookie flags, CSRF origin checks, URL construction, host-based routing) are affected when `trustProxy` is configured with a restrictive trust function.\n\nWhen `trustProxy: true` (trust everything), both `host` and `protocol` trust all forwarded headers \u2014 this is expected behavior. The vulnerability only manifests with restrictive trust configurations.",
"published_at": "2026-03-25T19:32:28Z",
"updated_at": "2026-03-25T19:48:38.788319Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-3635",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/fastify/fastify",
"https://github.com/fastify/fastify/releases/tag/v5.8.3",
"https://www.cve.org/CVERecord?id=CVE-2026-3635"
],
"aliases": [
"CVE-2026-3635",
"GHSA-444r-cwp2-x5xf"
],
"cve_ids": [
"CVE-2026-3635"
],
"ghsa_ids": [
"GHSA-444r-cwp2-x5xf"
],
"osv_ids": [
"GHSA-444r-cwp2-x5xf"
],
"affected_versions": [
"introduced=0, fixed<5.8.3"
],
"fixed_versions": [
"5.8.3"
],
"package_name": "fastify",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3635.md",
"secure_code_topics": [
"proxy-trust-boundary",
"ssrf-url-validation",
"xss-output-encoding",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "fastify",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "fastify",
"official": true
},
{
"entity_id": "fastify--project--fastify",
"entity_type": "project",
"relation": "affected-component",
"root_system_id": "fastify",
"official": false
}
],
"affected_components": [
{
"name": "fastify",
"entity_id": "fastify--project--fastify",
"scope": "package",
"package_name": "fastify",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<5.8.3"
],
"fixed_version_ranges": [
"5.8.3"
],
"introduced_version": "introduced=0, fixed<5.8.3",
"patched_version": "5.8.3",
"version_evidence_sources": [
"https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf",
"https://nvd.nist.gov/vuln/detail/CVE-2026-3635",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/fastify/fastify",
"https://github.com/fastify/fastify/releases/tag/v5.8.3",
"https://www.cve.org/CVERecord?id=CVE-2026-3635"
],
"affected_version_refs": [
"fastify--project--fastify--introduced-0-fixed-5-8-3"
],
"fixed_version_refs": [
"fastify--project--fastify--5-8-3"
],
"patched_version_refs": [
"fastify--project--fastify--5-8-3"
],
"version_sync_confidence": "high",
"advisory_scope": "package",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "fastify--CVE-2026-3635--workflow",
"vuln_family": "proxy-boundary",
"entry_surface": "proxy-header-or-trust-boundary",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<5.8.3",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `package`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "reverse-proxy-or-edge-client",
"affected_version_assertion": [
"introduced=0, fixed<5.8.3"
],
"trigger_vector": "\u5bf9 `proxy-boundary` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/middleware",
"/x-forwarded-* trust path"
],
"input_shape": "\u63d0\u4ea4\u53d7\u63a7\u4ee3\u7406\u5934\u6216\u6765\u6e90\u5934\uff0c\u9a8c\u8bc1\u4fe1\u4efb\u8fb9\u754c\u548c\u56de\u6e90\u9274\u6743\u3002",
"expected_unsafe_behavior": "\u4ec5\u51ed\u4ee3\u7406\u5934\u5373\u53ef\u8d8a\u8fc7\u9274\u6743\u6216\u6765\u6e90\u63a7\u5236\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6",
"\u4e0a\u6e38\u4ee3\u7406\u4e0e\u5e94\u7528\u5c42\u5bf9 Content-Length / Transfer-Encoding / forwarded headers \u7684\u89e3\u91ca\u5dee\u5f02"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<5.8.3` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `5.8.3`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `proxy-boundary` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Fastify"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1,
"entity_ref_count": 2,
"advisory_scope": "package",
"version_confidence": "high",
"workflow_id": "fastify--CVE-2026-3635--workflow"
}
}

149
08-threat-intel/registry/advisories/gitlab-ce--c9ed3b92bd.json 普通文件
查看文件

文件差异因一行或多行过长而隐藏

4
08-threat-intel/registry/advisories/nextjs--CVE-2026-27977.json
查看文件

@@ -5,9 +5,9 @@
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
"summary": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
"summary": "## Summary\nIn `next dev`, cross-site protections for internal development endpoints could treat `Origin: null` as a bypass case even when [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured. This could allow privacy-sensitive or opaque browser contexts, such as sandboxed documents, to access privileged internal dev-server functionality unexpectedly.\n\n## Impact\nIf a developer visits attacker-controlled content while running an affected `next dev` server with [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) configured, attacker-controlled browser code may be able to connect to internal development endpoints and interact with sensitive dev-server functionality that should have remained blocked.\n\nThis issue affects development mode only. It does not affect `next start`, and it does not expose internal debugging functionality to the network by default.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins on internal development endpoints.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- If you use [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins), reject requests and websocket upgrades with `Origin: null` for internal dev endpoints at your proxy.",
"published_at": "2026-03-17T15:29:48Z",
"updated_at": "2026-03-19T18:32:38.608475Z",
"updated_at": "2026-03-25T19:49:01.129152Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",

306
08-threat-intel/registry/advisories/prestashop--CVE-2026-33673.json 普通文件
查看文件

@@ -0,0 +1,306 @@
{
"canonical_id": "prestashop--CVE-2026-33673",
"system_id": "prestashop",
"display_name": "PrestaShop",
"category": "ecommerce",
"advisory_mode": "core",
"title": "PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables",
"summary": "### Impact\nMultiple stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates.\n\n### Patches\nPatched on 8.2.5 and 9.1.0\n\n### Workarounds\nNone\n\n### References\nNone",
"published_at": "2026-03-25T19:41:50Z",
"updated_at": "2026-03-25T19:48:31.156136Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
"secondary_source_urls": [
"https://github.com/PrestaShop/PrestaShop",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
],
"aliases": [
"CVE-2026-33673",
"GHSA-35pf-37c6-jxjv"
],
"cve_ids": [
"CVE-2026-33673"
],
"ghsa_ids": [
"GHSA-35pf-37c6-jxjv"
],
"osv_ids": [
"GHSA-35pf-37c6-jxjv"
],
"affected_versions": [
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"introduced=9.0.0-alpha.1, fixed<9.1.0",
"introduced=0, fixed<8.2.5"
],
"fixed_versions": [
"9.1.0",
"8.2.5"
],
"package_name": "prestashop/prestashop",
"render_markdown": true,
"case_path": "07-framework-security/ecommerce/prestashop/cases/prestashop-cve-2026-33673.md",
"secure_code_topics": [
"plugin-extension-trust-policy",
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "prestashop",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "prestashop",
"official": true
},
{
"entity_id": "prestashop--package--prestashop-prestashop",
"entity_type": "package",
"relation": "affected-component",
"root_system_id": "prestashop",
"official": false
}
],
"affected_components": [
{
"name": "prestashop / prestashop",
"entity_id": "prestashop--package--prestashop-prestashop",
"scope": "package",
"package_name": "prestashop/prestashop",
"official": false
}
],
"affected_version_ranges": [
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"introduced=9.0.0-alpha.1, fixed<9.1.0",
"introduced=0, fixed<8.2.5"
],
"fixed_version_ranges": [
"9.1.0",
"8.2.5"
],
"introduced_version": "introduced=0, fixed<8.2.5",
"patched_version": "9.1.0",
"version_evidence_sources": [
"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
"https://github.com/PrestaShop/PrestaShop",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
],
"affected_version_refs": [
"prestashop--package--prestashop-prestashop--9-0-0",
"prestashop--package--prestashop-prestashop--9-0-0-alpha-1",
"prestashop--package--prestashop-prestashop--9-0-0-beta-1",
"prestashop--package--prestashop-prestashop--9-0-0-rc-1",
"prestashop--package--prestashop-prestashop--9-0-1",
"prestashop--package--prestashop-prestashop--9-0-2",
"prestashop--package--prestashop-prestashop--9-0-3",
"prestashop--package--prestashop-prestashop--9-1-0-beta-1",
"prestashop--package--prestashop-prestashop--9-1-0-rc-1",
"prestashop--package--prestashop-prestashop--1-7-0-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-1-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-2-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-3-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-4-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-0-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-1-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-2-0",
"prestashop--package--prestashop-prestashop--1-7-0-1",
"prestashop--package--prestashop-prestashop--1-7-0-2",
"prestashop--package--prestashop-prestashop--1-7-0-3",
"prestashop--package--prestashop-prestashop--1-7-0-4",
"prestashop--package--prestashop-prestashop--1-7-0-5",
"prestashop--package--prestashop-prestashop--1-7-0-6",
"prestashop--package--prestashop-prestashop--1-7-1-0",
"prestashop--package--prestashop-prestashop--1-7-1-1",
"prestashop--package--prestashop-prestashop--1-7-1-2",
"prestashop--package--prestashop-prestashop--1-7-2-0",
"prestashop--package--prestashop-prestashop--1-7-2-0-rc-1-0",
"prestashop--package--prestashop-prestashop--1-7-2-1",
"prestashop--package--prestashop-prestashop--introduced-9-0-0-alpha-1-fixed-9-1-0",
"prestashop--package--prestashop-prestashop--introduced-0-fixed-8-2-5"
],
"fixed_version_refs": [
"prestashop--package--prestashop-prestashop--9-1-0",
"prestashop--package--prestashop-prestashop--8-2-5"
],
"patched_version_refs": [
"prestashop--package--prestashop-prestashop--9-1-0"
],
"version_sync_confidence": "high",
"advisory_scope": "package",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "prestashop--CVE-2026-33673--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: 9.0.0, 9.0.0-alpha.1, 9.0.0-beta.1",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `package`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"introduced=9.0.0-alpha.1, fixed<9.1.0",
"introduced=0, fixed<8.2.5"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `9.0.0, 9.0.0-alpha.1, 9.0.0-beta.1` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `9.1.0`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV PrestaShop"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1,
"entity_ref_count": 2,
"advisory_scope": "package",
"version_confidence": "high",
"workflow_id": "prestashop--CVE-2026-33673--workflow"
}
}

303
08-threat-intel/registry/advisories/prestashop--CVE-2026-33674.json 普通文件
查看文件

@@ -0,0 +1,303 @@
{
"canonical_id": "prestashop--CVE-2026-33674",
"system_id": "prestashop",
"display_name": "PrestaShop",
"category": "ecommerce",
"advisory_mode": "core",
"title": "PrestaShop: Improper Use of Validation Framework",
"summary": "### Impact\nFix improper use of validation framework\n\n### Patches\nPatched in 8.2.5 and 9.1.0\n\n### Workarounds\nNone\n\n### References\nnone",
"published_at": "2026-03-25T19:40:42Z",
"updated_at": "2026-03-25T19:49:27.843572Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v",
"secondary_source_urls": [
"https://github.com/PrestaShop/PrestaShop",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
],
"aliases": [
"CVE-2026-33674",
"GHSA-283w-xf3q-788v"
],
"cve_ids": [
"CVE-2026-33674"
],
"ghsa_ids": [
"GHSA-283w-xf3q-788v"
],
"osv_ids": [
"GHSA-283w-xf3q-788v"
],
"affected_versions": [
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"introduced=0, fixed<8.2.5",
"introduced=9.0.0-alpha.1, fixed<9.1.0"
],
"fixed_versions": [
"8.2.5",
"9.1.0"
],
"package_name": "prestashop/prestashop",
"render_markdown": true,
"case_path": "07-framework-security/ecommerce/prestashop/cases/prestashop-cve-2026-33674.md",
"secure_code_topics": [
"plugin-extension-trust-policy",
"authz-server-side-recheck",
"file-upload-validation"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "prestashop",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "prestashop",
"official": true
},
{
"entity_id": "prestashop--package--prestashop-prestashop",
"entity_type": "package",
"relation": "affected-component",
"root_system_id": "prestashop",
"official": false
}
],
"affected_components": [
{
"name": "prestashop / prestashop",
"entity_id": "prestashop--package--prestashop-prestashop",
"scope": "package",
"package_name": "prestashop/prestashop",
"official": false
}
],
"affected_version_ranges": [
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"introduced=0, fixed<8.2.5",
"introduced=9.0.0-alpha.1, fixed<9.1.0"
],
"fixed_version_ranges": [
"8.2.5",
"9.1.0"
],
"introduced_version": "introduced=9.0.0-alpha.1, fixed<9.1.0",
"patched_version": "8.2.5",
"version_evidence_sources": [
"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v",
"https://github.com/PrestaShop/PrestaShop",
"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5",
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
],
"affected_version_refs": [
"prestashop--package--prestashop-prestashop--1-7-0-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-1-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-2-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-3-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-beta-4-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-0-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-1-0",
"prestashop--package--prestashop-prestashop--1-7-0-0-rc-2-0",
"prestashop--package--prestashop-prestashop--1-7-0-1",
"prestashop--package--prestashop-prestashop--1-7-0-2",
"prestashop--package--prestashop-prestashop--1-7-0-3",
"prestashop--package--prestashop-prestashop--1-7-0-4",
"prestashop--package--prestashop-prestashop--1-7-0-5",
"prestashop--package--prestashop-prestashop--1-7-0-6",
"prestashop--package--prestashop-prestashop--1-7-1-0",
"prestashop--package--prestashop-prestashop--1-7-1-1",
"prestashop--package--prestashop-prestashop--1-7-1-2",
"prestashop--package--prestashop-prestashop--1-7-2-0",
"prestashop--package--prestashop-prestashop--1-7-2-0-rc-1-0",
"prestashop--package--prestashop-prestashop--1-7-2-1",
"prestashop--package--prestashop-prestashop--9-0-0",
"prestashop--package--prestashop-prestashop--9-0-0-alpha-1",
"prestashop--package--prestashop-prestashop--9-0-0-beta-1",
"prestashop--package--prestashop-prestashop--9-0-0-rc-1",
"prestashop--package--prestashop-prestashop--9-0-1",
"prestashop--package--prestashop-prestashop--9-0-2",
"prestashop--package--prestashop-prestashop--9-0-3",
"prestashop--package--prestashop-prestashop--9-1-0-beta-1",
"prestashop--package--prestashop-prestashop--9-1-0-rc-1",
"prestashop--package--prestashop-prestashop--introduced-0-fixed-8-2-5",
"prestashop--package--prestashop-prestashop--introduced-9-0-0-alpha-1-fixed-9-1-0"
],
"fixed_version_refs": [
"prestashop--package--prestashop-prestashop--8-2-5",
"prestashop--package--prestashop-prestashop--9-1-0"
],
"patched_version_refs": [
"prestashop--package--prestashop-prestashop--8-2-5"
],
"version_sync_confidence": "high",
"advisory_scope": "package",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "prestashop--CVE-2026-33674--workflow",
"vuln_family": "unknown",
"entry_surface": "package-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: 1.7.0.0, 1.7.0.0-beta.1.0, 1.7.0.0-beta.2.0",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `package`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"1.7.0.0",
"1.7.0.0-beta.1.0",
"1.7.0.0-beta.2.0",
"1.7.0.0-beta.3.0",
"1.7.0.0-beta.4.0",
"1.7.0.0-rc.0.0",
"1.7.0.0-rc.1.0",
"1.7.0.0-rc.2.0",
"1.7.0.1",
"1.7.0.2",
"1.7.0.3",
"1.7.0.4",
"1.7.0.5",
"1.7.0.6",
"1.7.1.0",
"1.7.1.1",
"1.7.1.2",
"1.7.2.0",
"1.7.2.0-rc.1.0",
"1.7.2.1",
"9.0.0",
"9.0.0-alpha.1",
"9.0.0-beta.1",
"9.0.0-rc.1",
"9.0.1",
"9.0.2",
"9.0.3",
"9.1.0-beta.1",
"9.1.0-rc.1",
"introduced=0, fixed<8.2.5",
"introduced=9.0.0-alpha.1, fixed<9.1.0"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/package"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `1.7.0.0, 1.7.0.0-beta.1.0, 1.7.0.0-beta.2.0` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.2.5`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "plugin-extension-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV PrestaShop"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1,
"entity_ref_count": 2,
"advisory_scope": "package",
"version_confidence": "high",
"workflow_id": "prestashop--CVE-2026-33674--workflow"
}
}

2
08-threat-intel/registry/advisories/spring-security--CVE-2026-22732.json
查看文件

@@ -7,7 +7,7 @@
"title": "Spring Security HTTP Headers Are not Written Under Some Conditions",
"summary": "When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.\u00a0\nThis issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.",
"published_at": "2026-03-20T00:31:28Z",
"updated_at": "2026-03-20T20:46:26.164998Z",
"updated_at": "2026-03-25T19:59:15.827722Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",