更新: 103 个文件 - 2026-03-18 19:24:37
这个提交包含在:
hao
@@ -5,14 +5,14 @@
|
||||
- 系统 ID: `undici`
|
||||
- 分类: `frameworks`
|
||||
- 覆盖策略: `rolling-24m`
|
||||
- 总案例数: `0`
|
||||
- 近 30 天新增/更新: `0`
|
||||
- 重点 Markdown 案例数: `0`
|
||||
- 已实证(真实版本): `0`
|
||||
- 总案例数: `16`
|
||||
- 近 30 天新增/更新: `7`
|
||||
- 重点 Markdown 案例数: `15`
|
||||
- 已实证(真实版本): `7`
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
|
||||
- 待人工/缺浏览器证据: `9`
|
||||
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -32,4 +32,19 @@
|
||||
|
||||
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|
||||
|------|--------|----------|----------|----------|------------|----------|--------|
|
||||
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
|
||||
| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T22:58:59.936049Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
|
||||
| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T22:58:58.908047Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
|
||||
| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T22:58:58.996775Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
|
||||
| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T23:58:57.714731Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
|
||||
| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T22:58:59.863318Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
|
||||
| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-18T22:58:59.626657Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
|
||||
| CVE-2026-21636 | `critical` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-01-30T20:20:56.843` | - |
|
||||
| Undici vulnerable to data leak when using response.arrayBuffer() | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-07-09T13:57:47.271493Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-38372.md) |
|
||||
| Undici proxy-authorization header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-05-02T13:15:07Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-24758.md) |
|
||||
| fetch(url) leads to a memory leak in undici | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-19T09:30:47Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-24750.md) |
|
||||
| CRLF Injection in Nodejs ‘undici’ via host | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-12-16T15:26:50.318903Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-23936.md) |
|
||||
| Regular Expression Denial of Service in Headers | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:11:48.635999Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-24807.md) |
|
||||
| Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:53.836338Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-35948.md) |
|
||||
| `undici.request` vulnerable to SSRF using absolute URL on `pathname` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:53.898548Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-35949.md) |
|
||||
| undici before v5.8.0 vulnerable to CRLF injection in request headers | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:27.728154Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31150.md) |
|
||||
| ProxyAgent vulnerable to MITM | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
|
||||
|
||||
在新工单中引用
屏蔽一个用户