hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 2423 个文件 - 2026-03-18 14:23:01

浏览代码
这个提交包含在:
hao
2026-03-18 14:23:01 -07:00
父节点 9a5f48cdf7
当前提交 96b5353a91
修改 2423 个文件,包含 239337 行新增2806 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

124
08-threat-intel/generated/coverage-matrix.md
查看文件

@@ -2,65 +2,65 @@
| 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | 本地实证状态 | 浏览器证据 | run bundle | triage | 最近更新 | | 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | 本地实证状态 | 浏览器证据 | run bundle | triage | 最近更新 |
|------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------------|------------|-----------|--------|----------| |------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------------|------------|-----------|--------|----------|
| Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `2` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T00:18:44.953` |
| Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `81` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-10-23T14:51:16.013` |
| Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-17T01:31:35.828211Z` |
| Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `135` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-05-22` |
| Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `136` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-22` |
| ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-11T13:53:20.707` |
| Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T03:01:27.986221Z` |
| Caddy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Caddy | `servers` | `rolling-24m` | `-` | `yes` | `27` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-27T19:55:10Z` |
| Directus | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Directus | `cms` | `rolling-24m` | `-` | `yes` | `29` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Discourse | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `30` | `` | | Discourse | `cms` | `rolling-24m` | `-` | `yes` | `30` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `30` | `Wed, 28 May 2025 05:22:52 +0000` |
| Django | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Django | `frameworks` | `rolling-24m` | `-` | `yes` | `82` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T21:56:20.301637Z` |
| Drupal | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Drupal | `cms` | `history-full` | `yes` | `yes` | `70` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 20 Sep 2023 16:23:05 +0000` |
| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2024-05-20T16:03:47Z` |
| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T02:50:58.022803Z` |
| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `` | | Express | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-17T19:40:55.690` |
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-16T03:05:26.332715Z` |
| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-23T23:43:45.778179Z` |
| Ghost | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Ghost | `cms` | `history-full` | `yes` | `yes` | `23` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-14T10:41:18.820930Z` |
| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `13` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `55` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Hapi | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Hapi | `frameworks` | `history-full` | `yes` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2020-08-31T19:00:56Z` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `6` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 25 Feb 2026 14:00:00 +0000` |
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Joomla | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-03T01:03:51.193` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `41` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-26T23:36:36.294040Z` |
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:15:34.333730Z` |
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `89` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-20T01:37:25.860` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `20` | `20` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `` | | MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `70` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 22 Oct 2025 21:44:43 +0000` |
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` | | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `` | | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `` | | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `25` | `` | | Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-17T16:31:34.160932Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `` | | Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `` | | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `` | | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |
| OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `100` | `` | | OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `100` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `100` | `2025-05-15T19:15:54.980` |
| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `` | | OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `27` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `` |
| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` | | phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `50` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` |
| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `112` | `` | | PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `112` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `112` | `2025-04-12T10:46:40.837` |
| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `32` | `` | | Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `42` | `10` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `32` | `2025-05-01T18:49:06.777708Z` |
| React | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `18` | `` | | React | `frameworks` | `history-full` | `yes` | `yes` | `21` | `3` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `18` | `2023-11-08T04:00:21.209483Z` |
| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` | | Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `50` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` |
| Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `24` | `` | | Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `24` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `24` | `` |
| Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `71` | `` | | Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `71` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `71` | `2025-04-20T01:37:25.860` |
| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `` | | Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-13T21:59:19.426456Z` |
| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `11` | `` | | Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `11` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `11` | `` |
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `3` | `` | | Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `3` | `` |
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` | | Strapi | `cms` | `rolling-24m` | `-` | `yes` | `26` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` |
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `3` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T06:27:26.115188Z` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `9` | `9` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:16:14.858636Z` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `` | | Traefik | `servers` | `rolling-24m` | `-` | `yes` | `43` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `2026-03-18T13:59:10.423590Z` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `` | | Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `16` | `15` | `2` | `seeded` | `real:7/synthetic:0/blocked:0` | `0` | `7` | `1` | `2026-03-14T09:19:54.772219Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` | | Vite | `frameworks` | `history-full` | `yes` | `yes` | `42` | `16` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `26` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `14` | `` | | Vue | `frameworks` | `history-full` | `yes` | `yes` | `15` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `14` | `2024-10-24T19:12:14.925352Z` |
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `` | | webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-02-27T17:21:22.370` |
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-23T23:43:27.690386Z` |
| WooCommerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `111` | `` | | WooCommerce | `ecommerce` | `history-full` | `yes` | `yes` | `111` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `111` | `2025-04-20T01:37:25.860` |
| WordPress | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `140` | `` | | WordPress | `cms` | `history-full` | `yes` | `yes` | `140` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `140` | `2025-04-09T00:30:58.490` |

80199
08-threat-intel/generated/dashboard/advisories.json
查看文件

文件差异因一行或多行过长而隐藏

548
08-threat-intel/generated/dashboard/architecture.json
查看文件

@@ -1,5 +1,5 @@
{ {
"generated_at": "2026-03-18T21:18:14+00:00", "generated_at": "2026-03-18T21:21:45+00:00",
"title": "\u5f53\u524d\u67b6\u6784\u5e93", "title": "\u5f53\u524d\u67b6\u6784\u5e93",
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002", "summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
"sections": [ "sections": [
@@ -31,7 +31,7 @@
}, },
{ {
"label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee", "label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
"value": "89" "value": "2392"
} }
], ],
"fields": [ "fields": [
@@ -49,7 +49,7 @@
}, },
{ {
"label": "\u751f\u6210\u65f6\u95f4", "label": "\u751f\u6210\u65f6\u95f4",
"value": "2026-03-18T21:18:14+00:00" "value": "2026-03-18T21:21:45+00:00"
} }
], ],
"links": [ "links": [
@@ -5887,15 +5887,15 @@
}, },
{ {
"label": "Advisory \u6570", "label": "Advisory \u6570",
"value": "89" "value": "2392"
}, },
{ {
"label": "\u72b6\u6001\u7c7b\u578b", "label": "\u72b6\u6001\u7c7b\u578b",
"value": "1" "value": "2"
}, },
{ {
"label": "\u6700\u8fd1\u5931\u8d25", "label": "\u6700\u8fd1\u5931\u8d25",
"value": "0" "value": "20"
} }
], ],
"items": [ "items": [
@@ -5904,6 +5904,21 @@
"summary": "verification_status \u5f53\u524d\u8ba1\u6570\u3002", "summary": "verification_status \u5f53\u524d\u8ba1\u6570\u3002",
"open": false, "open": false,
"items": [ "items": [
{
"title": "\u4eba\u5de5\u5206\u8bca",
"summary": "\u5f53\u524d\u7d2f\u8ba1 2303 \u6761\u3002",
"open": false,
"fields": [
{
"label": "\u72b6\u6001\u7f16\u7801",
"value": "triage-manual"
},
{
"label": "\u6570\u91cf",
"value": "2303"
}
]
},
{ {
"title": "\u771f\u5b9e\u7248\u672c\u5df2\u5b9e\u8bc1", "title": "\u771f\u5b9e\u7248\u672c\u5df2\u5b9e\u8bc1",
"summary": "\u5f53\u524d\u7d2f\u8ba1 89 \u6761\u3002", "summary": "\u5f53\u524d\u7d2f\u8ba1 89 \u6761\u3002",
@@ -5927,9 +5942,524 @@
"open": false, "open": false,
"items": [ "items": [
{ {
"title": "\u6682\u65e0\u5931\u8d25\u6837\u672c", "title": "3.5.0.beta5: Improved admin search, AI forum research, easier site appearance configuration, and simpler plugin development",
"summary": "\u5f53\u524d summary.json \u4e2d\u6ca1\u6709 recent_failures\u3002", "summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false "open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "discourse--68e2bb93e1"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "3.4.4: Bug fix and UX release",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "discourse--615bee56ae"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "January 2026 Releases",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "discourse--321c09b9ad"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Release v2025.11.0: AI translations improvements, chat search, new review queue, and improvements for posts with images",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "discourse--5d3cafdece"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "3.4.2: Security and bug fix release",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "discourse--4222d879a1"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "3.5.0.beta2: Review Queue, Welcome Banner, Admin Interface, and more",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "discourse--703d073816"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "3.4.6: Security fix release",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "discourse--734b2c6337"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "3.5.0.beta7: Smart link editing, better invite tracking, unique icons, and fixing name management",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "discourse--0a6de28d35"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Omnissa Horizon alternative: how HAProxy solves UDP load balancing",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "haproxy--f1c3251635"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "[MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1)",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "mediawiki--9531fc3afb"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Drupal core - Critical - Cache poisoning - SA-CORE-2023-006",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "drupal--e8587ffc80"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "drupal--6da7fc8e2e"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "drupal--dffda84bb1"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Drupal core - Less critical - Gadget chain - SA-CORE-2024-006",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "drupal--1ab9013d16"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "drupal--b57027329e"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "drupal--4a0d8893d5"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "drupal--170612fa5f"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "drupal--a141e2f71d"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "drupal--23ec7fa241"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
},
{
"title": "Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002",
"summary": "\u65e0\u989d\u5916\u963b\u585e\u8bf4\u660e\u3002",
"open": false,
"badges": [
"\u4eba\u5de5\u5206\u8bca"
],
"fields": [
{
"label": "\u8fd0\u884c ID",
"value": "-"
},
{
"label": "\u6f0f\u6d1e\u6761\u76ee",
"value": "drupal--65bf5646d9"
},
{
"label": "\u72b6\u6001",
"value": "\u4eba\u5de5\u5206\u8bca"
},
{
"label": "\u963b\u585e\u539f\u56e0",
"value": "-"
}
]
} }
] ]
} }

1577
08-threat-intel/generated/dashboard/data/completeness.json
查看文件

文件差异内容过多而无法显示 加载差异

548
08-threat-intel/generated/dashboard/docs/architecture-library.html
查看文件

@@ -87,7 +87,7 @@
<h1>当前架构库镜像</h1> <h1>当前架构库镜像</h1>
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div> <div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
<pre>{ <pre>{
&quot;generated_at&quot;: &quot;2026-03-18T21:18:14+00:00&quot;, &quot;generated_at&quot;: &quot;2026-03-18T21:21:45+00:00&quot;,
&quot;title&quot;: &quot;当前架构库&quot;, &quot;title&quot;: &quot;当前架构库&quot;,
&quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;, &quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
&quot;sections&quot;: [ &quot;sections&quot;: [
@@ -119,7 +119,7 @@
}, },
{ {
&quot;label&quot;: &quot;当前漏洞条目&quot;, &quot;label&quot;: &quot;当前漏洞条目&quot;,
&quot;value&quot;: &quot;89&quot; &quot;value&quot;: &quot;2392&quot;
} }
], ],
&quot;fields&quot;: [ &quot;fields&quot;: [
@@ -137,7 +137,7 @@
}, },
{ {
&quot;label&quot;: &quot;生成时间&quot;, &quot;label&quot;: &quot;生成时间&quot;,
&quot;value&quot;: &quot;2026-03-18T21:18:14+00:00&quot; &quot;value&quot;: &quot;2026-03-18T21:21:45+00:00&quot;
} }
], ],
&quot;links&quot;: [ &quot;links&quot;: [
@@ -5975,15 +5975,15 @@
}, },
{ {
&quot;label&quot;: &quot;Advisory 数&quot;, &quot;label&quot;: &quot;Advisory 数&quot;,
&quot;value&quot;: &quot;89&quot; &quot;value&quot;: &quot;2392&quot;
}, },
{ {
&quot;label&quot;: &quot;状态类型&quot;, &quot;label&quot;: &quot;状态类型&quot;,
&quot;value&quot;: &quot;1&quot; &quot;value&quot;: &quot;2&quot;
}, },
{ {
&quot;label&quot;: &quot;最近失败&quot;, &quot;label&quot;: &quot;最近失败&quot;,
&quot;value&quot;: &quot;0&quot; &quot;value&quot;: &quot;20&quot;
} }
], ],
&quot;items&quot;: [ &quot;items&quot;: [
@@ -5992,6 +5992,21 @@
&quot;summary&quot;: &quot;verification_status 当前计数。&quot;, &quot;summary&quot;: &quot;verification_status 当前计数。&quot;,
&quot;open&quot;: false, &quot;open&quot;: false,
&quot;items&quot;: [ &quot;items&quot;: [
{
&quot;title&quot;: &quot;人工分诊&quot;,
&quot;summary&quot;: &quot;当前累计 2303 条。&quot;,
&quot;open&quot;: false,
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;状态编码&quot;,
&quot;value&quot;: &quot;triage-manual&quot;
},
{
&quot;label&quot;: &quot;数量&quot;,
&quot;value&quot;: &quot;2303&quot;
}
]
},
{ {
&quot;title&quot;: &quot;真实版本已实证&quot;, &quot;title&quot;: &quot;真实版本已实证&quot;,
&quot;summary&quot;: &quot;当前累计 89 条。&quot;, &quot;summary&quot;: &quot;当前累计 89 条。&quot;,
@@ -6015,9 +6030,524 @@
&quot;open&quot;: false, &quot;open&quot;: false,
&quot;items&quot;: [ &quot;items&quot;: [
{ {
&quot;title&quot;: &quot;暂无失败样本&quot;, &quot;title&quot;: &quot;3.5.0.beta5: Improved admin search, AI forum research, easier site appearance configuration, and simpler plugin development&quot;,
&quot;summary&quot;: &quot;当前 summary.json 中没有 recent_failures&quot;, &quot;summary&quot;: &quot;无额外阻塞说明&quot;,
&quot;open&quot;: false &quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;discourse--68e2bb93e1&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;3.4.4: Bug fix and UX release&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;discourse--615bee56ae&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;January 2026 Releases&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;discourse--321c09b9ad&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Release v2025.11.0: AI translations improvements, chat search, new review queue, and improvements for posts with images&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;discourse--5d3cafdece&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;3.4.2: Security and bug fix release&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;discourse--4222d879a1&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;3.5.0.beta2: Review Queue, Welcome Banner, Admin Interface, and more&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;discourse--703d073816&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;3.4.6: Security fix release&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;discourse--734b2c6337&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;3.5.0.beta7: Smart link editing, better invite tracking, unique icons, and fixing name management&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;discourse--0a6de28d35&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Omnissa Horizon alternative: how HAProxy solves UDP load balancing&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;haproxy--f1c3251635&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;[MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1)&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;mediawiki--9531fc3afb&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Drupal core - Critical - Cache poisoning - SA-CORE-2023-006&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;drupal--e8587ffc80&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;drupal--6da7fc8e2e&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;drupal--dffda84bb1&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Drupal core - Less critical - Gadget chain - SA-CORE-2024-006&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;drupal--1ab9013d16&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;drupal--b57027329e&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;drupal--4a0d8893d5&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;drupal--170612fa5f&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;drupal--a141e2f71d&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;drupal--23ec7fa241&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
},
{
&quot;title&quot;: &quot;Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002&quot;,
&quot;summary&quot;: &quot;无额外阻塞说明。&quot;,
&quot;open&quot;: false,
&quot;badges&quot;: [
&quot;人工分诊&quot;
],
&quot;fields&quot;: [
{
&quot;label&quot;: &quot;运行 ID&quot;,
&quot;value&quot;: &quot;-&quot;
},
{
&quot;label&quot;: &quot;漏洞条目&quot;,
&quot;value&quot;: &quot;drupal--65bf5646d9&quot;
},
{
&quot;label&quot;: &quot;状态&quot;,
&quot;value&quot;: &quot;人工分诊&quot;
},
{
&quot;label&quot;: &quot;阻塞原因&quot;,
&quot;value&quot;: &quot;-&quot;
}
]
} }
] ]
} }

124
08-threat-intel/generated/dashboard/docs/coverage-matrix.html
查看文件

@@ -90,68 +90,68 @@
| 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | 本地实证状态 | 浏览器证据 | run bundle | triage | 最近更新 | | 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | 本地实证状态 | 浏览器证据 | run bundle | triage | 最近更新 |
|------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------------|------------|-----------|--------|----------| |------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------------|------------|-----------|--------|----------|
| Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `2` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T00:18:44.953` |
| Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `81` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-10-23T14:51:16.013` |
| Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-17T01:31:35.828211Z` |
| Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `135` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-05-22` |
| Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `136` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-22` |
| ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-11T13:53:20.707` |
| Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T03:01:27.986221Z` |
| Caddy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Caddy | `servers` | `rolling-24m` | `-` | `yes` | `27` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-27T19:55:10Z` |
| Directus | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Directus | `cms` | `rolling-24m` | `-` | `yes` | `29` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Discourse | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `30` | `` | | Discourse | `cms` | `rolling-24m` | `-` | `yes` | `30` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `30` | `Wed, 28 May 2025 05:22:52 +0000` |
| Django | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Django | `frameworks` | `rolling-24m` | `-` | `yes` | `82` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T21:56:20.301637Z` |
| Drupal | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Drupal | `cms` | `history-full` | `yes` | `yes` | `70` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 20 Sep 2023 16:23:05 +0000` |
| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2024-05-20T16:03:47Z` |
| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T02:50:58.022803Z` |
| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `` | | Express | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-17T19:40:55.690` |
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-16T03:05:26.332715Z` |
| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-23T23:43:45.778179Z` |
| Ghost | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Ghost | `cms` | `history-full` | `yes` | `yes` | `23` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-14T10:41:18.820930Z` |
| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `13` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `55` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Hapi | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Hapi | `frameworks` | `history-full` | `yes` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2020-08-31T19:00:56Z` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `6` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 25 Feb 2026 14:00:00 +0000` |
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Joomla | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-03T01:03:51.193` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `41` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-26T23:36:36.294040Z` |
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:15:34.333730Z` |
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `89` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-20T01:37:25.860` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `20` | `20` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `` | | MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `70` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 22 Oct 2025 21:44:43 +0000` |
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` | | Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `` | | Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `` | | NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `2` | `2026-03-02T20:30:10.923` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `25` | `` | | Next.js | `frameworks` | `history-full` | `yes` | `yes` | `66` | `41` | `3` | `seeded` | `real:26/synthetic:0/blocked:0` | `21` | `26` | `25` | `2026-03-17T16:31:34.160932Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `` | | Nginx | `servers` | `history-full` | `yes` | `yes` | `110` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `110` | `2025-08-12T17:24:44.367` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `` | | Node.js | `frameworks` | `history-full` | `yes` | `yes` | `8` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `8` | `2025-01-21` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `` | | Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `28` | `5` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `23` | `2025-09-18T13:04:21Z` |
| OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `100` | `` | | OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `100` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `100` | `2025-05-15T19:15:54.980` |
| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `` | | OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `27` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `` |
| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` | | phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `50` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` |
| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `112` | `` | | PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `112` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `112` | `2025-04-12T10:46:40.837` |
| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `32` | `` | | Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `42` | `10` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `32` | `2025-05-01T18:49:06.777708Z` |
| React | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `18` | `` | | React | `frameworks` | `history-full` | `yes` | `yes` | `21` | `3` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `18` | `2023-11-08T04:00:21.209483Z` |
| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` | | Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `50` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `50` | `` |
| Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `24` | `` | | Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `24` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `24` | `` |
| Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `71` | `` | | Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `71` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `71` | `2025-04-20T01:37:25.860` |
| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `` | | Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-03-13T21:59:19.426456Z` |
| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `11` | `` | | Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `11` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `11` | `` |
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `3` | `` | | Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `3` | `` |
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` | | Strapi | `cms` | `rolling-24m` | `-` | `yes` | `26` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` |
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `3` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T06:27:26.115188Z` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `9` | `9` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:16:14.858636Z` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `` | | Traefik | `servers` | `rolling-24m` | `-` | `yes` | `43` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `2026-03-18T13:59:10.423590Z` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `` | | Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `16` | `15` | `2` | `seeded` | `real:7/synthetic:0/blocked:0` | `0` | `7` | `1` | `2026-03-14T09:19:54.772219Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` | | Vite | `frameworks` | `history-full` | `yes` | `yes` | `42` | `16` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `26` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `14` | `` | | Vue | `frameworks` | `history-full` | `yes` | `yes` | `15` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `14` | `2024-10-24T19:12:14.925352Z` |
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `` | | webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `2026-02-27T17:21:22.370` |
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | | Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-23T23:43:27.690386Z` |
| WooCommerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `111` | `` | | WooCommerce | `ecommerce` | `history-full` | `yes` | `yes` | `111` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `111` | `2025-04-20T01:37:25.860` |
| WordPress | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `140` | `` | | WordPress | `cms` | `history-full` | `yes` | `yes` | `140` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `140` | `2025-04-09T00:30:58.490` |
</pre> </pre>
</div> </div>
</main> </main>

74
08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
查看文件

@@ -88,12 +88,12 @@
<div class="meta">工作台内置镜像页89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div> <div class="meta">工作台内置镜像页89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
<pre># 全库 Advisory 完整度报告 <pre># 全库 Advisory 完整度报告
- 生成时间: `2026-03-18T21:18:14+00:00` - 生成时间: `2026-03-18T21:21:45+00:00`
- 最新 advisory 完整度: `89/89` `verified-real` - 最新 advisory 完整度: `89/2392` `verified-real`
- 合成验证数量: `0` - 合成验证数量: `0`
- 阻塞数量: `0` - 阻塞数量: `0`
- 人工/待补证据数量: `0` - 人工/待补证据数量: `2303`
- 完整度百分比: `100.0%` - 完整度百分比: `3.7%`
- active source 全绿: `125/125` - active source 全绿: `125/125`
- source open alerts: `0` - source open alerts: `0`
- 最近一次 source 全绿: `2026-03-18T21:09:25+00:00` - 最近一次 source 全绿: `2026-03-18T21:09:25+00:00`
@@ -102,10 +102,68 @@
| 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 | | 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
| --- | ---: | ---: | ---: | ---: | ---: | --- | | --- | ---: | ---: | ---: | ---: | ---: | --- |
| gitea | 37 | 37 | 0 | 0 | 0 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/26), ssrf(1/1), xss(5/5) | | adminer | 2 | 0 | 0 | 0 | 2 | xss(0/2) |
| nextjs | 26 | 26 | 0 | 0 | 0 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/19), ssrf(2/2), xss(2/2) | | adobe-commerce | 81 | 0 | 0 | 0 | 81 | xss(0/81) |
| undici | 14 | 14 | 0 | 0 | 0 | ssrf(14/14) | | angular | 2 | 0 | 0 | 0 | 2 | xss(0/2) |
| vite | 12 | 12 | 0 | 0 | 0 | proxy-boundary(11/11), xss(1/1) | | apache-httpd | 135 | 0 | 0 | 0 | 135 | authz-bypass(0/1), file-upload(0/1), proxy-boundary(0/128), ssrf(0/1), xss(0/4) |
| apache-tomcat | 136 | 0 | 0 | 0 | 136 | authz-bypass(0/108), file-upload(0/2), path-traversal(0/3), plugin-extension(0/5), proxy-boundary(0/1), session-token(0/4), xss(0/13) |
| aspnet-core | 3 | 0 | 0 | 0 | 3 | xss(0/3) |
| astro | 14 | 0 | 0 | 0 | 14 | authz-bypass(0/1), file-upload(0/2), path-traversal(0/1), proxy-boundary(0/3), xss(0/7) |
| caddy | 27 | 0 | 0 | 0 | 27 | authz-bypass(0/5), file-upload(0/1), proxy-boundary(0/21) |
| directus | 29 | 0 | 0 | 0 | 29 | authz-bypass(0/3), file-upload(0/1), session-token(0/24), xss(0/1) |
| discourse | 30 | 0 | 0 | 0 | 30 | xss(0/30) |
| django | 82 | 0 | 0 | 0 | 82 | xss(0/82) |
| drupal | 70 | 0 | 0 | 0 | 70 | xss(0/70) |
| echo | 2 | 0 | 0 | 0 | 2 | authz-bypass(0/1), ssrf(0/1) |
| esbuild | 1 | 0 | 0 | 0 | 1 | file-upload(0/1) |
| express | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
| fastify | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
| flask | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
| ghost | 23 | 0 | 0 | 0 | 23 | xss(0/23) |
| gin | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
| gitea | 50 | 37 | 0 | 0 | 13 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/39), ssrf(1/1), xss(5/5) |
| gitlab-ce | 55 | 0 | 0 | 0 | 55 | deserialization(0/55) |
| grafana | 60 | 0 | 0 | 0 | 60 | xss(0/60) |
| hapi | 1 | 0 | 0 | 0 | 1 | proxy-boundary(0/1) |
| haproxy | 6 | 0 | 0 | 0 | 6 | proxy-boundary(0/6) |
| jenkins | 60 | 0 | 0 | 0 | 60 | deserialization(0/60) |
| joomla | 100 | 0 | 0 | 0 | 100 | xss(0/100) |
| kibana | 41 | 0 | 0 | 0 | 41 | xss(0/41) |
| koa | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
| laravel | 2 | 0 | 0 | 0 | 2 | xss(0/2) |
| magento-open-source | 89 | 0 | 0 | 0 | 89 | authz-bypass(0/1), file-upload(0/3), plugin-extension(0/67), sqli(0/1), xss(0/17) |
| mattermost | 20 | 0 | 0 | 0 | 20 | xss(0/20) |
| mediawiki | 70 | 0 | 0 | 0 | 70 | xss(0/70) |
| medusa | 15 | 0 | 0 | 0 | 15 | session-token(0/15) |
| moodle | 40 | 0 | 0 | 0 | 40 | xss(0/40) |
| nestjs | 2 | 0 | 0 | 0 | 2 | ssrf(0/2) |
| nextjs | 66 | 26 | 0 | 0 | 40 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/55), request-smuggling(0/3), ssrf(2/2), xss(2/3) |
| nginx | 110 | 0 | 0 | 0 | 110 | authz-bypass(0/2), proxy-boundary(0/107), sqli(0/1) |
| nodejs | 8 | 0 | 0 | 0 | 8 | ssrf(0/8) |
| nuxt | 28 | 0 | 0 | 0 | 28 | proxy-boundary(0/26), xss(0/2) |
| opencart | 100 | 0 | 0 | 0 | 100 | deserialization(0/3), plugin-extension(0/69), sqli(0/12), ssrf(0/1), template-injection(0/1), xss(0/14) |
| openmage | 27 | 0 | 0 | 0 | 27 | plugin-extension(0/22), xss(0/5) |
| phpmyadmin | 50 | 0 | 0 | 0 | 50 | xss(0/50) |
| prestashop | 112 | 0 | 0 | 0 | 112 | file-upload(0/1), plugin-extension(0/91), sqli(0/4), xss(0/16) |
| rails | 42 | 0 | 0 | 0 | 42 | xss(0/42) |
| react | 21 | 0 | 0 | 0 | 21 | xss(0/21) |
| redmine | 50 | 0 | 0 | 0 | 50 | xss(0/50) |
| saleor | 24 | 0 | 0 | 0 | 24 | plugin-extension(0/1), session-token(0/22), xss(0/1) |
| shopware | 71 | 0 | 0 | 0 | 71 | authz-bypass(0/2), deserialization(0/1), plugin-extension(0/55), sqli(0/2), ssrf(0/1), xss(0/10) |
| spring-boot | 2 | 0 | 0 | 0 | 2 | authz-bypass(0/1), proxy-boundary(0/1) |
| spring-framework | 11 | 0 | 0 | 0 | 11 | authz-bypass(0/1), deserialization(0/9), sqli(0/1) |
| spring-security | 3 | 0 | 0 | 0 | 3 | authz-bypass(0/1), proxy-boundary(0/2) |
| strapi | 26 | 0 | 0 | 0 | 26 | authz-bypass(0/1), session-token(0/25) |
| sveltekit | 3 | 0 | 0 | 0 | 3 | deserialization(0/3) |
| symfony | 9 | 0 | 0 | 0 | 9 | xss(0/9) |
| traefik | 43 | 0 | 0 | 0 | 43 | authz-bypass(0/3), file-upload(0/2), proxy-boundary(0/37), request-smuggling(0/1) |
| undici | 23 | 14 | 0 | 0 | 9 | authz-bypass(0/1), ssrf(14/22) |
| vite | 42 | 12 | 0 | 0 | 30 | proxy-boundary(11/39), xss(1/3) |
| vue | 15 | 0 | 0 | 0 | 15 | xss(0/15) |
| webpack | 1 | 0 | 0 | 0 | 1 | file-upload(0/1) |
| werkzeug | 1 | 0 | 0 | 0 | 1 | proxy-boundary(0/1) |
| woocommerce | 111 | 0 | 0 | 0 | 111 | xss(0/111) |
| wordpress | 140 | 0 | 0 | 0 | 140 | xss(0/140) |
## 历史阻塞项修复纪要 ## 历史阻塞项修复纪要

1497
08-threat-intel/generated/dashboard/runs.json
查看文件

文件差异因一行或多行过长而隐藏

1932
08-threat-intel/generated/dashboard/summary.json
查看文件

文件差异内容过多而无法显示 加载差异

1776
08-threat-intel/generated/dashboard/systems.json
查看文件

文件差异内容过多而无法显示 加载差异

6
08-threat-intel/generated/latest-ingest.md
查看文件

@@ -1,9 +1,9 @@
# 最新同步摘要 # 最新同步摘要
- 渲染时间: `2026-03-18T21:18:14+00:00` - 渲染时间: `2026-03-18T21:21:45+00:00`
- 系统数量: `62` - 系统数量: `62`
- Advisory 数量: `0` - Advisory 数量: `2348`
- 重点 Markdown 数量: `0` - 重点 Markdown 数量: `156`
- Run Bundle 数量: `89` - Run Bundle 数量: `89`
- 新增记录: `0` - 新增记录: `0`
- 更新记录: `0` - 更新记录: `0`

6
08-threat-intel/generated/run-summary.json
查看文件

@@ -1,8 +1,8 @@
{ {
"generated_at": "2026-03-18T21:18:14+00:00", "generated_at": "2026-03-18T21:21:45+00:00",
"system_count": 62, "system_count": 62,
"advisory_count": 0, "advisory_count": 2348,
"markdown_count": 0, "markdown_count": 156,
"new_count": 0, "new_count": 0,
"updated_count": 0, "updated_count": 0,
"systems_touched": [], "systems_touched": [],

67
08-threat-intel/registry/advisories/adminer--CVE-2026-25878.json 普通文件
查看文件

@@ -0,0 +1,67 @@
{
"canonical_id": "adminer--CVE-2026-25878",
"system_id": "adminer",
"display_name": "Adminer",
"category": "platforms",
"advisory_mode": "core",
"title": "CVE-2026-25878",
"summary": "FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route (/admin/adminer) was accessible without Shopware admin authentication. The route was configured with auth_required=false and performed no session validation, exposing the Adminer UI to unauthenticated users. This vulnerability is fixed in 2.2.1.",
"published_at": "2026-02-09T21:15:50.380",
"updated_at": "2026-02-28T00:18:44.953",
"severity": "medium",
"cvss_score": 5.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/FriendsOfShopware/FroshPlatformAdminer/commit/c4dd6c3462af178b3a7d146d3c651c2c253e902b",
"secondary_source_urls": [
"https://github.com/FriendsOfShopware/FroshPlatformAdminer/releases/tag/2.2.1",
"https://github.com/FriendsOfShopware/FroshPlatformAdminer/security/advisories/GHSA-f339-246p-wwjp"
],
"aliases": [
"CVE-2026-25878"
],
"cve_ids": [
"CVE-2026-25878"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"token-cookie-storage",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adminer"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

65
08-threat-intel/registry/advisories/adminer--CVE-2026-25892.json 普通文件
查看文件

@@ -0,0 +1,65 @@
{
"canonical_id": "adminer--CVE-2026-25892",
"system_id": "adminer",
"display_name": "Adminer",
"category": "platforms",
"advisory_mode": "core",
"title": "CVE-2026-25892",
"summary": "Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2.",
"published_at": "2026-02-09T22:16:04.023",
"updated_at": "2026-02-20T20:24:32.147",
"severity": "high",
"cvss_score": 7.5,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3",
"secondary_source_urls": [
"https://github.com/vrana/adminer/releases/tag/v5.4.2",
"https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh"
],
"aliases": [
"CVE-2026-25892"
],
"cve_ids": [
"CVE-2026-25892"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adminer"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--047932676d.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--047932676d",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB26-05 \u00a0: Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb26-05.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--0a62931b31.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--0a62931b31",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB21-86 \u00a0Security\u202fupdates available\u202ffor Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb21-86.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--0eb3765231.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--0eb3765231",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB20-22 \u00a0Security\u202fupdates available\u202ffor Magento",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--1040fafca2.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--1040fafca2",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB20-41 \u00a0Security\u202fupdates available\u202ffor Magento",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb20-41.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--1255668bf0.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--1255668bf0",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB24-61 \u00a0: Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--12ae93f161.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--12ae93f161",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB25-88 : Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--3f204ca99f.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--3f204ca99f",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB22-38\u00a0 :\u00a0Security update available for Adobe\u00a0Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--4db71027f6.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--4db71027f6",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB23-42 \u00a0: Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--5451447fe7.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--5451447fe7",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB21-30 \u00a0Security\u202fupdates available\u202ffor Magento",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--54dc24517c.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--54dc24517c",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB25-26\u00a0 : Security update available for Adobe\u00a0Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--5cb7420cf3.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--5cb7420cf3",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "Back to top",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--8c1e29399c.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--8c1e29399c",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB24-73\u00a0 :\u00a0Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--8ecb2a63a5.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--8ecb2a63a5",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB23-17\u00a0 : Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--933ad16ad5.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--933ad16ad5",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB24-18 \u00a0: Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--934b38c7e3.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--934b38c7e3",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB23-50 \u00a0: Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--979640da01.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--979640da01",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB23-35 \u00a0:\u00a0Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2021-36035.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2021-36035",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2021-36035",
"summary": "Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could make a crafted request to the Adobe Stock API to achieve remote code execution.",
"published_at": "2021-09-01T15:15:09.860",
"updated_at": "2024-11-21T06:12:59.820",
"severity": "critical",
"cvss_score": 9.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2021-36035"
],
"cve_ids": [
"CVE-2021-36035"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2021-39864.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2021-39864",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2021-39864",
"summary": "Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.",
"published_at": "2021-10-15T15:15:08.460",
"updated_at": "2024-11-21T06:20:25.057",
"severity": "medium",
"cvss_score": 6.5,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb21-86.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2021-39864"
],
"cve_ids": [
"CVE-2021-39864"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-24086.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "adobe-commerce--CVE-2022-24086",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-24086",
"summary": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.",
"published_at": "2022-02-16T17:15:13.307",
"updated_at": "2025-10-23T14:51:16.013",
"severity": "critical",
"cvss_score": 9.8,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-12.html",
"secondary_source_urls": [
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24086"
],
"aliases": [
"CVE-2022-24086"
],
"cve_ids": [
"CVE-2022-24086"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-24093.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-24093",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-24093",
"summary": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.",
"published_at": "2023-09-12T08:15:12.960",
"updated_at": "2024-11-21T06:49:47.413",
"severity": "critical",
"cvss_score": 9.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-24093"
],
"cve_ids": [
"CVE-2022-24093"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-34253.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-34253",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-34253",
"summary": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does not require user interaction.",
"published_at": "2022-08-16T21:15:09.973",
"updated_at": "2024-11-21T07:09:09.320",
"severity": "high",
"cvss_score": 7.2,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-34253"
],
"cve_ids": [
"CVE-2022-34253"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

65
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-34254.json 普通文件
查看文件

@@ -0,0 +1,65 @@
{
"canonical_id": "adobe-commerce--CVE-2022-34254",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-34254",
"summary": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction.",
"published_at": "2022-08-16T21:15:10.040",
"updated_at": "2024-11-21T07:09:09.437",
"severity": "high",
"cvss_score": 8.8,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-34254"
],
"cve_ids": [
"CVE-2022-34254"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy",
"path-traversal-guard"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-34255.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-34255",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-34255",
"summary": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform an account takeover for a victim. Exploitation of this issue does not require user interaction.",
"published_at": "2022-08-16T21:15:10.100",
"updated_at": "2024-11-21T07:09:09.567",
"severity": "high",
"cvss_score": 8.8,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-34255"
],
"cve_ids": [
"CVE-2022-34255"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-34256.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-34256",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-34256",
"summary": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.",
"published_at": "2022-08-16T21:15:10.163",
"updated_at": "2024-11-21T07:09:09.690",
"severity": "high",
"cvss_score": 7.5,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-34256"
],
"cve_ids": [
"CVE-2022-34256"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-34257.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-34257",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-34257",
"summary": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.",
"published_at": "2022-08-16T21:15:10.220",
"updated_at": "2024-11-21T07:09:09.827",
"severity": "medium",
"cvss_score": 6.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-34257"
],
"cve_ids": [
"CVE-2022-34257"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-34258.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-34258",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-34258",
"summary": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.",
"published_at": "2022-08-16T21:15:10.280",
"updated_at": "2024-11-21T07:09:09.953",
"severity": "medium",
"cvss_score": 4.8,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-34258"
],
"cve_ids": [
"CVE-2022-34258"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-34259.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-34259",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-34259",
"summary": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.",
"published_at": "2022-08-16T21:15:10.340",
"updated_at": "2024-11-21T07:09:10.063",
"severity": "medium",
"cvss_score": 5.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-34259"
],
"cve_ids": [
"CVE-2022-34259"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-35689.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-35689",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-35689",
"summary": "Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.",
"published_at": "2022-10-14T20:15:10.223",
"updated_at": "2024-11-21T07:11:28.990",
"severity": "medium",
"cvss_score": 5.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-48.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-35689"
],
"cve_ids": [
"CVE-2022-35689"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-35692.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-35692",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-35692",
"summary": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction.",
"published_at": "2022-08-19T23:15:09.857",
"updated_at": "2024-11-21T07:11:29.357",
"severity": "medium",
"cvss_score": 5.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-35692"
],
"cve_ids": [
"CVE-2022-35692"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-35698.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-35698",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-35698",
"summary": "Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.",
"published_at": "2022-10-14T20:15:11.770",
"updated_at": "2024-11-21T07:11:30.073",
"severity": "critical",
"cvss_score": 10.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-48.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-35698"
],
"cve_ids": [
"CVE-2022-35698"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2022-42344.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2022-42344",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2022-42344",
"summary": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation.",
"published_at": "2022-10-20T17:15:10.723",
"updated_at": "2024-11-21T07:24:47.620",
"severity": "high",
"cvss_score": 8.8,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2022-42344"
],
"cve_ids": [
"CVE-2022-42344"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-22247.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-22247",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-22247",
"summary": "Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.",
"published_at": "2023-03-27T21:15:10.727",
"updated_at": "2024-11-21T07:44:23.737",
"severity": "high",
"cvss_score": 7.5,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-22247"
],
"cve_ids": [
"CVE-2023-22247"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-22248.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-22248",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-22248",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:10.413",
"updated_at": "2024-11-21T07:44:23.877",
"severity": "high",
"cvss_score": 7.5,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-22248"
],
"cve_ids": [
"CVE-2023-22248"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-22249.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-22249",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-22249",
"summary": "Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.",
"published_at": "2023-03-27T21:15:10.797",
"updated_at": "2024-11-21T07:44:24.003",
"severity": "medium",
"cvss_score": 4.8,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-22249"
],
"cve_ids": [
"CVE-2023-22249"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-22250.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-22250",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-22250",
"summary": "Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.",
"published_at": "2023-03-27T21:15:10.860",
"updated_at": "2024-11-21T07:44:24.110",
"severity": "medium",
"cvss_score": 5.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-22250"
],
"cve_ids": [
"CVE-2023-22250"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-22251.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-22251",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-22251",
"summary": "Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.",
"published_at": "2023-03-27T21:15:10.923",
"updated_at": "2024-11-21T07:44:24.210",
"severity": "medium",
"cvss_score": 4.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-22251"
],
"cve_ids": [
"CVE-2023-22251"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

65
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-26366.json 普通文件
查看文件

@@ -0,0 +1,65 @@
{
"canonical_id": "adobe-commerce--CVE-2023-26366",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-26366",
"summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.",
"published_at": "2023-10-13T07:15:38.933",
"updated_at": "2024-11-21T07:51:12.390",
"severity": "medium",
"cvss_score": 6.8,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-26366"
],
"cve_ids": [
"CVE-2023-26366"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy",
"ssrf-url-validation"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-26367.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-26367",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-26367",
"summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.",
"published_at": "2023-10-13T07:15:39.767",
"updated_at": "2024-11-21T07:51:12.530",
"severity": "medium",
"cvss_score": 4.9,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-26367"
],
"cve_ids": [
"CVE-2023-26367"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29287.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29287",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29287",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..",
"published_at": "2023-06-15T19:15:10.603",
"updated_at": "2024-11-21T07:56:48.080",
"severity": "medium",
"cvss_score": 5.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29287"
],
"cve_ids": [
"CVE-2023-29287"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29288.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29288",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29288",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:10.673",
"updated_at": "2024-11-21T07:56:48.197",
"severity": "medium",
"cvss_score": 4.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29288"
],
"cve_ids": [
"CVE-2023-29288"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29289.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29289",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29289",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:10.743",
"updated_at": "2024-11-21T07:56:48.313",
"severity": "medium",
"cvss_score": 6.5,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29289"
],
"cve_ids": [
"CVE-2023-29289"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29290.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29290",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29290",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:10.817",
"updated_at": "2024-11-21T07:56:48.423",
"severity": "medium",
"cvss_score": 5.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29290"
],
"cve_ids": [
"CVE-2023-29290"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

65
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29291.json 普通文件
查看文件

@@ -0,0 +1,65 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29291",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29291",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:10.887",
"updated_at": "2024-11-21T07:56:48.530",
"severity": "medium",
"cvss_score": 4.9,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29291"
],
"cve_ids": [
"CVE-2023-29291"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy",
"ssrf-url-validation"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

65
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29292.json 普通文件
查看文件

@@ -0,0 +1,65 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29292",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29292",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:10.957",
"updated_at": "2024-11-21T07:56:48.640",
"severity": "medium",
"cvss_score": 4.9,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29292"
],
"cve_ids": [
"CVE-2023-29292"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy",
"ssrf-url-validation"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29293.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29293",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29293",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:11.020",
"updated_at": "2024-11-21T07:56:48.747",
"severity": "low",
"cvss_score": 2.7,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29293"
],
"cve_ids": [
"CVE-2023-29293"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29294.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29294",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29294",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:11.090",
"updated_at": "2024-11-21T07:56:48.850",
"severity": "medium",
"cvss_score": 4.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29294"
],
"cve_ids": [
"CVE-2023-29294"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29295.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29295",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29295",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:11.163",
"updated_at": "2024-11-21T07:56:48.960",
"severity": "medium",
"cvss_score": 4.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29295"
],
"cve_ids": [
"CVE-2023-29295"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29296.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29296",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29296",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:11.240",
"updated_at": "2024-11-21T07:56:49.063",
"severity": "medium",
"cvss_score": 4.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29296"
],
"cve_ids": [
"CVE-2023-29296"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-29297.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-29297",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-29297",
"summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.",
"published_at": "2023-06-15T19:15:11.310",
"updated_at": "2024-11-21T07:56:49.170",
"severity": "critical",
"cvss_score": 9.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-29297"
],
"cve_ids": [
"CVE-2023-29297"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-38207.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-38207",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-38207",
"summary": "Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.",
"published_at": "2023-08-09T08:15:09.443",
"updated_at": "2024-11-21T08:13:05.193",
"severity": "high",
"cvss_score": 7.5,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-38207"
],
"cve_ids": [
"CVE-2023-38207"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-38208.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-38208",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-38208",
"summary": "Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.",
"published_at": "2023-08-09T08:15:09.563",
"updated_at": "2024-11-21T08:13:05.317",
"severity": "critical",
"cvss_score": 9.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-38208"
],
"cve_ids": [
"CVE-2023-38208"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-38209.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-38209",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-38209",
"summary": "Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.",
"published_at": "2023-08-09T08:15:09.660",
"updated_at": "2024-11-21T08:13:05.447",
"severity": "medium",
"cvss_score": 6.5,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-38209"
],
"cve_ids": [
"CVE-2023-38209"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-38218.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-38218",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-38218",
"summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.",
"published_at": "2023-10-13T07:15:40.047",
"updated_at": "2024-11-21T08:13:06.583",
"severity": "high",
"cvss_score": 8.8,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-38218"
],
"cve_ids": [
"CVE-2023-38218"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-38219.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-38219",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-38219",
"summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.",
"published_at": "2023-10-13T07:15:40.327",
"updated_at": "2024-11-21T08:13:06.720",
"severity": "high",
"cvss_score": 8.7,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-38219"
],
"cve_ids": [
"CVE-2023-38219"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-38220.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-38220",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-38220",
"summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.",
"published_at": "2023-10-13T07:15:40.557",
"updated_at": "2024-11-21T08:13:06.863",
"severity": "high",
"cvss_score": 7.5,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-38220"
],
"cve_ids": [
"CVE-2023-38220"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-38221.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-38221",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-38221",
"summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.",
"published_at": "2023-10-13T07:15:40.777",
"updated_at": "2024-11-21T08:13:07.010",
"severity": "high",
"cvss_score": 8.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-38221"
],
"cve_ids": [
"CVE-2023-38221"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-38249.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-38249",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-38249",
"summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.",
"published_at": "2023-10-13T07:15:41.037",
"updated_at": "2024-11-21T08:13:10.773",
"severity": "high",
"cvss_score": 8.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-38249"
],
"cve_ids": [
"CVE-2023-38249"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-38250.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-38250",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-38250",
"summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.",
"published_at": "2023-10-13T07:15:41.420",
"updated_at": "2024-11-21T08:13:10.920",
"severity": "high",
"cvss_score": 8.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-38250"
],
"cve_ids": [
"CVE-2023-38250"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2023-38251.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2023-38251",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2023-38251",
"summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.",
"published_at": "2023-10-13T07:15:41.577",
"updated_at": "2024-11-21T08:13:11.070",
"severity": "medium",
"cvss_score": 5.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2023-38251"
],
"cve_ids": [
"CVE-2023-38251"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2024-20716.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2024-20716",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2024-20716",
"summary": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.",
"published_at": "2024-02-15T14:15:45.463",
"updated_at": "2024-11-21T08:52:59.103",
"severity": "medium",
"cvss_score": 4.9,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2024-20716"
],
"cve_ids": [
"CVE-2024-20716"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2024-20717.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2024-20717",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2024-20717",
"summary": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.",
"published_at": "2024-02-15T14:15:45.663",
"updated_at": "2024-11-21T08:52:59.233",
"severity": "medium",
"cvss_score": 5.4,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2024-20717"
],
"cve_ids": [
"CVE-2024-20717"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2024-20718.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2024-20718",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2024-20718",
"summary": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.",
"published_at": "2024-02-15T14:15:45.870",
"updated_at": "2024-11-21T08:53:00.647",
"severity": "medium",
"cvss_score": 4.3,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2024-20718"
],
"cve_ids": [
"CVE-2024-20718"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2024-20719.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2024-20719",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2024-20719",
"summary": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. ",
"published_at": "2024-02-15T14:15:46.077",
"updated_at": "2024-11-21T08:53:00.843",
"severity": "critical",
"cvss_score": 9.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2024-20719"
],
"cve_ids": [
"CVE-2024-20719"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2024-20720.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2024-20720",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2024-20720",
"summary": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.",
"published_at": "2024-02-15T14:15:46.283",
"updated_at": "2024-11-21T08:53:01.000",
"severity": "critical",
"cvss_score": 9.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2024-20720"
],
"cve_ids": [
"CVE-2024-20720"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2024-20758.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2024-20758",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2024-20758",
"summary": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.",
"published_at": "2024-04-10T12:15:08.567",
"updated_at": "2025-04-16T14:53:40.187",
"severity": "critical",
"cvss_score": 9.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2024-20758"
],
"cve_ids": [
"CVE-2024-20758"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/adobe-commerce--CVE-2024-20759.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "adobe-commerce--CVE-2024-20759",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "CVE-2024-20759",
"summary": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.",
"published_at": "2024-04-10T12:15:08.893",
"updated_at": "2025-02-11T15:59:16.957",
"severity": "high",
"cvss_score": 8.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html",
"secondary_source_urls": [],
"aliases": [
"CVE-2024-20759"
],
"cve_ids": [
"CVE-2024-20759"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Adobe Commerce"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--a0a29ab7eb.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--a0a29ab7eb",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB25-71\u00a0 : Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--a5f12e77b4.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--a5f12e77b4",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB22-12 \u00a0Security\u202fupdates available\u202ffor Magento",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-12.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--a7b623e0d8.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--a7b623e0d8",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB21-08 \u00a0Security\u202fupdates available\u202ffor Magento",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--ac73b00a05.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--ac73b00a05",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB24-40 \u00a0:\u00a0Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--c1c61771df.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--c1c61771df",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB24-90 :\u00a0Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-90.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--ce8484a7ed.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--ce8484a7ed",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB25-08\u00a0 : Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--d3476d6b14.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--d3476d6b14",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB25-94\u00a0 : Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--d4e4aff8b8.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--d4e4aff8b8",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB22-48 : Security updates available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-48.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--d688572a39.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--d688572a39",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB20-02 \u00a0Security\u202fupdates available\u202ffor Magento",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--d88dbef013.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--d88dbef013",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB20-59 \u00a0Security\u202fupdates available\u202ffor Magento",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--da91b15885.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--da91b15885",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB22-13 \u00a0:\u00a0Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--ef1f4e7ed5.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--ef1f4e7ed5",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB21-64 \u00a0Security\u202fupdates available\u202ffor Magento",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--f2ffd83268.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--f2ffd83268",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB25-50\u00a0: Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--f35cbfee30.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--f35cbfee30",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB24-03 \u00a0: Security update available for Adobe Commerce",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/adobe-commerce--fc2e2dc6d1.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "adobe-commerce--fc2e2dc6d1",
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"advisory_mode": "core",
"title": "APSB20-47 \u00a0Security\u202fupdates available\u202ffor Magento",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"Adobe Magento Security Index"
],
"source_kinds": [
"vendor-index"
],
"candidate_count": 1
}
}

89
08-threat-intel/registry/advisories/angular--CVE-2026-27970.json 普通文件
查看文件

@@ -0,0 +1,89 @@
{
"canonical_id": "angular--CVE-2026-27970",
"system_id": "angular",
"display_name": "Angular",
"category": "frameworks",
"advisory_mode": "core",
"title": "Angular i18n vulnerable to Cross-Site Scripting",
"summary": "A [Cross-site Scripting (XSS)](https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XSS) vulnerability has been identified in the Angular internationalization (i18n) pipeline. In ICU messages (International Components for Unicode), HTML from translated content was not properly sanitized and could execute arbitrary JavaScript.\n\nAngular i18n typically involves three steps, extracting all messages from an application in the source language, sending the messages to be translated, and then merging their translations back into the final source code. Translations are frequently handled by contracts with specific partner companies, and involve sending the source messages to a separate contractor before receiving final translations for display to the end user.\n\nIf the returned translations have malicious content, it could be rendered into the application and execute arbitrary JavaScript.\n\n### Impact\nWhen successfully exploited, this vulnerability allows for execution of attacker controlled JavaScript in the application origin. Depending on the nature of the application being exploited this could lead to:\n\n- **Credential Exfiltration**: Stealing sensitive user data stored in page memory, LocalStorage, IndexedDB, or cookies available to JS and sending them to an attacker controlled server.\n- **Page Vandalism:** Mutating the page to read or act differently than intended by the developer.\n\n### Attach Preconditions\n\n- **The attacker must compromise the translation file (xliff, xtb, etc.).**\n- Unlike most XSS vulnerabilities, this one is not exploitable by arbitrary users. An attacker must first compromise an application's translation file before they can escalate privileges into the Angular application client.\n- The victim application must use Angular i18n.\n- The victim application must use one or more ICU messages.\n- The victim application must render an ICU message.\n- The victim application must not defend against XSS via a safe [Content-Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP) or [Trusted Types](https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API).\n\n### Patches\n- 21.2.0\n- 21.1.6\n- 20.3.17\n- 19.2.19\n\n### Workarounds\nUntil the patch is applied, developers should consider:\n\n- **Reviewing and verifying translated content** received from untrusted third parties before incorporating it in an Angular application.\n- **Enabling strict CSP controls** to block unauthorized JavaScript from executing on the page.\n- [**Enabling Trusted Types**](https://angular.dev/best-practices/security#enforcing-trusted-types) to enforce proper HTML sanitization.\n\n### References\n\n- [Fix](https://github.com/angular/angular/pull/67183)",
"published_at": "2026-02-27T18:33:16Z",
"updated_at": "2026-02-28T06:24:33.665085Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/angular/angular/security/advisories/GHSA-prjf-86w9-mfqv",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-27970",
"https://github.com/angular/angular/pull/67183",
"https://github.com/angular/angular/commit/306f367899dfc2e04238fecd3455547b5d54075d",
"https://github.com/angular/angular/commit/7d58b798c626bb0e4e5f89ca8affdce4f352b232",
"https://github.com/angular/angular/commit/b85830953281ff3a1a77bbfe69019d352d509c93",
"https://angular.dev/best-practices/security#enforcing-trusted-types",
"https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API",
"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP",
"https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XSS",
"https://github.com/angular/angular"
],
"aliases": [
"CVE-2026-27970",
"GHSA-prjf-86w9-mfqv"
],
"cve_ids": [
"CVE-2026-27970"
],
"ghsa_ids": [
"GHSA-prjf-86w9-mfqv"
],
"osv_ids": [
"GHSA-prjf-86w9-mfqv"
],
"affected_versions": [
"introduced=21.2.0-next.0, fixed<21.2.0",
"introduced=21.0.0-next.0, fixed<21.1.6",
"introduced=20.0.0-next.0, fixed<20.3.17",
"introduced=19.0.0-next.0, fixed<19.2.19",
"introduced=0, last_affected=18.2.14"
],
"fixed_versions": [
"21.2.0",
"21.1.6",
"20.3.17",
"19.2.19"
],
"package_name": "@angular/core",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/angular/cases/angular-cve-2026-27970.md",
"secure_code_topics": [
"xss-output-encoding",
"template-injection-guard",
"csp-trusted-types",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Angular"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

87
08-threat-intel/registry/advisories/angular--CVE-2026-32635.json 普通文件
查看文件

@@ -0,0 +1,87 @@
{
"canonical_id": "angular--CVE-2026-32635",
"system_id": "angular",
"display_name": "Angular",
"category": "frameworks",
"advisory_mode": "core",
"title": "Angular vulnerable to XSS in i18n attribute bindings",
"summary": "A Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular's ability to internationalize attributes. Enabling internationalization for the sensitive attribute by adding `i18n-<attribute>` name bypasses Angular's built-in sanitization mechanism, which when combined with a data binding to untrusted user-generated data can allow an attacker to inject a malicious script. \n\nThe following example illustrates the issue:\n```html\n<a href=\"{{maliciousUrl}}\" i18n-href>Click me</a>\n```\n\nThe following attributes have been confirmed to be vulnerable:\n- `action`\n- `background`\n- `cite`\n- `codebase`\n- `data`\n- `formaction`\n- `href`\n- `itemtype`\n- `longdesc`\n- `poster`\n- `src`\n- `xlink:href`\n\n### Impact\nWhen exploited, this vulnerability allows an attacker to execute arbitrary code within the context of the vulnerable application's domain. This enables:\n- Session Hijacking: Stealing session cookies and authentication tokens.\n- Data Exfiltration: Capturing and transmitting sensitive user data.\n- Unauthorized Actions: Performing actions on behalf of the user.\n\n### Attack Preconditions\n1. The application must use a vulnerable version of Angular.\n2. The application must bind unsanitized user input to one of the attributes mentioned above.\n3. The bound value must be marked for internationalization via the presence of a `i18n-<name>` attribute on the same element.\n\n### Patches\n- 22.0.0-next.3\n- 21.2.4\n- 20.3.18\n- 19.2.20\n\n### Workarounds\nThe primary workaround is to ensure that any data bound to the vulnerable attributes is **never sourced from untrusted user input** (e.g., database, API response, URL parameters) until the patch is applied, or when it is, it shouldn't be marked for internationalization.\n\nAlternatively, users can explicitly sanitize their attributes by passing them through Angular's `DomSanitizer`:\n```ts\nimport {Component, inject, SecurityContext} from '@angular/core';\nimport {DomSanitizer} from '@angular/platform-browser';\n\n@Component({\n template: `\n <form action=\"{{url}}\" i18n-action>\n <button>Submit</button>\n </form>\n `,\n})\nexport class App {\n url: string;\n\n constructor() {\n const dangerousUrl = 'javascript:alert(1)';\n const sanitizer = inject(DomSanitizer);\n this.url = sanitizer.sanitize(SecurityContext.URL, dangerousUrl) || '';\n }\n}\n```\n\n### References\n- [Fix 1](https://github.com/angular/angular/pull/67541) \n- [Fix 2](https://github.com/angular/angular/pull/67561)",
"published_at": "2026-03-13T20:56:18Z",
"updated_at": "2026-03-17T01:31:35.828211Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-32635",
"https://github.com/angular/angular/pull/67541",
"https://github.com/angular/angular/pull/67561",
"https://github.com/angular/angular/commit/224e60ecb1b90115baa702f1c06edc1d64d86187",
"https://github.com/angular/angular/commit/78dea55351fb305b33a919c43a6b363137eca166",
"https://github.com/angular/angular/commit/8630319f74c9575a21693d875cc7d5252516146d",
"https://github.com/angular/angular/commit/ed2d324f9cc12aab6cfa0569ef10b73243a62c65",
"https://github.com/angular/angular"
],
"aliases": [
"CVE-2026-32635",
"GHSA-g93w-mfhg-p222"
],
"cve_ids": [
"CVE-2026-32635"
],
"ghsa_ids": [
"GHSA-g93w-mfhg-p222"
],
"osv_ids": [
"GHSA-g93w-mfhg-p222"
],
"affected_versions": [
"introduced=22.0.0-next.0, fixed<22.0.0-next.3",
"introduced=21.0.0-next.0, fixed<21.2.4",
"introduced=20.0.0-next.0.0.0, fixed<20.3.18",
"introduced=19.0.0-next.0, fixed<19.2.20",
"introduced=17.0.0-next.0, last_affected=18.2.14"
],
"fixed_versions": [
"22.0.0-next.3",
"21.2.4",
"20.3.18",
"19.2.20"
],
"package_name": "@angular/core",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/angular/cases/angular-cve-2026-32635.md",
"secure_code_topics": [
"xss-output-encoding",
"template-injection-guard",
"csp-trusted-types",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Angular"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2
}
}

59
08-threat-intel/registry/advisories/apache-httpd--02cba8895c.json 普通文件
查看文件

@@ -0,0 +1,59 @@
{
"canonical_id": "apache-httpd--02cba8895c",
"system_id": "apache-httpd",
"display_name": "Apache HTTP Server",
"category": "servers",
"advisory_mode": "server",
"title": "libapreq",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://httpd.apache.org/apreq/",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"request-smuggling-boundary",
"proxy-trust-boundary",
"path-traversal-guard"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"Apache HTTPD Security"
],
"source_kinds": [
"html-links"
],
"candidate_count": 1
}
}

59
08-threat-intel/registry/advisories/apache-httpd--05cc1afdb1.json 普通文件
查看文件

@@ -0,0 +1,59 @@
{
"canonical_id": "apache-httpd--05cc1afdb1",
"system_id": "apache-httpd",
"display_name": "Apache HTTP Server",
"category": "servers",
"advisory_mode": "server",
"title": "Trunk",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://svn.apache.org/viewvc/httpd/httpd/trunk/",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"request-smuggling-boundary",
"proxy-trust-boundary",
"path-traversal-guard"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"Apache HTTPD Security"
],
"source_kinds": [
"html-links"
],
"candidate_count": 1
}
}

59
08-threat-intel/registry/advisories/apache-httpd--07805b501b.json 普通文件
查看文件

@@ -0,0 +1,59 @@
{
"canonical_id": "apache-httpd--07805b501b",
"system_id": "apache-httpd",
"display_name": "Apache HTTP Server",
"category": "servers",
"advisory_mode": "server",
"title": "CVE-2025-59775",
"summary": "",
"published_at": null,
"updated_at": null,
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://www.cve.org/CVERecord?id=CVE-2025-59775",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"request-smuggling-boundary",
"proxy-trust-boundary",
"path-traversal-guard"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"Apache HTTPD Security"
],
"source_kinds": [
"html-links"
],
"candidate_count": 1
}
}

某些文件未显示,因为此 diff 中更改的文件太多 显示更多