更新: 359 个文件 - 2026-03-16 23:30:01

2026-03-16 23:30:01 -07:00
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:17:01.410592Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -37,6 +41,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8r

 # Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2024-23331`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:05:31.919291Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -41,6 +45,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-28

 # Vite's `server.fs.deny` is bypassed when using `?import&raw`

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2024-45811`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:04:22.977459Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -43,6 +47,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g4

 # Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2024-45812`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:37:03.076966Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -38,6 +42,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rc

 # Websites were able to send any requests to the development server and read the response in vite

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-24010`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:13:24.371631Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m8

 # Vite bypasses server.fs.deny when using ?raw??

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-30208`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:37:24.129476Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw

 # Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-31125`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:51:38.412061Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -40,6 +44,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq

 # Vite allows server.fs.deny to be bypassed with .svg or relative paths

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-31486`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:11:44.900383Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63

 # Vite has an `server.fs.deny` bypass with an invalid `request-target`

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-32395`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:27:17.681639Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-859w-59

 # Vite's server.fs.deny bypassed with /. for files under project root

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-46565`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:33:22.508417Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -37,6 +41,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2

 # Vite middleware may serve files starting with the same name with the public directory

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-58751`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:35:16.287471Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -38,6 +42,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq

 # Vite's `server.fs` settings were not applied to HTML files

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-58752`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:13:38.886554Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -40,6 +44,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-66

 # vite allows server.fs.deny bypass via backslash on Windows

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-62522`