hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 77 个文件 - 2026-03-17 00:30:01

浏览代码
这个提交包含在:
hao
2026-03-17 00:30:01 -07:00
父节点 1f2744825f
当前提交 9796fa6d4c
修改 77 个文件,包含 7682 行新增242 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

414
08-threat-intel/generated/dashboard/runs.json
查看文件

@@ -101,7 +101,140 @@
},
"browser_links": [],
"container_links": [],
"request_links": []
"request_links": [],
"advisory_meta": {
"canonical_id": "gitea--CVE-2025-68939",
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:48.777563Z",
"official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
"https://blog.gitea.com/release-of-1.23.0",
"https://github.com/go-gitea/gitea/pull/32151",
"https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
],
"aliases": [
"BIT-gitea-2025-68939",
"CVE-2025-68939",
"GHSA-263q-5cv3-xq9g",
"GO-2025-4261"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"profile_meta": {
"profile_id": "file-upload-generic",
"vuln_family": "file-upload",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Upload acceptance or bypass path is demonstrated with reversible test artifacts."
],
"seed_actions": [
{
"kind": "note",
"message": "Use inert marker files and non-executable payloads by default."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Validate extension, storage path, and preview behavior using inert files."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"Use inert marker files and non-executable payloads by default.",
"Validate extension, storage path, and preview behavior using inert files.",
"Upload acceptance or bypass path is demonstrated with reversible test artifacts.",
"Current blocker: unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
],
"progress": {
"completed": 3,
"skipped": 5,
"failed": 0,
"blocked": 1,
"planned": 0,
"other": 0
},
"artifact_groups": [
{
"key": "reports",
"label": "Reports",
"count": 4,
"items": [
{
"href": "./runs/gitea-livecheck-20260316/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "./runs/gitea-livecheck-20260316/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "./runs/gitea-livecheck-20260316/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "./runs/gitea-livecheck-20260316/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose",
"count": 1,
"items": [
{
"href": "./runs/gitea-livecheck-20260316/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
@@ -144,6 +277,144 @@
"request_links": [
"./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
"./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json"
],
"advisory_meta": {
"canonical_id": "gitea--CVE-2025-68939",
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:48.777563Z",
"official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
"https://blog.gitea.com/release-of-1.23.0",
"https://github.com/go-gitea/gitea/pull/32151",
"https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
],
"aliases": [
"BIT-gitea-2025-68939",
"CVE-2025-68939",
"GHSA-263q-5cv3-xq9g",
"GO-2025-4261"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"profile_meta": {
"profile_id": "file-upload-generic",
"vuln_family": "file-upload",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Upload acceptance or bypass path is demonstrated with reversible test artifacts."
],
"seed_actions": [
{
"kind": "note",
"message": "Use inert marker files and non-executable payloads by default."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Validate extension, storage path, and preview behavior using inert files."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"Use inert marker files and non-executable payloads by default.",
"Validate extension, storage path, and preview behavior using inert files.",
"Upload acceptance or bypass path is demonstrated with reversible test artifacts.",
"Current blocker: unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
],
"progress": {
"completed": 0,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 0
},
"artifact_groups": [
{
"key": "reports",
"label": "Reports",
"count": 4,
"items": [
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "Request Logs",
"count": 2,
"items": [
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
"label": "attack.json",
"kind": "text"
},
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
}
]
},
{
@@ -196,6 +467,147 @@
"request_links": [
"./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
"./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
],
"advisory_meta": {
"canonical_id": "nextjs--CVE-2025-29927",
"title": "Authorization Bypass in Next.js Middleware",
"summary": "# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2025-03-21T15:20:12Z",
"updated_at": "2026-03-04T15:06:29.993197Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
"https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
"https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v12.3.5",
"https://github.com/vercel/next.js/releases/tag/v13.5.9",
"https://security.netapp.com/advisory/ntap-20250328-0002",
"https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
"http://www.openwall.com/lists/oss-security/2025/03/23/3",
"http://www.openwall.com/lists/oss-security/2025/03/23/4"
],
"aliases": [
"CVE-2025-29927",
"GHSA-f82v-jwr5-mffw"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "real",
"artifact_mode": "official-source",
"blocked_reason": "dry-run only",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"profile_meta": {
"profile_id": "authz-bypass-generic",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Protected route or action is evaluated with controlled credentials and logged."
],
"seed_actions": [
{
"kind": "note",
"message": "Create low-privilege and admin test users for server-side recheck validation."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Use minimal authorization bypass probes defined by case-specific runner or manual session tooling."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
"Create low-privilege and admin test users for server-side recheck validation.",
"Use minimal authorization bypass probes defined by case-specific runner or manual session tooling.",
"Protected route or action is evaluated with controlled credentials and logged.",
"Current blocker: dry-run only"
],
"progress": {
"completed": 0,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 0
},
"artifact_groups": [
{
"key": "reports",
"label": "Reports",
"count": 4,
"items": [
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "Request Logs",
"count": 2,
"items": [
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
"label": "attack.json",
"kind": "text"
},
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
}
]
}
]