更新: 114 个文件 - 2026-03-19 16:45:07

2026-03-19 16:45:07 -07:00
--- a/07-framework-security/frameworks/angular/INDEX.md
+++ b/07-framework-security/frameworks/angular/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/aspnet-core/INDEX.md
+++ b/07-framework-security/frameworks/aspnet-core/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/astro/INDEX.md
+++ b/07-framework-security/frameworks/astro/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `14`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/django/INDEX.md
+++ b/07-framework-security/frameworks/django/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `82`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/echo/INDEX.md
+++ b/07-framework-security/frameworks/echo/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/esbuild/INDEX.md
+++ b/07-framework-security/frameworks/esbuild/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/express/INDEX.md
+++ b/07-framework-security/frameworks/express/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/fastify/INDEX.md
+++ b/07-framework-security/frameworks/fastify/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/flask/INDEX.md
+++ b/07-framework-security/frameworks/flask/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/gin/INDEX.md
+++ b/07-framework-security/frameworks/gin/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/hapi/INDEX.md
+++ b/07-framework-security/frameworks/hapi/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/koa/INDEX.md
+++ b/07-framework-security/frameworks/koa/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/laravel/INDEX.md
+++ b/07-framework-security/frameworks/laravel/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/nestjs/INDEX.md
+++ b/07-framework-security/frameworks/nestjs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/nextjs/INDEX.md
+++ b/07-framework-security/frameworks/nextjs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

@@ -32,11 +32,11 @@

 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| Next.js: HTTP request smuggling in rewrites | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-18T22:02:16.858114Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md) |
-| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:33.597080Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
-| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:34.160932Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
-| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:43.484729Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
-| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:26.028580Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
+| Next.js: HTTP request smuggling in rewrites | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T17:59:01.302251Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md) |
+| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:47:09.413134Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
+| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:48:06.587119Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
+| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:31:23.523529Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
+| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-19T18:32:38.608475Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
 | Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
 | Next.js has Unbounded Memory Consumption via PPR Resume Endpoint  | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
 | Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md
@@ -4,7 +4,7 @@ system_id: "nextjs"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-17T15:29:48Z"
-updated_date: "2026-03-17T15:46:26.028580Z"
+updated_date: "2026-03-19T18:32:38.608475Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
@@ -56,6 +56,7 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-jcc7

 ## 其他来源

+- https://nvd.nist.gov/vuln/detail/CVE-2026-27977
 - https://github.com/vercel/next.js/commit/862f9b9bb41d235e0d8cf44aa811e7fd118cee2a
 - https://github.com/vercel/next.js
 - https://github.com/vercel/next.js/releases/tag/v16.1.7
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md
@@ -4,7 +4,7 @@ system_id: "nextjs"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-17T15:30:14Z"
-updated_date: "2026-03-17T15:46:43.484729Z"
+updated_date: "2026-03-19T18:31:23.523529Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
@@ -56,6 +56,7 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-mq59

 ## 其他来源

+- https://nvd.nist.gov/vuln/detail/CVE-2026-27978
 - https://github.com/vercel/next.js/commit/a27a11d78e748a8c7ccfd14b7759ad2b9bf097d8
 - https://github.com/vercel/next.js
 - https://github.com/vercel/next.js/releases/tag/v16.1.7
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md
@@ -4,7 +4,7 @@ system_id: "nextjs"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-17T16:16:49Z"
-updated_date: "2026-03-17T16:31:34.160932Z"
+updated_date: "2026-03-19T18:48:06.587119Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
@@ -56,6 +56,7 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-h27x

 ## 其他来源

+- https://nvd.nist.gov/vuln/detail/CVE-2026-27979
 - https://github.com/vercel/next.js/commit/c885d4825f800dd1e49ead37274dcd08cdd6f3f1
 - https://github.com/vercel/next.js
 - https://github.com/vercel/next.js/releases/tag/v16.1.7
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md
@@ -4,7 +4,7 @@ system_id: "nextjs"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-17T16:17:06Z"
-updated_date: "2026-03-17T16:31:33.597080Z"
+updated_date: "2026-03-19T18:47:09.413134Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
@@ -23,9 +23,11 @@ aliases:
  - "CVE-2026-27980"
  - "GHSA-3x4c-7xq6-9pq8"
 affected_versions:
-  - "introduced=10.0.0, fixed<16.1.7"
+  - "introduced=16.0.0-beta.0, fixed<16.1.7"
+  - "introduced=10.0.0, fixed<15.5.14"
 fixed_versions:
  - "16.1.7"
+  - "15.5.14"
 secure_code_topics:
  - "authz-server-side-recheck"
  - "proxy-trust-boundary"
@@ -51,11 +53,12 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c
 - 严重度: `medium`
 - 来源置信度: `official`
 - 官方主源: https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8
- 影响版本: `introduced=10.0.0, fixed<16.1.7`
- 修复版本: `16.1.7`
+- 影响版本: `introduced=16.0.0-beta.0, fixed<16.1.7, introduced=10.0.0, fixed<15.5.14`
+- 修复版本: `16.1.7, 15.5.14`

 ## 其他来源

+- https://nvd.nist.gov/vuln/detail/CVE-2026-27980
 - https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd
 - https://github.com/vercel/next.js
 - https://github.com/vercel/next.js/releases/tag/v16.1.7
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md
@@ -4,7 +4,7 @@ system_id: "nextjs"
 category: "frameworks"
 advisory_mode: "core"
 published_date: "2026-03-17T16:17:15Z"
-updated_date: "2026-03-18T22:02:16.858114Z"
+updated_date: "2026-03-19T17:59:01.302251Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
--- a/07-framework-security/frameworks/nodejs/INDEX.md
+++ b/07-framework-security/frameworks/nodejs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `8`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/nuxt/INDEX.md
+++ b/07-framework-security/frameworks/nuxt/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `28`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/rails/INDEX.md
+++ b/07-framework-security/frameworks/rails/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `42`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/react/INDEX.md
+++ b/07-framework-security/frameworks/react/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `21`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/spring-boot/INDEX.md
+++ b/07-framework-security/frameworks/spring-boot/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/spring-framework/INDEX.md
+++ b/07-framework-security/frameworks/spring-framework/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `11`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/spring-security/INDEX.md
+++ b/07-framework-security/frameworks/spring-security/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/sveltekit/INDEX.md
+++ b/07-framework-security/frameworks/sveltekit/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `3`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/symfony/INDEX.md
+++ b/07-framework-security/frameworks/symfony/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/undici/INDEX.md
+++ b/07-framework-security/frameworks/undici/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `9`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/vite/INDEX.md
+++ b/07-framework-security/frameworks/vite/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `30`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/vue/INDEX.md
+++ b/07-framework-security/frameworks/vue/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `15`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/webpack/INDEX.md
+++ b/07-framework-security/frameworks/webpack/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束

--- a/07-framework-security/frameworks/werkzeug/INDEX.md
+++ b/07-framework-security/frameworks/werkzeug/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `1`
- 最近渲染时间: `2026-03-19T09:30:57+00:00`
+- 最近渲染时间: `2026-03-19T23:44:56+00:00`

 ## 目标约束