更新: 359 个文件 - 2026-03-16 23:30:01

2026-03-16 23:30:01 -07:00
--- a/07-framework-security/frameworks/undici/INDEX.md
+++ b/07-framework-security/frameworks/undici/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `14`
 - 近 30 天新增/更新: `7`
 - 重点 Markdown 案例数: `14`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `14`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,19 +29,19 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
-| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
-| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
-| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
-| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
-| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
-| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
-| undici Denial of Service attack via bad certificate data | `low` | `generated` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
-| Use of Insufficiently Random Values in undici | `low` | `generated` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
-| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
-| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
-| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
-| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
-| ProxyAgent vulnerable to MITM | `low` | `generated` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
+| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
+| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
+| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
+| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
+| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
+| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
+| undici Denial of Service attack via bad certificate data | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
+| Use of Insufficiently Random Values in undici | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
+| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
+| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
+| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
+| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
+| ProxyAgent vulnerable to MITM | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:02:08.652391Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-

 # undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2022-31151`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:15:23.541247Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-

 # ProxyAgent vulnerable to MITM

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2022-32210`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:35:56.289390Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-

 # Undici's cookie header not cleared on cross-origin redirect in fetch

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2023-45143`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md
@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:28Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-

 # Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2024-30260`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md
@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:42Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-

 # Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2024-30261`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:29:26.373390Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-

 # Use of Insufficiently Random Values in undici

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2025-22150`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-06T22:08:08.311705Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-

 # undici Denial of Service attack via bad certificate data

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2025-47279`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:19:54.772219Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-

 # Undici has an HTTP Request/Response Smuggling issue

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1525`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.563997Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-

 # Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1526`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.572106Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-

 # Undici has CRLF Injection in undici via `upgrade` option

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1527`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:17:45.838435Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-

 # Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1528`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:56:17.456091Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-

 # Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-22036`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:26.149214Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-

 # Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-2229`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.417862Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-

 # Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-2581`