更新: 359 个文件 - 2026-03-16 23:30:01

2026-03-16 23:30:01 -07:00
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:02:08.652391Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-

 # undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2022-31151`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:15:23.541247Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-

 # ProxyAgent vulnerable to MITM

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2022-32210`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:35:56.289390Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-

 # Undici's cookie header not cleared on cross-origin redirect in fetch

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2023-45143`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md
@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:28Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-

 # Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2024-30260`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md
@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:42Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-

 # Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2024-30261`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:29:26.373390Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-

 # Use of Insufficiently Random Values in undici

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2025-22150`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-06T22:08:08.311705Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-

 # undici Denial of Service attack via bad certificate data

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2025-47279`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:19:54.772219Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-

 # Undici has an HTTP Request/Response Smuggling issue

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1525`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.563997Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-

 # Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1526`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.572106Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-

 # Undici has CRLF Injection in undici via `upgrade` option

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1527`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:17:45.838435Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-

 # Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1528`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:56:17.456091Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-

 # Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-22036`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:26.149214Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-

 # Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-2229`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.417862Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-

 # Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-2581`