更新: 103 个文件 - 2026-03-18 19:24:37

07-framework-security/ecommerce/saleor/INDEX.md

@@ -5,14 +5,14 @@
 - 系统 ID: `saleor`
 - 分类: `ecommerce`
 - 覆盖策略: `rolling-24m`
-- 总案例数: `0`
+- 总案例数: `24`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
-- 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-18T21:18:14+00:00`
+- 待人工/缺浏览器证据: `24`
+- 最近渲染时间: `2026-03-19T02:23:04+00:00`
 
 ## 目标约束
 
@@ -26,9 +26,37 @@
 
 - `official` [GitHub Saleor Advisories](https://github.com/saleor/saleor/security/advisories) (mode=core)
 - `official` [NVD Saleor](https://nvd.nist.gov/vuln/search) (keyword=Saleor; mode=core)
+- `ecosystem-authority` [OSV Saleor](https://osv.dev/) (mode=core)
 
 ## 案例列表
 
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
+| saleor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Unauthenticated Information Disclosure Vulnerability via Python Exceptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Non-constant time HMAC comparison in Adyen plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Stored XSS via Unrestricted File Uploads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Insecure Direct Object Reference (IDOR) in GraphQL API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Star
+            22.7k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| saleor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Improper object type validation in mutations leading to unauthorized access | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Security 
+           10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Issues 
+           185 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| CSRF bypass in refreshToken mutation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Pull requests 
+           67 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| User enumeration vulnerability in Saleor due to different error messages | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Lack of proper HTML sanitization in rich text fields | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
+| Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |