hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 421 个文件 - 2026-03-17 18:30:02

浏览代码
这个提交包含在:
hao
2026-03-17 18:30:02 -07:00
父节点 29c3faaa28
当前提交 a3edc88834
修改 421 个文件,包含 12474 行新增5845 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

370
08-threat-intel/generated/dashboard/advisories.json
查看文件

@@ -1,206 +1,4 @@
{
"gitea--CVE-2018-15192": {
"canonical_id": "gitea--CVE-2018-15192",
"title": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
"summary": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2024-08-20T20:32:20Z",
"updated_at": "2026-03-03T04:54:04.686907Z",
"official_source_url": "https://github.com/advisories/GHSA-fg3x-rwq9-74cw",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-15192",
"https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9",
"https://github.com/go-gitea/gitea/issues/4624",
"https://github.com/go-gitea/gitea/pull/17482",
"https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b",
"https://github.com/gogs/gogs/issues/5366",
"https://github.com/gogs/gogs/pull/6002"
],
"aliases": [
"CVE-2018-15192",
"GHSA-fg3x-rwq9-74cw",
"GO-2023-1971"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"ssrf-url-validation"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"gitea--CVE-2018-18926": {
"canonical_id": "gitea--CVE-2018-18926",
"title": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
"summary": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2024-08-21T15:29:04Z",
"updated_at": "2026-03-03T04:52:20.787387Z",
"official_source_url": "https://github.com/advisories/GHSA-hf6f-jq25-8gq9",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-18926",
"https://github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162",
"https://github.com/go-gitea/gitea/issues/5140",
"https://github.com/go-gitea/gitea/pull/5177"
],
"aliases": [
"CVE-2018-18926",
"GHSA-hf6f-jq25-8gq9",
"GO-2022-0844"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"gitea--CVE-2019-1010261": {
"canonical_id": "gitea--CVE-2019-1010261",
"title": "Gitea XSS Vulnerability in code.gitea.io/gitea",
"summary": "Gitea XSS Vulnerability in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2024-08-20T20:31:38Z",
"updated_at": "2026-03-03T04:53:57.848904Z",
"official_source_url": "https://github.com/advisories/GHSA-5rh7-6gfj-mc87",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-1010261",
"https://github.com/go-gitea/gitea/pull/5905"
],
"aliases": [
"CVE-2019-1010261",
"GHSA-5rh7-6gfj-mc87",
"GO-2023-1922"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"xss-output-encoding"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"gitea--CVE-2020-13246": {
"canonical_id": "gitea--CVE-2020-13246",
"title": "Denial of Service in Gitea in code.gitea.io/gitea",
"summary": "Denial of Service in Gitea in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2024-08-21T15:29:04Z",
"updated_at": "2026-03-03T04:52:17.939867Z",
"official_source_url": "https://github.com/advisories/GHSA-g2qx-6ghw-67hm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-13246",
"https://github.com/go-gitea/gitea/issues/10549",
"https://github.com/go-gitea/gitea/pull/11438",
"https://www.youtube.com/watch?v=DmVgADSVS88"
],
"aliases": [
"BIT-gitea-2020-13246",
"CVE-2020-13246",
"GHSA-g2qx-6ghw-67hm",
"GO-2022-0830"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"gitea--CVE-2021-28378": {
"canonical_id": "gitea--CVE-2021-28378",
"title": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
"summary": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2024-08-21T15:29:04Z",
"updated_at": "2026-03-03T04:52:18.307544Z",
"official_source_url": "https://github.com/advisories/GHSA-g95p-88p4-76cm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-28378",
"https://blog.gitea.io/2021/03/gitea-1.13.4-is-released",
"https://github.com/PandatiX/CVE-2021-28378",
"https://github.com/go-gitea/gitea/pull/14898",
"https://github.com/go-gitea/gitea/pull/14899"
],
"aliases": [
"BIT-gitea-2021-28378",
"CVE-2021-28378",
"GHSA-g95p-88p4-76cm",
"GO-2022-0832"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"xss-output-encoding"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"gitea--CVE-2021-29134": {
"canonical_id": "gitea--CVE-2021-29134",
"title": "Path Traversal in Gitea in code.gitea.io/gitea",
@@ -768,87 +566,6 @@
"refs": []
}
},
"gitea--CVE-2025-68939": {
"canonical_id": "gitea--CVE-2025-68939",
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:48.777563Z",
"official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
"https://blog.gitea.com/release-of-1.23.0",
"https://github.com/go-gitea/gitea/pull/32151",
"https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
],
"aliases": [
"BIT-gitea-2025-68939",
"CVE-2025-68939",
"GHSA-263q-5cv3-xq9g",
"GO-2025-4261"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"gitea--CVE-2025-68940": {
"canonical_id": "gitea--CVE-2025-68940",
"title": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
"summary": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:50.087298Z",
"official_source_url": "https://github.com/advisories/GHSA-rrcw-5rjv-vj26",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68940",
"https://blog.gitea.com/release-of-1.22.5",
"https://github.com/go-gitea/gitea/pull/32654",
"https://github.com/go-gitea/gitea/releases/tag/v1.22.5"
],
"aliases": [
"BIT-gitea-2025-68940",
"CVE-2025-68940",
"GHSA-rrcw-5rjv-vj26",
"GO-2025-4267"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"gitea--CVE-2025-68941": {
"canonical_id": "gitea--CVE-2025-68941",
"title": "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
@@ -1516,43 +1233,6 @@
"refs": []
}
},
"nextjs--CVE-2020-15242": {
"canonical_id": "nextjs--CVE-2020-15242",
"title": "Open Redirect in Next.js versions",
"summary": "### Impact\n\n- **Affected**: Users of Next.js between 9.5.0 and 9.5.3 \n- **Not affected**: Deployments on Vercel ([https://vercel.com](https://vercel.com)) are not affected\n- **Not affected**: Deployments using `next export`\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v9.5.4\n\n### References\n\nhttps://github.com/vercel/next.js/releases/tag/v9.5.4\n\n",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2020-10-08T19:28:07Z",
"updated_at": "2026-03-13T22:14:13.665535Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15242",
"https://github.com/vercel/next.js",
"https://github.com/zeit/next.js/releases/tag/v9.5.4"
],
"aliases": [
"CVE-2020-15242",
"GHSA-x56p-c8cg-q435"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2020-5284": {
"canonical_id": "nextjs--CVE-2020-5284",
"title": "Directory Traversal in Next.js",
@@ -1852,9 +1532,9 @@
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
@@ -1898,50 +1578,6 @@
"refs": []
}
},
"nextjs--CVE-2025-29927": {
"canonical_id": "nextjs--CVE-2025-29927",
"title": "Authorization Bypass in Next.js Middleware",
"summary": "# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2025-03-21T15:20:12Z",
"updated_at": "2026-03-04T15:06:29.993197Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
"https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
"https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v12.3.5",
"https://github.com/vercel/next.js/releases/tag/v13.5.9",
"https://security.netapp.com/advisory/ntap-20250328-0002",
"https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
"http://www.openwall.com/lists/oss-security/2025/03/23/3",
"http://www.openwall.com/lists/oss-security/2025/03/23/4"
],
"aliases": [
"CVE-2025-29927",
"GHSA-f82v-jwr5-mffw"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "real",
"artifact_mode": "official-source",
"blocked_reason": "dry-run only",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"nextjs--CVE-2025-30218": {
"canonical_id": "nextjs--CVE-2025-30218",
"title": "Next.js may leak x-middleware-subrequest-id to external hosts",