更新: 359 个文件 - 2026-03-16 23:30:01

2026-03-16 23:30:01 -07:00
--- a/07-framework-security/frameworks/undici/INDEX.md
+++ b/07-framework-security/frameworks/undici/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `14`
 - 近 30 天新增/更新: `7`
 - 重点 Markdown 案例数: `14`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `14`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,19 +29,19 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
-| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
-| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
-| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
-| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
-| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
-| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
-| undici Denial of Service attack via bad certificate data | `low` | `generated` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
-| Use of Insufficiently Random Values in undici | `low` | `generated` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
-| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
-| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
-| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
-| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
-| ProxyAgent vulnerable to MITM | `low` | `generated` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
+| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
+| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
+| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
+| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
+| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
+| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
+| undici Denial of Service attack via bad certificate data | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
+| Use of Insufficiently Random Values in undici | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
+| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
+| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
+| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
+| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
+| ProxyAgent vulnerable to MITM | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |