kb: expand authorized lab coverage and intel automation

2026-03-16 22:04:51 -07:00
--- a/07-framework-security/frameworks/undici/INDEX.md
+++ b/07-framework-security/frameworks/undici/INDEX.md
@@ -0,0 +1,43 @@
+# Undici
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成索引
+
+- 系统 ID: `undici`
+- 分类: `frameworks`
+- 覆盖策略: `rolling-24m`
+- 总案例数: `14`
+- 近 30 天新增/更新: `7`
+- 重点 Markdown 案例数: `14`
+- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+
+## 目标约束
+
+- 适用目标类型: `lab-local, lab-public, authorized-third-party`
+- 是否允许公网验证: `yes, but ownership or authorization is required`
+- 授权前提: 资产归属可证明，或已取得书面/明确授权。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 来源
+
+- `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=npm; mode=core)
+- `official` [OSV Undici](https://osv.dev/) (mode=core)
+
+## 案例列表
+
+| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|------|------------|----------|--------|
+| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
+| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
+| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
+| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
+| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
+| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
+| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
+| undici Denial of Service attack via bad certificate data | `low` | `generated` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
+| Use of Insufficiently Random Values in undici | `low` | `generated` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
+| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
+| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
+| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
+| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
+| ProxyAgent vulnerable to MITM | `low` | `generated` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
--- a/07-framework-security/frameworks/undici/README.md
+++ b/07-framework-security/frameworks/undici/README.md
@@ -0,0 +1,16 @@
+# Undici
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
+
+- 分类: `frameworks`
+- 覆盖层级: `rolling-24m`
+- Advisory 模式: core
+- 输出目录: `07-framework-security/frameworks/undici`
+- 修复主题: ssrf-url-validation, proxy-trust-boundary
+- 适用目标类型: `lab-local, lab-public, authorized-third-party`
+- 是否允许公网验证: `yes, but only for owned or authorized targets`
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+- 自动索引: [INDEX.md](/Users/x/websafe/07-framework-security/frameworks/undici/INDEX.md)
+- Registry 统计: [undici.json](/Users/x/websafe/08-threat-intel/registry/systems/undici.json)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md
@@ -0,0 +1,98 @@
+---
+title: "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2022-07-21T20:31:05Z"
+updated_date: "2026-02-04T03:02:08.652391Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2022-31151"
+  - "GHSA-q768-x9m6-m9qp"
+affected_versions:
+  - "introduced=0, fixed<5.8.0"
+fixed_versions:
+  - "5.8.0"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+  - "token-cookie-storage"
+  - "dependency-upgrade-policy"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp"
+---
+
+# undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2022-31151`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
+- 影响版本: `introduced=0, fixed<5.8.0`
+- 修复版本: `5.8.0`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2022-31151
+- https://github.com/nodejs/undici/issues/872
+- https://github.com/nodejs/undici/pull/1441
+- https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d
+- https://hackerone.com/reports/1635514
+- https://github.com/nodejs/undici
+- https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189
+- https://github.com/nodejs/undici/releases/tag/v5.8.0
+- https://security.netapp.com/advisory/ntap-20220909-0006
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
+- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
+- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
+- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
+- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
+- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
+- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
+- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
+- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
+- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
+- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
+- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
+- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
+- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
+- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
+- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md
@@ -0,0 +1,74 @@
+---
+title: "ProxyAgent vulnerable to MITM"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2022-06-17T01:02:29Z"
+updated_date: "2026-03-13T22:15:23.541247Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2022-32210"
+  - "GHSA-pgw7-wx7w-2w33"
+affected_versions:
+  - "introduced=4.8.2, fixed<5.5.1"
+fixed_versions:
+  - "5.5.1"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33"
+---
+
+# ProxyAgent vulnerable to MITM
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2022-32210`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33
+- 影响版本: `introduced=4.8.2, fixed<5.5.1`
+- 修复版本: `5.5.1`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2022-32210
+- https://hackerone.com/reports/1583680
+- https://github.com/nodejs/undici
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md
@@ -0,0 +1,92 @@
+---
+title: "Undici's cookie header not cleared on cross-origin redirect in fetch"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2023-10-16T14:05:37Z"
+updated_date: "2026-02-04T02:35:56.289390Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2023-45143"
+  - "GHSA-wqq4-5wpv-mx2g"
+affected_versions:
+  - "introduced=0, fixed<5.26.2"
+fixed_versions:
+  - "5.26.2"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+  - "token-cookie-storage"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp"
+---
+
+# Undici's cookie header not cleared on cross-origin redirect in fetch
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2023-45143`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
+- 影响版本: `introduced=0, fixed<5.26.2`
+- 修复版本: `5.26.2`
+
+## 其他来源
+
+- https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g
+- https://nvd.nist.gov/vuln/detail/CVE-2023-45143
+- https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
+- https://hackerone.com/reports/2166948
+- https://github.com/nodejs/undici
+- https://github.com/nodejs/undici/releases/tag/v5.26.2
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
+- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
+- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
+- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
+- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
+- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
+- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
+- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md
@@ -0,0 +1,82 @@
+---
+title: "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2024-04-04T14:20:39Z"
+updated_date: "2025-11-04T19:44:28Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2024-30260"
+  - "GHSA-m4v8-wqvr-p9f7"
+affected_versions:
+  - "introduced=0, fixed<5.28.4"
+  - "introduced=6.0.0, fixed<6.11.1"
+fixed_versions:
+  - "5.28.4"
+  - "6.11.1"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7"
+---
+
+# Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2024-30260`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7
+- 影响版本: `introduced=0, fixed<5.28.4, introduced=6.0.0, fixed<6.11.1`
+- 修复版本: `5.28.4, 6.11.1`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2024-30260
+- https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f
+- https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75
+- https://hackerone.com/reports/2408074
+- https://github.com/nodejs/undici
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
+- https://security.netapp.com/advisory/ntap-20240905-0008
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md
@@ -0,0 +1,82 @@
+---
+title: "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2024-04-04T14:20:54Z"
+updated_date: "2025-11-04T19:44:42Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2024-30261"
+  - "GHSA-9qxr-qj54-h672"
+affected_versions:
+  - "introduced=0, fixed<5.28.4"
+  - "introduced=6.0.0, fixed<6.11.1"
+fixed_versions:
+  - "5.28.4"
+  - "6.11.1"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672"
+---
+
+# Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2024-30261`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672
+- 影响版本: `introduced=0, fixed<5.28.4, introduced=6.0.0, fixed<6.11.1`
+- 修复版本: `5.28.4, 6.11.1`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2024-30261
+- https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055
+- https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3
+- https://hackerone.com/reports/2377760
+- https://github.com/nodejs/undici
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ
+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E
+- https://security.netapp.com/advisory/ntap-20240905-0008
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md
@@ -0,0 +1,83 @@
+---
+title: "Use of Insufficiently Random Values in undici"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2025-01-21T21:10:47Z"
+updated_date: "2026-02-04T02:29:26.373390Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2025-22150"
+  - "GHSA-c76h-2ccp-4975"
+affected_versions:
+  - "introduced=4.5.0, fixed<5.28.5"
+  - "introduced=6.0.0, fixed<6.21.1"
+  - "introduced=7.0.0, fixed<7.2.3"
+fixed_versions:
+  - "5.28.5"
+  - "6.21.1"
+  - "7.2.3"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
+---
+
+# Use of Insufficiently Random Values in undici
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2025-22150`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975
+- 影响版本: `introduced=4.5.0, fixed<5.28.5, introduced=6.0.0, fixed<6.21.1, introduced=7.0.0, fixed<7.2.3`
+- 修复版本: `5.28.5, 6.21.1, 7.2.3`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2025-22150
+- https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0
+- https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a
+- https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385
+- https://hackerone.com/reports/2913312
+- https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f
+- https://github.com/nodejs/undici
+- https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md
@@ -0,0 +1,80 @@
+---
+title: "undici Denial of Service attack via bad certificate data"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2025-05-15T14:15:06Z"
+updated_date: "2026-02-06T22:08:08.311705Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2025-47279"
+  - "GHSA-cxrh-j4jr-qwg3"
+affected_versions:
+  - "introduced=0, fixed<5.29.0"
+  - "introduced=6.0.0, fixed<6.21.2"
+  - "introduced=7.0.0, fixed<7.5.0"
+fixed_versions:
+  - "5.29.0"
+  - "6.21.2"
+  - "7.5.0"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3"
+---
+
+# undici Denial of Service attack via bad certificate data
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2025-47279`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3
+- 影响版本: `introduced=0, fixed<5.29.0, introduced=6.0.0, fixed<6.21.2, introduced=7.0.0, fixed<7.5.0`
+- 修复版本: `5.29.0, 6.21.2, 7.5.0`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2025-47279
+- https://github.com/nodejs/undici/issues/3895
+- https://github.com/nodejs/undici/pull/4088
+- https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25
+- https://github.com/nodejs/undici
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
@@ -0,0 +1,88 @@
+---
+title: "Undici has an HTTP Request/Response Smuggling issue"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-13T20:07:03Z"
+updated_date: "2026-03-14T09:19:54.772219Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-1525"
+  - "GHSA-2mjp-6q6p-2qxm"
+affected_versions:
+  - "introduced=0, fixed<6.24.0"
+  - "introduced=7.0.0, fixed<7.24.0"
+fixed_versions:
+  - "6.24.0"
+  - "7.24.0"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+  - "request-smuggling-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
+---
+
+# Undici has an HTTP Request/Response Smuggling issue
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2026-1525`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm
+- 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
+- 修复版本: `6.24.0, 7.24.0`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2026-1525
+- https://hackerone.com/reports/3556037
+- https://cna.openjsf.org/security-advisories.html
+- https://cwe.mitre.org/data/definitions/444.html
+- https://github.com/nodejs/undici
+- https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/request-smuggling-boundary.md)
+- [nodejs:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/request-smuggling-boundary.md)
+- [java:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/java/request-smuggling-boundary.md)
+- [php:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/php/request-smuggling-boundary.md)
+- [python:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/python/request-smuggling-boundary.md)
+- [ruby:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/ruby/request-smuggling-boundary.md)
+- [csharp:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/csharp/request-smuggling-boundary.md)
+- [go:request-smuggling-boundary](/Users/x/websafe/05-defense/secure-code/go/request-smuggling-boundary.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
@@ -0,0 +1,88 @@
+---
+title: "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-13T20:41:56Z"
+updated_date: "2026-03-13T20:54:25.563997Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-1526"
+  - "GHSA-vrm6-8vpv-qv8q"
+affected_versions:
+  - "introduced=0, fixed<6.24.0"
+  - "introduced=7.0.0, fixed<7.24.0"
+fixed_versions:
+  - "6.24.0"
+  - "7.24.0"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+  - "plugin-extension-trust-policy"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
+---
+
+# Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2026-1526`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q
+- 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
+- 修复版本: `6.24.0, 7.24.0`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2026-1526
+- https://hackerone.com/reports/3481206
+- https://cna.openjsf.org/security-advisories.html
+- https://datatracker.ietf.org/doc/html/rfc7692
+- https://github.com/nodejs/undici
+- https://owasp.org/www-community/attacks/Denial_of_Service
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
+- [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
+- [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
+- [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
+- [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
+- [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
+- [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
+- [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
@@ -0,0 +1,77 @@
+---
+title: "Undici has CRLF Injection in undici via `upgrade` option"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-13T20:41:26Z"
+updated_date: "2026-03-13T20:54:25.572106Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-1527"
+  - "GHSA-4992-7rv2-5pvq"
+affected_versions:
+  - "introduced=0, fixed<6.24.0"
+  - "introduced=7.0.0, fixed<7.24.0"
+fixed_versions:
+  - "6.24.0"
+  - "7.24.0"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq"
+---
+
+# Undici has CRLF Injection in undici via `upgrade` option
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2026-1527`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq
+- 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
+- 修复版本: `6.24.0, 7.24.0`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2026-1527
+- https://hackerone.com/reports/3487198
+- https://cna.openjsf.org/security-advisories.html
+- https://github.com/nodejs/undici
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
@@ -0,0 +1,77 @@
+---
+title: "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-13T20:07:26Z"
+updated_date: "2026-03-14T09:17:45.838435Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-1528"
+  - "GHSA-f269-vfmq-vjvj"
+affected_versions:
+  - "introduced=6.0.0, fixed<6.24.0"
+  - "introduced=7.0.0, fixed<7.24.0"
+fixed_versions:
+  - "6.24.0"
+  - "7.24.0"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
+---
+
+# Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2026-1528`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj
+- 影响版本: `introduced=6.0.0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
+- 修复版本: `6.24.0, 7.24.0`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2026-1528
+- https://hackerone.com/reports/3537648
+- https://cna.openjsf.org/security-advisories.html
+- https://github.com/nodejs/undici
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md
@@ -0,0 +1,76 @@
+---
+title: "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-01-14T21:06:08Z"
+updated_date: "2026-02-04T02:56:17.456091Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-22036"
+  - "GHSA-g9mf-h72j-4rw9"
+affected_versions:
+  - "introduced=7.0.0, fixed<7.18.2"
+  - "introduced=0, fixed<6.23.0"
+fixed_versions:
+  - "7.18.2"
+  - "6.23.0"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9"
+---
+
+# Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2026-22036`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9
+- 影响版本: `introduced=7.0.0, fixed<7.18.2, introduced=0, fixed<6.23.0`
+- 修复版本: `7.18.2, 6.23.0`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2026-22036
+- https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3
+- https://github.com/nodejs/undici
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
@@ -0,0 +1,88 @@
+---
+title: "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-13T20:41:41Z"
+updated_date: "2026-03-13T20:54:26.149214Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-2229"
+  - "GHSA-v9p9-hfj2-hcw8"
+affected_versions:
+  - "introduced=0, fixed<6.24.0"
+  - "introduced=7.0.0, fixed<7.24.0"
+fixed_versions:
+  - "6.24.0"
+  - "7.24.0"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+  - "plugin-extension-trust-policy"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
+---
+
+# Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2026-2229`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8
+- 影响版本: `introduced=0, fixed<6.24.0, introduced=7.0.0, fixed<7.24.0`
+- 修复版本: `6.24.0, 7.24.0`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2026-2229
+- https://hackerone.com/reports/3487486
+- https://cna.openjsf.org/security-advisories.html
+- https://datatracker.ietf.org/doc/html/rfc7692
+- https://github.com/nodejs/undici
+- https://nodejs.org/api/zlib.html#class-zlibinflateraw
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
+- [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
+- [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
+- [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
+- [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
+- [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
+- [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
+- [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
+- [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
@@ -0,0 +1,75 @@
+---
+title: "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS"
+system_id: "undici"
+category: "frameworks"
+advisory_mode: "core"
+published_date: "2026-03-13T20:37:58Z"
+updated_date: "2026-03-13T20:54:25.417862Z"
+severity: "low"
+exploit_status: "unknown"
+source_confidence: "official"
+target_types:
+  - "lab-local"
+  - "lab-public"
+  - "authorized-third-party"
+allow_public_validation: "yes, with ownership or explicit authorization"
+authorization_prerequisite: "asset ownership proof or explicit written authorization"
+minimal_validation: "read-only probe, controlled payload, reversible test"
+aliases:
+  - "CVE-2026-2581"
+  - "GHSA-phc3-fgpg-7m6h"
+affected_versions:
+  - "introduced=7.17.0, fixed<7.24.0"
+fixed_versions:
+  - "7.24.0"
+secure_code_topics:
+  - "ssrf-url-validation"
+  - "proxy-trust-boundary"
+primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h"
+---
+
+# Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS
+
+## 事件层
+
+- Canonical ID: `undici--CVE-2026-2581`
+- 系统: `undici`
+- 严重度: `low`
+- 来源置信度: `official`
+- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h
+- 影响版本: `introduced=7.17.0, fixed<7.24.0`
+- 修复版本: `7.24.0`
+
+## 其他来源
+
+- https://nvd.nist.gov/vuln/detail/CVE-2026-2581
+- https://hackerone.com/reports/3513473
+- https://cna.openjsf.org/security-advisories.html
+- https://github.com/nodejs/undici
+
+## 实验层
+
+- 仅用于自有资产、测试环境或已明确授权目标。
+- 允许公网可达目标，但必须满足资产归属或明确授权前提。
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 若该案例涉及插件、模块或扩展，应同时检查供应链与升级策略。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+## 修复示例
+
+- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
+- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
+- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
+- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
+- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
+- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
+- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
+- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
+- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
+- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
+- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
+- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
+- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
+- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
+- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
+- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)