hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

kb: expand authorized lab coverage and intel automation

浏览代码
这个提交包含在:
hao
2026-03-16 22:04:51 -07:00
父节点 cda31e86c7
当前提交 d0120fbf10
修改 592 个文件,包含 29025 行新增267 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

89
08-threat-intel/README.md 普通文件
查看文件

@@ -0,0 +1,89 @@
# 漏洞情报、订阅与自动入库
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | `OFFICIAL-FIRST`
本目录是主流开源 Web 系统安全更新与漏洞入库的控制平面。它不直接给出“生产推荐”,而是把官方公告、生态权威数据库和高质量研究映射到授权实验场景、registry 记录和重点案例页。
## 目录职责
- [source-map.yaml](/Users/x/websafe/08-threat-intel/source-map.yaml)
- 全库唯一真值配置,定义系统范围、覆盖策略、source adapter、输出目录和 secure-code 主题。
- [registry/advisories/](/Users/x/websafe/08-threat-intel/registry/advisories)
- canonical advisory 级 JSON 记录,是“所有具体案例”的正式载体。
- [registry/systems/](/Users/x/websafe/08-threat-intel/registry/systems)
- 每个系统的统计索引、最近更新时间和案例列表。
- [registry/triage/](/Users/x/websafe/08-threat-intel/registry/triage)
- 无法自动确定版本、来源冲突或只有弱来源支持的候选。
- [generated/coverage-matrix.md](/Users/x/websafe/08-threat-intel/generated/coverage-matrix.md)
- 全局覆盖矩阵,展示每个系统的 tier、registry 数、Markdown 数和自动同步状态。
- [generated/latest-ingest.md](/Users/x/websafe/08-threat-intel/generated/latest-ingest.md)
- 最近一次同步摘要。
- [registry/source-confidence.md](/Users/x/websafe/08-threat-intel/registry/source-confidence.md)
- `official``ecosystem-authority``research``triage-only` 的入库规则。
## Source Policy
自动化入库强制分层:
- `official`
- 厂商公告、官方 repo advisories、官方 RSS/API/JSON。
- `ecosystem-authority`
- Wordfence、Patchstack、WPScan、Sansec、Friends Of Presta、GitLab Advisory DB 等生态权威库。
- `research`
- PortSwigger、Project Zero、Orange Tsai、ProjectDiscovery 等高质量研究。
- `triage-only`
- 结构漂移、版本不清、来源冲突或只有单篇研究支撑的候选。
默认规则:
- 只有 `official``ecosystem-authority` 可以直接形成 registry 正式记录。
- `research` 只能补充背景、利用链、实验映射,不能单独确认为正式案例。
- 没有影响版本、修复版本或可信来源的条目进入 `triage/`,不计入“完成覆盖”。
## 自动化命令
```bash
python3 /Users/x/websafe/scripts/intel/main.py render
python3 /Users/x/websafe/scripts/intel/main.py validate
python3 /Users/x/websafe/scripts/intel/main.py hotlane
python3 /Users/x/websafe/scripts/intel/main.py ingest --since last-success
python3 /Users/x/websafe/scripts/intel/main.py reconcile
python3 /Users/x/websafe/scripts/intel/main.py backfill --tier rolling-24m --dry-run
python3 /Users/x/websafe/scripts/intel/main.py ingest --since 365d --system nextjs --system vite
python3 /Users/x/websafe/scripts/intel/main.py open-pr --dry-run
```
可选环境变量:
- `GITHUB_TOKEN`
- GitHub Global Advisories 在未认证状态下很容易碰到 rate limit;配置后能提高配额。
- `NVD_API_KEY`
- 可选,用于提高 NVD 查询配额和稳定性。
运行时建议:
- 使用独立虚拟环境安装 [requirements-intel.txt](/Users/x/websafe/requirements-intel.txt)。
- 当前机器上的 Python 3.9 + LibreSSL 对部分 HTTPS 源可能出现 `SSLError``urllib3<2` 已写入依赖约束以降低兼容性问题。
对应的本机 cron 入口:
- [run-hourly.sh](/Users/x/websafe/scripts/intel/run-hourly.sh)
- 处理 KEV / 在野利用 / 极高优先级更新,日志写入 `08-threat-intel/generated/logs/`
- [run-nightly.sh](/Users/x/websafe/scripts/intel/run-nightly.sh)
- 处理常规增量同步
- [run-weekly-reconcile.sh](/Users/x/websafe/scripts/intel/run-weekly-reconcile.sh)
- 回看最近 30 天,重新对齐 NVD / OSV / vendor 更新
## 入口文档
- [subscription-catalog.md](/Users/x/websafe/08-threat-intel/subscription-catalog.md)
- [registry/source-confidence.md](/Users/x/websafe/08-threat-intel/registry/source-confidence.md)
- [intake-and-severity-rules.md](/Users/x/websafe/08-threat-intel/intake-and-severity-rules.md)
- [case-intake-template.md](/Users/x/websafe/08-threat-intel/case-intake-template.md)
- [config-examples/README.md](/Users/x/websafe/08-threat-intel/config-examples/README.md)
## 实验边界
- 所有案例、source adapter 和索引页仅适用于 `lab-local``lab-public``authorized-third-party`
- 允许公网可达目标,但前提必须是资产归属明确,或已获得明确授权。
- 不面向未授权互联网资产,不面向公共知名网站,不作为泛化枚举或生产推荐语境。

40
08-threat-intel/case-intake-template.md 普通文件
查看文件

@@ -0,0 +1,40 @@
# 案例入库模板
```md
---
title: ""
published_date: ""
affected_versions: []
fixed_versions: []
severity: ""
exploit_status: ""
stack: []
attack_type: []
primary_source: ""
secondary_sources: []
target_types: []
public_target_allowed: false
authorization_required: true
minimum_validation: ""
prohibited_use: ""
---
# 标题
## 事件层
- 官方来源:
- 发布时间:
- 影响范围:
- 修复版本:
## 实验层
### 实验思路
### 推荐的最小化验证
### 观测点
## 回填建议
```

22
08-threat-intel/config-examples/README.md 普通文件
查看文件

@@ -0,0 +1,22 @@
# 配置样例
> `LAB ONLY` | `非生产默认策略`
本目录保存“授权实验和验证用配置案例”,分为两类:
- GitHub / 代码仓依赖与漏洞情报配置
- 授权验证脚本与命令样例
## 样例列表
- [dependabot.yml](/Users/x/websafe/08-threat-intel/config-examples/github/.github/dependabot.yml)
- [dependency-review.yml](/Users/x/websafe/08-threat-intel/config-examples/github/.github/workflows/dependency-review.yml)
- [codeql-javascript.yml](/Users/x/websafe/08-threat-intel/config-examples/github/.github/workflows/codeql-javascript.yml)
- [trivy-fs.yml](/Users/x/websafe/08-threat-intel/config-examples/github/.github/workflows/trivy-fs.yml)
- [osv-sbom.yml](/Users/x/websafe/08-threat-intel/config-examples/github/.github/workflows/osv-sbom.yml)
- [authorized-verification-playbook.md](/Users/x/websafe/08-threat-intel/config-examples/authorized-verification-playbook.md)
## 使用原则
- 这些文件展示“如何追踪、如何观察、如何验证”,不是生产阻断策略的直接模板。
- 真正上生产前,应按组织流程做权限、误报、变更和阻断策略评估。

51
08-threat-intel/config-examples/authorized-verification-playbook.md 普通文件
查看文件

@@ -0,0 +1,51 @@
# 授权验证样例
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
以下命令仅用于自有资产、测试环境或已明确授权的目标。
## HTTP 注入最小化验证
```bash
python3 /Users/x/websafe/01-sql-injection/tools/sqli-scanner.py \
-u "https://owned-lab.example.test/search?id=1"
```
## XSS 上下文与回显验证
```bash
python3 /Users/x/websafe/02-xss/tools/xss-fuzzer.py \
-u "https://owned-lab.example.test/search?q=test"
```
## TLS 与头部检查
```bash
python3 /Users/x/websafe/04-server-security/tls/tools/tls-scanner.py \
-u https://owned-lab.example.test
```
## 最小端口暴露验证
```bash
python3 /Users/x/websafe/04-server-security/scanning/tools/port-scanner.py \
-H owned-lab.example.test --top-ports 20
```
## 同 IP / 同证书关联分析
```bash
python3 /Users/x/websafe/04-server-security/infrastructure/tools/site-scope-mapper.py \
--target owned-lab.example.test --ack-authorized
```
## 手工检查 CSP / 响应头
```bash
curl -I https://owned-lab.example.test
```
## 记录要求
- 每次公网验证都应回填 [测试记录模板](/Users/x/websafe/09-scope-and-targeting/test-record-template.md)
- 每个目标都应登记在 [资产清单模板](/Users/x/websafe/09-scope-and-targeting/asset-inventory-template.md)

37
08-threat-intel/config-examples/github/.github/dependabot.yml vendored 普通文件
查看文件

@@ -0,0 +1,37 @@
# LAB ONLY
# 用途: 依赖告警与升级建议,用于研究仓库和测试资产
# 目标范围: 自有代码仓、自有测试项目
# 风险: 可能产生大量升级 PR,需要人工分流
# 不适用: 未经评估直接套到生产阻断流程
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "04:00"
open-pull-requests-limit: 10
labels:
- "security"
- "dependencies"
- "lab-review"
groups:
frontend-runtime:
patterns:
- "react*"
- "next"
- "vue*"
- "nuxt*"
- "vite*"
http-clients:
patterns:
- "axios"
- "undici"
- "node-fetch*"
- package-ecosystem: "docker"
directory: "/00-environments"
schedule:
interval: "weekly"
day: "wednesday"
time: "04:30"

41
08-threat-intel/config-examples/github/.github/workflows/codeql-javascript.yml vendored 普通文件
查看文件

@@ -0,0 +1,41 @@
# LAB ONLY
# 用途: JavaScript / TypeScript 静态安全分析
# 目标范围: 自有代码仓、自有测试项目
# 风险: 可能出现需要人工甄别的误报
# 不适用: 未经规则调优直接作为生产发布门禁
name: codeql-javascript
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
permissions:
actions: read
contents: read
security-events: write
jobs:
analyze:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language:
- javascript-typescript
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Analyze
uses: github/codeql-action/analyze@v3

25
08-threat-intel/config-examples/github/.github/workflows/dependency-review.yml vendored 普通文件
查看文件

@@ -0,0 +1,25 @@
# LAB ONLY
# 用途: PR 依赖风险观察
# 目标范围: 自有研究仓库、自有测试项目
# 风险: 高危依赖会导致 PR 失败
# 不适用: 未经调优直接作为生产阻断策略
name: dependency-review
on:
pull_request:
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Review dependencies
uses: actions/dependency-review-action@v4
with:
fail-on-severity: high
comment-summary-in-pr: always

41
08-threat-intel/config-examples/github/.github/workflows/osv-sbom.yml vendored 普通文件
查看文件

@@ -0,0 +1,41 @@
# LAB ONLY
# 用途: 生成 SBOM 并用 OSV 扫描依赖漏洞
# 目标范围: 自有代码仓和实验项目
# 风险: 需要下载额外工具,运行时间较长
# 不适用: 未经缓存和版本固定直接作为生产门禁
name: osv-sbom
on:
push:
branches:
- main
workflow_dispatch:
permissions:
contents: read
jobs:
osv-sbom:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: "1.22"
- name: Install Syft and OSV-Scanner
run: |
go install github.com/anchore/syft/cmd/syft@latest
go install github.com/google/osv-scanner/cmd/osv-scanner@latest
echo "$(go env GOPATH)/bin" >> "$GITHUB_PATH"
- name: Generate SBOM
run: |
syft dir:. -o cyclonedx-json > sbom.json
- name: Scan SBOM with OSV
run: |
osv-scanner scan --sbom=sbom.json

34
08-threat-intel/config-examples/github/.github/workflows/trivy-fs.yml vendored 普通文件
查看文件

@@ -0,0 +1,34 @@
# LAB ONLY
# 用途: 文件系统、配置与秘密扫描
# 目标范围: 自有代码仓和实验目录
# 风险: 可能报告历史样例、测试密钥或教学用漏洞文件
# 不适用: 未经白名单梳理直接作为生产阻断策略
name: trivy-fs
on:
push:
branches:
- main
workflow_dispatch:
permissions:
contents: read
jobs:
trivy-fs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Trivy
run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
- name: Scan repository
run: |
trivy fs \
--scanners vuln,secret,config \
--severity HIGH,CRITICAL \
--exit-code 0 \
.

66
08-threat-intel/generated/coverage-matrix.md 普通文件
查看文件

@@ -0,0 +1,66 @@
# 覆盖矩阵
| 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | triage | 最近更新 |
|------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------|----------|
| Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `0` | `` |
| Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Caddy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Directus | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Discourse | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Django | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Drupal | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `0` | `` |
| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Ghost | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `37` | `37` | `3` | `seeded` | `0` | `2026-03-03T04:57:57.697708Z` |
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Hapi | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Joomla | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `0` | `` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `26` | `26` | `3` | `seeded` | `0` | `2026-03-13T22:14:13.665535Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| React | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `0` | `2026-03-14T09:19:54.772219Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `0` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` |
| WooCommerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` |
| WordPress | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `0` | `` |

20
08-threat-intel/generated/latest-ingest.md 普通文件
查看文件

@@ -0,0 +1,20 @@
# 最新同步摘要
- 渲染时间: `2026-03-17T04:37:52+00:00`
- 系统数量: `62`
- Advisory 数量: `89`
- 重点 Markdown 数量: `89`
- 新增记录: `0`
- 更新记录: `0`
- Triage 数量: `0`
- 失败的 source adapter: `7`
## 失败列表
- wordpress::NVD WordPress::SSLError
- wordpress::WPScan Vulnerability Database::SSLError
- wordpress::PortSwigger Research::SSLError
- magento-open-source::Magento GitHub Advisories::SSLError
- nodejs::Node.js Security Releases::SSLError
- nginx::NGINX Security Advisories::SSLError
- gitea::GitHub Gitea Advisories::SSLError

19
08-threat-intel/generated/run-summary.json 普通文件
查看文件

@@ -0,0 +1,19 @@
{
"generated_at": "2026-03-17T04:37:52+00:00",
"system_count": 62,
"advisory_count": 89,
"markdown_count": 89,
"new_count": 0,
"updated_count": 0,
"systems_touched": [],
"triage_count": 0,
"failures": [
"wordpress::NVD WordPress::SSLError",
"wordpress::WPScan Vulnerability Database::SSLError",
"wordpress::PortSwigger Research::SSLError",
"magento-open-source::Magento GitHub Advisories::SSLError",
"nodejs::Node.js Security Releases::SSLError",
"nginx::NGINX Security Advisories::SSLError",
"gitea::GitHub Gitea Advisories::SSLError"
]
}

28
08-threat-intel/intake-and-severity-rules.md 普通文件
查看文件

@@ -0,0 +1,28 @@
# 入库与分级规则
## 入库最小条件
1. 存在官方来源。
2. 能明确影响版本或影响范围。
3. 能明确修复版本、缓解方式或升级方向。
4. 能映射到本仓库某个实验主题。
## 定级
| 级别 | 进入条件 | 默认动作 |
|------|----------|----------|
| `P0` | CISA KEV 命中、授权绕过、远程代码执行、关键供应链接管 | 立即建立案例、优先实验映射、优先配置订阅 |
| `P1` | 高影响 SSRF、请求走私、路径遍历、前端敏感配置泄露、广泛依赖漏洞 | 一周内入库并补实验映射 |
| `P2` | 需要较强前置条件、影响面较窄、仅特定部署触发 | 作为知识项归档,择机补实验 |
## 去重键
- 官方公告 ID
- CVE / GHSA / OSV ID
- 受影响组件
- 首次公开日期
## 入库格式
- 案例优先使用 [case-intake-template.md](/Users/x/websafe/08-threat-intel/case-intake-template.md)
- 工具与配置样例优先使用 [tool-metadata-template.md](/Users/x/websafe/09-scope-and-targeting/tool-metadata-template.md)

67
08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json 普通文件
查看文件

@@ -0,0 +1,67 @@
{
"canonical_id": "gitea--CVE-2018-15192",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
"summary": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
"published_at": "2024-08-20T20:32:20Z",
"updated_at": "2026-03-03T04:54:04.686907Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-fg3x-rwq9-74cw",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-15192",
"https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9",
"https://github.com/go-gitea/gitea/issues/4624",
"https://github.com/go-gitea/gitea/pull/17482",
"https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b",
"https://github.com/gogs/gogs/issues/5366",
"https://github.com/gogs/gogs/pull/6002"
],
"aliases": [
"CVE-2018-15192",
"GHSA-fg3x-rwq9-74cw",
"GO-2023-1971"
],
"cve_ids": [
"CVE-2018-15192"
],
"ghsa_ids": [
"GHSA-fg3x-rwq9-74cw"
],
"osv_ids": [
"GO-2023-1971"
],
"affected_versions": [
"introduced=0, fixed<1.16.0-rc1",
"introduced=0, fixed<0.12.0"
],
"fixed_versions": [
"1.16.0-rc1",
"0.12.0"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"ssrf-url-validation"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "gitea--CVE-2018-18926",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
"summary": "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea",
"published_at": "2024-08-21T15:29:04Z",
"updated_at": "2026-03-03T04:52:20.787387Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-hf6f-jq25-8gq9",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-18926",
"https://github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162",
"https://github.com/go-gitea/gitea/issues/5140",
"https://github.com/go-gitea/gitea/pull/5177"
],
"aliases": [
"CVE-2018-18926",
"GHSA-hf6f-jq25-8gq9",
"GO-2022-0844"
],
"cve_ids": [
"CVE-2018-18926"
],
"ghsa_ids": [
"GHSA-hf6f-jq25-8gq9"
],
"osv_ids": [
"GO-2022-0844"
],
"affected_versions": [
"introduced=0, fixed<1.5.2"
],
"fixed_versions": [
"1.5.2"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "gitea--CVE-2019-1010261",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea XSS Vulnerability in code.gitea.io/gitea",
"summary": "Gitea XSS Vulnerability in code.gitea.io/gitea",
"published_at": "2024-08-20T20:31:38Z",
"updated_at": "2026-03-03T04:53:57.848904Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-5rh7-6gfj-mc87",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-1010261",
"https://github.com/go-gitea/gitea/pull/5905"
],
"aliases": [
"CVE-2019-1010261",
"GHSA-5rh7-6gfj-mc87",
"GO-2023-1922"
],
"cve_ids": [
"CVE-2019-1010261"
],
"ghsa_ids": [
"GHSA-5rh7-6gfj-mc87"
],
"osv_ids": [
"GO-2023-1922"
],
"affected_versions": [
"introduced=0, fixed<1.7.1"
],
"fixed_versions": [
"1.7.1"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"xss-output-encoding"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "gitea--CVE-2020-13246",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Denial of Service in Gitea in code.gitea.io/gitea",
"summary": "Denial of Service in Gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T15:29:04Z",
"updated_at": "2026-03-03T04:52:17.939867Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-g2qx-6ghw-67hm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-13246",
"https://github.com/go-gitea/gitea/issues/10549",
"https://github.com/go-gitea/gitea/pull/11438",
"https://www.youtube.com/watch?v=DmVgADSVS88"
],
"aliases": [
"BIT-gitea-2020-13246",
"CVE-2020-13246",
"GHSA-g2qx-6ghw-67hm",
"GO-2022-0830"
],
"cve_ids": [
"CVE-2020-13246"
],
"ghsa_ids": [
"GHSA-g2qx-6ghw-67hm"
],
"osv_ids": [
"GO-2022-0830"
],
"affected_versions": [
"introduced=0, fixed<1.12.0"
],
"fixed_versions": [
"1.12.0"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "gitea--CVE-2021-28378",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
"summary": "Cross-site Scripting in Gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T15:29:04Z",
"updated_at": "2026-03-03T04:52:18.307544Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-g95p-88p4-76cm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-28378",
"https://blog.gitea.io/2021/03/gitea-1.13.4-is-released",
"https://github.com/PandatiX/CVE-2021-28378",
"https://github.com/go-gitea/gitea/pull/14898",
"https://github.com/go-gitea/gitea/pull/14899"
],
"aliases": [
"BIT-gitea-2021-28378",
"CVE-2021-28378",
"GHSA-g95p-88p4-76cm",
"GO-2022-0832"
],
"cve_ids": [
"CVE-2021-28378"
],
"ghsa_ids": [
"GHSA-g95p-88p4-76cm"
],
"osv_ids": [
"GO-2022-0832"
],
"affected_versions": [
"introduced=0, fixed<1.13.4"
],
"fixed_versions": [
"1.13.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"xss-output-encoding"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/gitea--CVE-2021-29134.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "gitea--CVE-2021-29134",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Path Traversal in Gitea in code.gitea.io/gitea",
"summary": "Path Traversal in Gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T14:30:29Z",
"updated_at": "2026-03-03T04:50:06.638863Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-h3q4-vmw4-cpr5",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-29134",
"https://github.com/go-gitea/gitea/pull/15125/files",
"https://github.com/go-gitea/gitea/releases",
"https://github.com/go-gitea/gitea/releases/tag/v1.13.6"
],
"aliases": [
"BIT-gitea-2021-29134",
"CVE-2021-29134",
"GHSA-h3q4-vmw4-cpr5",
"GO-2022-0353"
],
"cve_ids": [
"CVE-2021-29134"
],
"ghsa_ids": [
"GHSA-h3q4-vmw4-cpr5"
],
"osv_ids": [
"GO-2022-0353"
],
"affected_versions": [
"introduced=0, fixed<1.13.6"
],
"fixed_versions": [
"1.13.6"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"path-traversal-guard"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/gitea--CVE-2021-3382.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "gitea--CVE-2021-3382",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Buffer Overflow in gitea in code.gitea.io/gitea",
"summary": "Buffer Overflow in gitea in code.gitea.io/gitea",
"published_at": "2024-06-04T15:19:21Z",
"updated_at": "2026-03-03T04:55:15.307648Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-9f8c-pfvv-p4gm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3382",
"https://github.com/go-gitea/gitea/pull/14390"
],
"aliases": [
"BIT-gitea-2021-3382",
"CVE-2021-3382",
"GHSA-9f8c-pfvv-p4gm",
"GO-2024-2757"
],
"cve_ids": [
"CVE-2021-3382"
],
"ghsa_ids": [
"GHSA-9f8c-pfvv-p4gm"
],
"osv_ids": [
"GO-2024-2757"
],
"affected_versions": [
"introduced=1.9.0, fixed<1.13.2"
],
"fixed_versions": [
"1.13.2"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/gitea--CVE-2021-45327.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "gitea--CVE-2021-45327",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Capture-replay in Gitea in code.gitea.io/gitea",
"summary": "Capture-replay in Gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T14:30:26Z",
"updated_at": "2026-03-03T04:52:07.840324Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-jrpg-35hw-m4p9",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-45327",
"https://blog.gitea.io/2020/03/gitea-1.11.2-is-released",
"https://github.com/go-gitea/gitea/commit/4cb18601ff33dda5edb47d5b452cc8f2dc39dd67",
"https://github.com/go-gitea/gitea/commit/6f5656ab0ebec03fe63898208dabc802c4be46ab",
"https://github.com/go-gitea/gitea/commit/ed664a9e1dae4d4660e60c981173bbc5102e69ea",
"https://github.com/go-gitea/gitea/pull/10462",
"https://github.com/go-gitea/gitea/pull/10465",
"https://github.com/go-gitea/gitea/pull/10582"
],
"aliases": [
"BIT-gitea-2021-45327",
"CVE-2021-45327",
"GHSA-jrpg-35hw-m4p9",
"GO-2022-0310"
],
"cve_ids": [
"CVE-2021-45327"
],
"ghsa_ids": [
"GHSA-jrpg-35hw-m4p9"
],
"osv_ids": [
"GO-2022-0310"
],
"affected_versions": [
"introduced=0, fixed<1.11.2"
],
"fixed_versions": [
"1.11.2"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/gitea--CVE-2021-45330.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "gitea--CVE-2021-45330",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Improper Privilege Management in Gitea in code.gitea.io/gitea",
"summary": "Improper Privilege Management in Gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T16:03:21Z",
"updated_at": "2026-03-03T04:52:33.136607Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-pg38-r834-g45j",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-45330",
"https://github.com/go-gitea/gitea/issues/4336",
"https://github.com/go-gitea/gitea/pull/4840"
],
"aliases": [
"BIT-gitea-2021-45330",
"CVE-2021-45330",
"GHSA-pg38-r834-g45j",
"GO-2022-0982"
],
"cve_ids": [
"CVE-2021-45330"
],
"ghsa_ids": [
"GHSA-pg38-r834-g45j"
],
"osv_ids": [
"GO-2022-0982"
],
"affected_versions": [
"introduced=0, fixed<1.6.0"
],
"fixed_versions": [
"1.6.0"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/gitea--CVE-2021-45331.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "gitea--CVE-2021-45331",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
"summary": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T14:30:29Z",
"updated_at": "2026-03-03T04:52:07.604662Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-hfmf-q69j-6m5p",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-45331",
"https://blog.gitea.io/2018/08/gitea-1.5.0-is-released",
"https://github.com/go-gitea/gitea/pull/3878"
],
"aliases": [
"BIT-gitea-2021-45331",
"CVE-2021-45331",
"GHSA-hfmf-q69j-6m5p",
"GO-2022-0315"
],
"cve_ids": [
"CVE-2021-45331"
],
"ghsa_ids": [
"GHSA-hfmf-q69j-6m5p"
],
"osv_ids": [
"GO-2022-0315"
],
"affected_versions": [
"introduced=0, fixed<1.5.0"
],
"fixed_versions": [
"1.5.0"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/gitea--CVE-2022-0905.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "gitea--CVE-2022-0905",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
"summary": "Gitea Missing Authorization vulnerability in code.gitea.io/gitea",
"published_at": "2024-08-21T15:11:40Z",
"updated_at": "2026-03-03T04:50:45.472605Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-jr9c-h74f-2v28",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-0905",
"https://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2",
"https://github.com/go-gitea/gitea/commit/3e5c844a7758fa29126d201f4f98bf21bca6d314",
"https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb"
],
"aliases": [
"BIT-gitea-2022-0905",
"CVE-2022-0905",
"GHSA-jr9c-h74f-2v28",
"GO-2022-0609"
],
"cve_ids": [
"CVE-2022-0905"
],
"ghsa_ids": [
"GHSA-jr9c-h74f-2v28"
],
"osv_ids": [
"GO-2022-0609"
],
"affected_versions": [
"introduced=0, fixed<1.16.4"
],
"fixed_versions": [
"1.16.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/gitea--CVE-2022-1058.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "gitea--CVE-2022-1058",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea Open Redirect in code.gitea.io/gitea",
"summary": "Gitea Open Redirect in code.gitea.io/gitea",
"published_at": "2024-06-04T15:19:21Z",
"updated_at": "2026-03-03T04:51:49.844240Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-4rqq-rxvc-v2rc",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-1058",
"https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48",
"https://github.com/go-gitea/gitea/pull/19175",
"https://github.com/go-gitea/gitea/pull/19186",
"https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d"
],
"aliases": [
"BIT-gitea-2022-1058",
"CVE-2022-1058",
"GHSA-4rqq-rxvc-v2rc",
"GO-2024-2752"
],
"cve_ids": [
"CVE-2022-1058"
],
"ghsa_ids": [
"GHSA-4rqq-rxvc-v2rc"
],
"osv_ids": [
"GO-2024-2752"
],
"affected_versions": [
"introduced=0, fixed<1.16.5"
],
"fixed_versions": [
"1.16.5"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

65
08-threat-intel/registry/advisories/gitea--CVE-2022-1928.json 普通文件
查看文件

@@ -0,0 +1,65 @@
{
"canonical_id": "gitea--CVE-2022-1928",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
"summary": "Stored Cross-site Scripting in gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T15:11:40Z",
"updated_at": "2026-03-03T04:50:45.577318Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-ph3w-2843-72mx",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-1928",
"https://github.com/go-gitea/gitea",
"https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9c",
"https://github.com/go-gitea/gitea/pull/19825",
"https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2",
"https://security.gentoo.org/glsa/202210-14"
],
"aliases": [
"BIT-gitea-2022-1928",
"CVE-2022-1928",
"GHSA-ph3w-2843-72mx",
"GO-2022-0612"
],
"cve_ids": [
"CVE-2022-1928"
],
"ghsa_ids": [
"GHSA-ph3w-2843-72mx"
],
"osv_ids": [
"GO-2022-0612"
],
"affected_versions": [
"introduced=0, fixed<1.16.9"
],
"fixed_versions": [
"1.16.9"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"xss-output-encoding"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/gitea--CVE-2022-27313.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "gitea--CVE-2022-27313",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Arbitrary file deletion in gitea in code.gitea.io/gitea",
"summary": "Arbitrary file deletion in gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T15:11:31Z",
"updated_at": "2026-03-03T04:50:19.647131Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-g7p7-x6w7-w6qg",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-27313",
"https://github.com/go-gitea/gitea/pull/19072",
"https://github.com/go-gitea/gitea/releases/tag/v1.16.4"
],
"aliases": [
"BIT-gitea-2022-27313",
"CVE-2022-27313",
"GHSA-g7p7-x6w7-w6qg",
"GO-2022-0442"
],
"cve_ids": [
"CVE-2022-27313"
],
"ghsa_ids": [
"GHSA-g7p7-x6w7-w6qg"
],
"osv_ids": [
"GO-2022-0442"
],
"affected_versions": [
"introduced=0, fixed<1.16.4"
],
"fixed_versions": [
"1.16.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/gitea--CVE-2022-30781.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "gitea--CVE-2022-30781",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Shell command injection in gitea in code.gitea.io/gitea",
"summary": "Shell command injection in gitea in code.gitea.io/gitea",
"published_at": "2024-08-21T15:11:31Z",
"updated_at": "2026-03-03T04:50:23.949796Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-p5f9-c9j9-g8qx",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-30781",
"http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html",
"http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html",
"https://blog.gitea.io/2022/05/gitea-1.16.7-is-released",
"https://github.com/go-gitea/gitea/pull/19487",
"https://github.com/go-gitea/gitea/pull/19490"
],
"aliases": [
"BIT-gitea-2022-30781",
"CVE-2022-30781",
"GHSA-p5f9-c9j9-g8qx",
"GO-2022-0450"
],
"cve_ids": [
"CVE-2022-30781"
],
"ghsa_ids": [
"GHSA-p5f9-c9j9-g8qx"
],
"osv_ids": [
"GO-2022-0450"
],
"affected_versions": [
"introduced=0, fixed<1.16.7"
],
"fixed_versions": [
"1.16.7"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/gitea--CVE-2022-38183.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "gitea--CVE-2022-38183",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea allowed assignment of private issues in code.gitea.io/gitea",
"summary": "Gitea allowed assignment of private issues in code.gitea.io/gitea",
"published_at": "2024-06-10T16:38:54Z",
"updated_at": "2026-03-03T04:55:04.505871Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-fhv8-m4j4-cww2",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-38183",
"https://blog.gitea.io/2022/07/gitea-1.16.9-is-released",
"https://github.com/go-gitea/gitea/pull/20133",
"https://github.com/go-gitea/gitea/pull/20196",
"https://herolab.usd.de/security-advisories/usd-2022-0015"
],
"aliases": [
"BIT-gitea-2022-38183",
"CVE-2022-38183",
"GHSA-fhv8-m4j4-cww2",
"GO-2024-2769"
],
"cve_ids": [
"CVE-2022-38183"
],
"ghsa_ids": [
"GHSA-fhv8-m4j4-cww2"
],
"osv_ids": [
"GO-2024-2769"
],
"affected_versions": [
"introduced=0, fixed<1.16.9"
],
"fixed_versions": [
"1.16.9"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/gitea--CVE-2022-38795.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "gitea--CVE-2022-38795",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea erroneous repo clones in code.gitea.io/gitea",
"summary": "Gitea erroneous repo clones in code.gitea.io/gitea",
"published_at": "2024-08-21T14:17:52Z",
"updated_at": "2026-03-03T04:54:07.076900Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-8j3v-68w3-3848",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-38795",
"https://blog.gitea.com/release-of-1.17.2",
"https://github.com/go-gitea/gitea/pull/20869",
"https://github.com/go-gitea/gitea/pull/20892"
],
"aliases": [
"BIT-gitea-2022-38795",
"CVE-2022-38795",
"GHSA-8j3v-68w3-3848",
"GO-2023-1999"
],
"cve_ids": [
"CVE-2022-38795"
],
"ghsa_ids": [
"GHSA-8j3v-68w3-3848"
],
"osv_ids": [
"GO-2023-1999"
],
"affected_versions": [
"introduced=0, fixed<1.17.2"
],
"fixed_versions": [
"1.17.2"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/gitea--CVE-2022-42968.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "gitea--CVE-2022-42968",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea vulnerable to Argument Injection in code.gitea.io/gitea",
"summary": "Gitea vulnerable to Argument Injection in code.gitea.io/gitea",
"published_at": "2024-08-21T16:03:24Z",
"updated_at": "2026-03-03T04:52:41.181693Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-w8xw-7crf-h23x",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-42968",
"https://github.com/go-gitea/gitea/pull/21463",
"https://github.com/go-gitea/gitea/releases/tag/v1.17.3",
"https://security.gentoo.org/glsa/202210-14"
],
"aliases": [
"BIT-gitea-2022-42968",
"CVE-2022-42968",
"GHSA-w8xw-7crf-h23x",
"GO-2022-1065"
],
"cve_ids": [
"CVE-2022-42968"
],
"ghsa_ids": [
"GHSA-w8xw-7crf-h23x"
],
"osv_ids": [
"GO-2022-1065"
],
"affected_versions": [
"introduced=0, fixed<1.17.3"
],
"fixed_versions": [
"1.17.3"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/gitea--CVE-2025-68938.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "gitea--CVE-2025-68938",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea",
"summary": "Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:49.095775Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-cm54-pfmc-xrwx",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68938",
"https://blog.gitea.com/release-of-1.25.2",
"https://github.com/go-gitea/gitea/pull/36002/commits/d4262131b39899d9e9ee5caa2635c810d476e43f#diff-8962bac89952027d50fa51f31f59d65bedb4c02bde0265eced5cf256cbed306d",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.2"
],
"aliases": [
"BIT-gitea-2025-68938",
"CVE-2025-68938",
"GHSA-cm54-pfmc-xrwx",
"GO-2025-4258"
],
"cve_ids": [
"CVE-2025-68938"
],
"ghsa_ids": [
"GHSA-cm54-pfmc-xrwx"
],
"osv_ids": [
"GO-2025-4258"
],
"affected_versions": [
"introduced=0, fixed<1.25.2"
],
"fixed_versions": [
"1.25.2"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "gitea--CVE-2025-68939",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:48.777563Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
"https://blog.gitea.com/release-of-1.23.0",
"https://github.com/go-gitea/gitea/pull/32151",
"https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
],
"aliases": [
"BIT-gitea-2025-68939",
"CVE-2025-68939",
"GHSA-263q-5cv3-xq9g",
"GO-2025-4261"
],
"cve_ids": [
"CVE-2025-68939"
],
"ghsa_ids": [
"GHSA-263q-5cv3-xq9g"
],
"osv_ids": [
"GO-2025-4261"
],
"affected_versions": [
"introduced=0"
],
"fixed_versions": [],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "gitea--CVE-2025-68940",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
"summary": "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:50.087298Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-rrcw-5rjv-vj26",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68940",
"https://blog.gitea.com/release-of-1.22.5",
"https://github.com/go-gitea/gitea/pull/32654",
"https://github.com/go-gitea/gitea/releases/tag/v1.22.5"
],
"aliases": [
"BIT-gitea-2025-68940",
"CVE-2025-68940",
"GHSA-rrcw-5rjv-vj26",
"GO-2025-4267"
],
"cve_ids": [
"CVE-2025-68940"
],
"ghsa_ids": [
"GHSA-rrcw-5rjv-vj26"
],
"osv_ids": [
"GO-2025-4267"
],
"affected_versions": [
"introduced=0, fixed<1.22.5"
],
"fixed_versions": [
"1.22.5"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/gitea--CVE-2025-68941.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "gitea--CVE-2025-68941",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
"summary": "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:50.339953Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-xfq3-qj7j-4565",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68941",
"https://blog.gitea.com/release-of-1.22.3",
"https://github.com/go-gitea/gitea/pull/32218",
"https://github.com/go-gitea/gitea/releases/tag/v1.22.3"
],
"aliases": [
"BIT-gitea-2025-68941",
"CVE-2025-68941",
"GHSA-xfq3-qj7j-4565",
"GO-2025-4268"
],
"cve_ids": [
"CVE-2025-68941"
],
"ghsa_ids": [
"GHSA-xfq3-qj7j-4565"
],
"osv_ids": [
"GO-2025-4268"
],
"affected_versions": [
"introduced=0, fixed<1.22.3"
],
"fixed_versions": [
"1.22.3"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/gitea--CVE-2025-68942.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "gitea--CVE-2025-68942",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea",
"summary": "Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:49.781753Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-898p-hh3p-hf9r",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68942",
"https://blog.gitea.com/release-of-1.22.2",
"https://github.com/go-gitea/gitea/pull/31966",
"https://github.com/go-gitea/gitea/releases/tag/v1.22.2"
],
"aliases": [
"BIT-gitea-2025-68942",
"CVE-2025-68942",
"GHSA-898p-hh3p-hf9r",
"GO-2025-4263"
],
"cve_ids": [
"CVE-2025-68942"
],
"ghsa_ids": [
"GHSA-898p-hh3p-hf9r"
],
"osv_ids": [
"GO-2025-4263"
],
"affected_versions": [
"introduced=0, fixed<1.22.2"
],
"fixed_versions": [
"1.22.2"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"xss-output-encoding"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/gitea--CVE-2025-68943.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "gitea--CVE-2025-68943",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea",
"summary": "Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:49.213758Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-jhx5-4vr4-f327",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68943",
"https://blog.gitea.com/release-of-1.21.8-and-1.21.9-and-1.21.10",
"https://github.com/go-gitea/gitea/pull/29430",
"https://github.com/go-gitea/gitea/releases/tag/v1.21.8"
],
"aliases": [
"BIT-gitea-2025-68943",
"CVE-2025-68943",
"GHSA-jhx5-4vr4-f327",
"GO-2025-4266"
],
"cve_ids": [
"CVE-2025-68943"
],
"ghsa_ids": [
"GHSA-jhx5-4vr4-f327"
],
"osv_ids": [
"GO-2025-4266"
],
"affected_versions": [
"introduced=0, fixed<1.21.8"
],
"fixed_versions": [
"1.21.8"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/gitea--CVE-2025-68944.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "gitea--CVE-2025-68944",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea",
"summary": "Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:50.526913Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-f85h-c7m6-cfpm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68944",
"https://blog.gitea.com/release-of-1.22.2",
"https://github.com/go-gitea/gitea/pull/31967",
"https://github.com/go-gitea/gitea/releases/tag/v1.22.2"
],
"aliases": [
"BIT-gitea-2025-68944",
"CVE-2025-68944",
"GHSA-f85h-c7m6-cfpm",
"GO-2025-4264"
],
"cve_ids": [
"CVE-2025-68944"
],
"ghsa_ids": [
"GHSA-f85h-c7m6-cfpm"
],
"osv_ids": [
"GO-2025-4264"
],
"affected_versions": [
"introduced=0, fixed<1.22.2"
],
"fixed_versions": [
"1.22.2"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/gitea--CVE-2025-68945.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "gitea--CVE-2025-68945",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea: anonymous user can visit private user's project in code.gitea.io/gitea",
"summary": "Gitea: anonymous user can visit private user's project in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:51.457970Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-7xq4-mwcp-q8fx",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68945",
"https://blog.gitea.com/release-of-1.21.2",
"https://github.com/go-gitea/gitea/pull/28423",
"https://github.com/go-gitea/gitea/releases/tag/v1.21.2"
],
"aliases": [
"BIT-gitea-2025-68945",
"CVE-2025-68945",
"GHSA-7xq4-mwcp-q8fx",
"GO-2025-4262"
],
"cve_ids": [
"CVE-2025-68945"
],
"ghsa_ids": [
"GHSA-7xq4-mwcp-q8fx"
],
"osv_ids": [
"GO-2025-4262"
],
"affected_versions": [
"introduced=0, fixed<1.21.2"
],
"fixed_versions": [
"1.21.2"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/gitea--CVE-2025-68946.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "gitea--CVE-2025-68946",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea",
"summary": "Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:50.473303Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-hq57-c72x-4774",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68946",
"https://blog.gitea.com/release-of-1.20.1",
"https://github.com/go-gitea/gitea/pull/25960",
"https://github.com/go-gitea/gitea/releases/tag/v1.20.1"
],
"aliases": [
"BIT-gitea-2025-68946",
"CVE-2025-68946",
"GHSA-hq57-c72x-4774",
"GO-2025-4265"
],
"cve_ids": [
"CVE-2025-68946"
],
"ghsa_ids": [
"GHSA-hq57-c72x-4774"
],
"osv_ids": [
"GO-2025-4265"
],
"affected_versions": [
"introduced=0, fixed<1.20.1"
],
"fixed_versions": [
"1.20.1"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"xss-output-encoding"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/gitea--CVE-2025-69413.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "gitea--CVE-2025-69413",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea",
"summary": "Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea",
"published_at": "2026-01-12T17:39:39Z",
"updated_at": "2026-03-03T04:57:49.801641Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-pc73-rj2c-wvf9",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-69413",
"https://blog.gitea.com/release-of-1.25.2",
"https://github.com/go-gitea/gitea/issues/35984",
"https://github.com/go-gitea/gitea/pull/36002",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.2"
],
"aliases": [
"BIT-gitea-2025-69413",
"CVE-2025-69413",
"GHSA-pc73-rj2c-wvf9",
"GO-2026-4274"
],
"cve_ids": [
"CVE-2025-69413"
],
"ghsa_ids": [
"GHSA-pc73-rj2c-wvf9"
],
"osv_ids": [
"GO-2026-4274"
],
"affected_versions": [
"introduced=0, fixed<1.25.2"
],
"fixed_versions": [
"1.25.2"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/gitea--CVE-2026-0798.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "gitea--CVE-2026-0798",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea",
"summary": "Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea",
"published_at": "2026-02-02T21:05:55Z",
"updated_at": "2026-03-03T04:57:54.518308Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-8fwc-qjw5-rvgp",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-0798",
"https://blog.gitea.com/release-of-1.25.4",
"https://github.com/go-gitea/gitea/pull/36319",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
],
"aliases": [
"BIT-gitea-2026-0798",
"CVE-2026-0798",
"GHSA-8fwc-qjw5-rvgp",
"GHSA-f4wq-6ww5-m56p",
"GO-2026-4365"
],
"cve_ids": [
"CVE-2026-0798"
],
"ghsa_ids": [
"GHSA-8fwc-qjw5-rvgp",
"GHSA-f4wq-6ww5-m56p"
],
"osv_ids": [
"GO-2026-4365"
],
"affected_versions": [
"introduced=0, fixed<1.25.4"
],
"fixed_versions": [
"1.25.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/gitea--CVE-2026-20736.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "gitea--CVE-2026-20736",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea has improper access control for uploaded attachments in code.gitea.io/gitea",
"summary": "Gitea has improper access control for uploaded attachments in code.gitea.io/gitea",
"published_at": "2026-02-02T21:05:55Z",
"updated_at": "2026-03-03T04:57:53.977351Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-hgr3-x44x-33hx",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-20736",
"https://blog.gitea.com/release-of-1.25.4",
"https://github.com/go-gitea/gitea/commit/fbea2c68e8df11cfa94e8ead913b79946780ed30",
"https://github.com/go-gitea/gitea/pull/36320",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
],
"aliases": [
"BIT-gitea-2026-20736",
"CVE-2026-20736",
"GHSA-hgr3-x44x-33hx",
"GHSA-jr6h-pwwp-c8g6",
"GO-2026-4367"
],
"cve_ids": [
"CVE-2026-20736"
],
"ghsa_ids": [
"GHSA-hgr3-x44x-33hx",
"GHSA-jr6h-pwwp-c8g6"
],
"osv_ids": [
"GO-2026-4367"
],
"affected_versions": [
"introduced=0, fixed<1.25.4"
],
"fixed_versions": [
"1.25.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"file-upload-validation"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/gitea--CVE-2026-20750.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "gitea--CVE-2026-20750",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea",
"summary": "Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea",
"published_at": "2026-02-02T21:05:55Z",
"updated_at": "2026-03-03T04:57:57.697708Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-rw22-5hhq-pfpf",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-20750",
"https://blog.gitea.com/release-of-1.25.4",
"https://github.com/go-gitea/gitea/commit/7b5de594cd92e30b9c3d40ffda119acad794cc64",
"https://github.com/go-gitea/gitea/pull/36318",
"https://github.com/go-gitea/gitea/pull/36373",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
],
"aliases": [
"BIT-gitea-2026-20750",
"CVE-2026-20750",
"GHSA-h4fh-pc4w-8w27",
"GHSA-rw22-5hhq-pfpf",
"GO-2026-4370"
],
"cve_ids": [
"CVE-2026-20750"
],
"ghsa_ids": [
"GHSA-h4fh-pc4w-8w27",
"GHSA-rw22-5hhq-pfpf"
],
"osv_ids": [
"GO-2026-4370"
],
"affected_versions": [
"introduced=0, fixed<1.25.4"
],
"fixed_versions": [
"1.25.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

65
08-threat-intel/registry/advisories/gitea--CVE-2026-20800.json 普通文件
查看文件

@@ -0,0 +1,65 @@
{
"canonical_id": "gitea--CVE-2026-20800",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea",
"summary": "Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea",
"published_at": "2026-02-02T21:05:55Z",
"updated_at": "2026-03-03T04:57:54.012782Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-2vgv-hgv4-22mh",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-20800",
"https://blog.gitea.com/release-of-1.25.4",
"https://github.com/go-gitea/gitea/commit/67e75f30a83d2523cedc37ad7b03bcba66947833",
"https://github.com/go-gitea/gitea/pull/36339",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
],
"aliases": [
"BIT-gitea-2026-20800",
"CVE-2026-20800",
"GHSA-2vgv-hgv4-22mh",
"GHSA-g54m-9f6g-wj7q",
"GO-2026-4362"
],
"cve_ids": [
"CVE-2026-20800"
],
"ghsa_ids": [
"GHSA-2vgv-hgv4-22mh",
"GHSA-g54m-9f6g-wj7q"
],
"osv_ids": [
"GO-2026-4362"
],
"affected_versions": [
"introduced=0, fixed<1.25.4"
],
"fixed_versions": [
"1.25.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/gitea--CVE-2026-20883.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "gitea--CVE-2026-20883",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea",
"summary": "Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea",
"published_at": "2026-02-02T21:05:55Z",
"updated_at": "2026-03-03T04:57:54.692700Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-j8xr-c56q-m8jj",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-20883",
"https://blog.gitea.com/release-of-1.25.4",
"https://github.com/go-gitea/gitea/commit/95ea2df00a70176c516b12f3cfee8c84a310280f",
"https://github.com/go-gitea/gitea/pull/36340",
"https://github.com/go-gitea/gitea/pull/36368",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
],
"aliases": [
"BIT-gitea-2026-20883",
"CVE-2026-20883",
"GHSA-644v-xv3j-xgqg",
"GHSA-j8xr-c56q-m8jj",
"GO-2026-4368"
],
"cve_ids": [
"CVE-2026-20883"
],
"ghsa_ids": [
"GHSA-644v-xv3j-xgqg",
"GHSA-j8xr-c56q-m8jj"
],
"osv_ids": [
"GO-2026-4368"
],
"affected_versions": [
"introduced=0, fixed<1.25.4"
],
"fixed_versions": [
"1.25.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

65
08-threat-intel/registry/advisories/gitea--CVE-2026-20888.json 普通文件
查看文件

@@ -0,0 +1,65 @@
{
"canonical_id": "gitea--CVE-2026-20888",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea",
"summary": "Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea",
"published_at": "2026-02-02T21:05:55Z",
"updated_at": "2026-03-03T04:57:56.025932Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-9cgq-wp42-4rpq",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-20888",
"https://blog.gitea.com/release-of-1.25.4",
"https://github.com/go-gitea/gitea/pull/36341",
"https://github.com/go-gitea/gitea/pull/36356",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
],
"aliases": [
"BIT-gitea-2026-20888",
"CVE-2026-20888",
"GHSA-9cgq-wp42-4rpq",
"GHSA-ccq9-c5hv-cf64",
"GO-2026-4366"
],
"cve_ids": [
"CVE-2026-20888"
],
"ghsa_ids": [
"GHSA-9cgq-wp42-4rpq",
"GHSA-ccq9-c5hv-cf64"
],
"osv_ids": [
"GO-2026-4366"
],
"affected_versions": [
"introduced=0, fixed<1.25.4"
],
"fixed_versions": [
"1.25.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/gitea--CVE-2026-20897.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "gitea--CVE-2026-20897",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea",
"summary": "Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea",
"published_at": "2026-02-02T21:05:55Z",
"updated_at": "2026-03-03T04:57:55.339967Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-393c-qgvj-3xph",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-20897",
"https://blog.gitea.com/release-of-1.25.4",
"https://github.com/go-gitea/gitea/commit/da036f3f35ca830b22cf4480912ed261303b798f",
"https://github.com/go-gitea/gitea/pull/36344",
"https://github.com/go-gitea/gitea/pull/36349",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
],
"aliases": [
"BIT-gitea-2026-20897",
"CVE-2026-20897",
"GHSA-393c-qgvj-3xph",
"GHSA-rrq5-r9h5-pc7c",
"GO-2026-4363"
],
"cve_ids": [
"CVE-2026-20897"
],
"ghsa_ids": [
"GHSA-393c-qgvj-3xph",
"GHSA-rrq5-r9h5-pc7c"
],
"osv_ids": [
"GO-2026-4363"
],
"affected_versions": [
"introduced=0, fixed<1.25.4"
],
"fixed_versions": [
"1.25.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/gitea--CVE-2026-20904.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "gitea--CVE-2026-20904",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea",
"summary": "Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea",
"published_at": "2026-02-02T21:05:55Z",
"updated_at": "2026-03-03T04:57:54.244003Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-qqgv-v353-cv8p",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-20904",
"https://blog.gitea.com/release-of-1.25.4",
"https://github.com/go-gitea/gitea/commit/ed5720af2ac94d74f822721c05b42b6148ff9c22",
"https://github.com/go-gitea/gitea/pull/36346",
"https://github.com/go-gitea/gitea/pull/36361",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
],
"aliases": [
"BIT-gitea-2026-20904",
"CVE-2026-20904",
"GHSA-jrpc-w85r-hgqx",
"GHSA-qqgv-v353-cv8p",
"GO-2026-4369"
],
"cve_ids": [
"CVE-2026-20904"
],
"ghsa_ids": [
"GHSA-jrpc-w85r-hgqx",
"GHSA-qqgv-v353-cv8p"
],
"osv_ids": [
"GO-2026-4369"
],
"affected_versions": [
"introduced=0, fixed<1.25.4"
],
"fixed_versions": [
"1.25.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/gitea--CVE-2026-20912.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "gitea--CVE-2026-20912",
"system_id": "gitea",
"display_name": "Gitea",
"category": "platforms",
"advisory_mode": "core",
"title": "Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea",
"summary": "Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea",
"published_at": "2026-02-02T21:05:55Z",
"updated_at": "2026-03-03T04:57:55.747880Z",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/advisories/GHSA-4xx9-vc8v-87hv",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-20912",
"https://blog.gitea.com/release-of-1.25.4",
"https://github.com/go-gitea/gitea/commit/fbea2c68e8df11cfa94e8ead913b79946780ed30",
"https://github.com/go-gitea/gitea/pull/36320",
"https://github.com/go-gitea/gitea/pull/36355",
"https://github.com/go-gitea/gitea/releases/tag/v1.25.4"
],
"aliases": [
"BIT-gitea-2026-20912",
"CVE-2026-20912",
"GHSA-4xx9-vc8v-87hv",
"GHSA-vfmv-f93v-37mw",
"GO-2026-4364"
],
"cve_ids": [
"CVE-2026-20912"
],
"ghsa_ids": [
"GHSA-4xx9-vc8v-87hv",
"GHSA-vfmv-f93v-37mw"
],
"osv_ids": [
"GO-2026-4364"
],
"affected_versions": [
"introduced=0, fixed<1.25.4"
],
"fixed_versions": [
"1.25.4"
],
"package_name": "code.gitea.io/gitea",
"render_markdown": true,
"case_path": "07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md",
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Gitea"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

59
08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json 普通文件
查看文件

@@ -0,0 +1,59 @@
{
"canonical_id": "nextjs--CVE-2020-15242",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Open Redirect in Next.js versions",
"summary": "### Impact\n\n- **Affected**: Users of Next.js between 9.5.0 and 9.5.3 \n- **Not affected**: Deployments on Vercel ([https://vercel.com](https://vercel.com)) are not affected\n- **Not affected**: Deployments using `next export`\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v9.5.4\n\n### References\n\nhttps://github.com/vercel/next.js/releases/tag/v9.5.4\n\n",
"published_at": "2020-10-08T19:28:07Z",
"updated_at": "2026-03-13T22:14:13.665535Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15242",
"https://github.com/vercel/next.js",
"https://github.com/zeit/next.js/releases/tag/v9.5.4"
],
"aliases": [
"CVE-2020-15242",
"GHSA-x56p-c8cg-q435"
],
"cve_ids": [
"CVE-2020-15242"
],
"ghsa_ids": [
"GHSA-x56p-c8cg-q435"
],
"osv_ids": [
"GHSA-x56p-c8cg-q435"
],
"affected_versions": [
"introduced=9.5.0, fixed<9.5.4"
],
"fixed_versions": [
"9.5.4"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/nextjs--CVE-2020-5284.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "nextjs--CVE-2020-5284",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Directory Traversal in Next.js",
"summary": "### Impact\n\n- **Not affected**: Deployments on ZEIT Now v2 ([https://zeit.co](https://zeit.co/)) are not affected\n- **Not affected**: Deployments using the `serverless` target\n- **Not affected**: Deployments using `next export`\n- **Affected**: Users of Next.js below 9.3.2\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n### Patches\n\nhttps://github.com/zeit/next.js/releases/tag/v9.3.2\n\n### References\n\nhttps://github.com/zeit/next.js/releases/tag/v9.3.2",
"published_at": "2020-03-30T20:40:50Z",
"updated_at": "2025-09-26T17:49:56Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-5284",
"https://github.com/zeit/next.js/releases/tag/v9.3.2",
"https://www.npmjs.com/advisories/1503"
],
"aliases": [
"CVE-2020-5284",
"GHSA-fq77-7p7r-83rj"
],
"cve_ids": [
"CVE-2020-5284"
],
"ghsa_ids": [
"GHSA-fq77-7p7r-83rj"
],
"osv_ids": [
"GHSA-fq77-7p7r-83rj"
],
"affected_versions": [
"introduced=0.9.9, fixed<9.3.2"
],
"fixed_versions": [
"9.3.2"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"path-traversal-guard"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/nextjs--CVE-2021-37699.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "nextjs--CVE-2021-37699",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Open Redirect in Next.js",
"summary": "Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when `pages/_error.js` was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although it can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain.\n\n### Impact\n\n- **Affected:** Users of Next.js between `10.0.5` and `10.2.0`\n- **Affected:** Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` without `getInitialProps`\n- **Affected:** Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` and `next export`\n- **Not affected**: Deployments on Vercel ([vercel.com](https://vercel.com)) are not affected\n- **Not affected:** Deployments **with** `pages/404.js`\n- Note that versions prior to 0.9.9 package `next` npm package hosted a different utility (0.4.1 being the latest version of that codebase), and this advisory does not apply to those versions.\n\nWe recommend upgrading to the latest version of Next.js to improve the overall security of your application.\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v11.1.0",
"published_at": "2021-08-12T14:51:14Z",
"updated_at": "2026-03-13T22:00:08.038285Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5-wxwp-m7g9",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-37699",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v11.1.0"
],
"aliases": [
"CVE-2021-37699",
"GHSA-vxf5-wxwp-m7g9"
],
"cve_ids": [
"CVE-2021-37699"
],
"ghsa_ids": [
"GHSA-vxf5-wxwp-m7g9"
],
"osv_ids": [
"GHSA-vxf5-wxwp-m7g9"
],
"affected_versions": [
"introduced=0.9.9, fixed<11.1.0"
],
"fixed_versions": [
"11.1.0"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/nextjs--CVE-2021-39178.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "nextjs--CVE-2021-39178",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "XSS in Image Optimization API for Next.js",
"summary": "### Impact\n- **Affected:** All of the following must be true to be affected\n - Next.js between version 10.0.0 and 11.1.0\n - The `next.config.js` file has [`images.domains`](https://nextjs.org/docs/basic-features/image-optimization#domains) array assigned\n - The image host assigned in [`images.domains`](https://nextjs.org/docs/basic-features/image-optimization#domains) allows user-provided SVG\n- **Not affected**: The `next.config.js` file has [`images.loader`](https://nextjs.org/docs/basic-features/image-optimization#loader) assigned to something other than default\n- **Not affected**: Deployments on [Vercel](https://vercel.com) are not affected\n\n### Patches\n[Next.js v11.1.1](https://github.com/vercel/next.js/releases/tag/v11.1.1)\n\n",
"published_at": "2021-09-01T18:24:22Z",
"updated_at": "2026-03-13T22:00:20.154452Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3-7897-pp7m",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-39178",
"https://github.com/vercel/next.js/pull/28620",
"https://github.com/vercel/next.js/commit/7afc97c5744b38bdf36aa7f87625f438224688aa",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v11.1.1"
],
"aliases": [
"CVE-2021-39178",
"GHSA-9gr3-7897-pp7m"
],
"cve_ids": [
"CVE-2021-39178"
],
"ghsa_ids": [
"GHSA-9gr3-7897-pp7m"
],
"osv_ids": [
"GHSA-9gr3-7897-pp7m"
],
"affected_versions": [
"introduced=10.0.0, fixed<11.1.1"
],
"fixed_versions": [
"11.1.1"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"xss-output-encoding"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

65
08-threat-intel/registry/advisories/nextjs--CVE-2021-43803.json 普通文件
查看文件

@@ -0,0 +1,65 @@
{
"canonical_id": "nextjs--CVE-2021-43803",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Unexpected server crash in Next.js.",
"summary": "Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. Note that prior version 0.9.9 package `next` hosted a different utility (0.4.1 being the latest version of that codebase), and this advisory does not apply to those versions. ",
"published_at": "2021-12-07T21:12:09Z",
"updated_at": "2026-03-13T22:00:36.554552Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-43803",
"https://github.com/vercel/next.js/pull/32080",
"https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v11.1.3",
"https://github.com/vercel/next.js/releases/v12.0.5"
],
"aliases": [
"CVE-2021-43803",
"GHSA-25mp-g6fv-mqxx"
],
"cve_ids": [
"CVE-2021-43803"
],
"ghsa_ids": [
"GHSA-25mp-g6fv-mqxx"
],
"osv_ids": [
"GHSA-25mp-g6fv-mqxx"
],
"affected_versions": [
"introduced=12.0.0, fixed<12.0.5",
"introduced=0.9.9, fixed<11.1.3"
],
"fixed_versions": [
"12.0.5",
"11.1.3"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "nextjs--CVE-2024-34351",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js Server-Side Request Forgery in Server Actions",
"summary": "### Impact\nA Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.\n\n#### Prerequisites\n* Next.js (`<14.1.1`) is running in a self-hosted* manner.\n* The Next.js application makes use of Server Actions.\n* The Server Action performs a redirect to a relative path which starts with a `/`.\n\n\\* Many hosting providers (including Vercel) route requests based on the Host header, so we do not believe that this vulnerability affects any Next.js applications where routing is done in this manner.\n\n### Patches\nThis vulnerability was patched in [#62561](https://github.com/vercel/next.js/pull/62561) and fixed in Next.js `14.1.1`.\n \n### Workarounds\nThere are no official workarounds for this vulnerability. We recommend upgrading to Next.js `14.1.1`.\n\n### Credit\nVercel and the Next.js team thank Assetnote for responsibly disclosing this issue to us, and for working with us to verify the fix. Thanks to:\n\nAdam Kues - Assetnote\nShubham Shah - Assetnote",
"published_at": "2024-05-09T21:18:57Z",
"updated_at": "2026-02-04T03:32:36.434669Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
"https://github.com/vercel/next.js/pull/62561",
"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
"https://github.com/vercel/next.js"
],
"aliases": [
"CVE-2024-34351",
"GHSA-fr5h-rqp8-mj6g"
],
"cve_ids": [
"CVE-2024-34351"
],
"ghsa_ids": [
"GHSA-fr5h-rqp8-mj6g"
],
"osv_ids": [
"GHSA-fr5h-rqp8-mj6g"
],
"affected_versions": [
"introduced=13.4.0, fixed<14.1.1"
],
"fixed_versions": [
"14.1.1"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"ssrf-url-validation"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/nextjs--CVE-2024-46982.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "nextjs--CVE-2024-46982",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js Cache Poisoning",
"summary": "### Impact\n\nBy sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. \n\nTo be potentially affected all of the following must apply: \n\n- Next.js between 13.5.1 and 14.2.9\n- Using pages router\n- Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`\n\nThe below configurations are unaffected:\n\n- Deployments using only app router\n- Deployments on [Vercel](https://vercel.com/) are not affected\n\n\n### Patches\n\nThis vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not.\n\n### Workarounds\n\nThere are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.\n\n#### Credits\n\n- Allam Rachid (zhero_)\n- Henry Chen",
"published_at": "2024-09-17T21:58:09Z",
"updated_at": "2026-02-04T03:45:33.402195Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
"https://github.com/vercel/next.js"
],
"aliases": [
"CVE-2024-46982",
"GHSA-gp8f-8m3g-qvj9"
],
"cve_ids": [
"CVE-2024-46982"
],
"ghsa_ids": [
"GHSA-gp8f-8m3g-qvj9"
],
"osv_ids": [
"GHSA-gp8f-8m3g-qvj9"
],
"affected_versions": [
"introduced=13.5.1, fixed<13.5.7",
"introduced=14.0.0, fixed<14.2.10"
],
"fixed_versions": [
"13.5.7",
"14.2.10"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

59
08-threat-intel/registry/advisories/nextjs--CVE-2024-47831.json 普通文件
查看文件

@@ -0,0 +1,59 @@
{
"canonical_id": "nextjs--CVE-2024-47831",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Denial of Service condition in Next.js image optimization",
"summary": "### Impact\nThe image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption.\n\n**Not affected:**\n- The `next.config.js` file is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value.\n- The Next.js application is hosted on Vercel. \n\n### Patches\nThis issue was fully patched in Next.js `14.2.7`. We recommend that users upgrade to at least this version.\n\n### Workarounds\nEnsure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.\n\n#### Credits\nBrandon Dahler (brandondahler), AWS\nDimitrios Vlastaras",
"published_at": "2024-10-14T19:45:21Z",
"updated_at": "2026-02-04T03:25:43.295558Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-47831",
"https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a",
"https://github.com/vercel/next.js"
],
"aliases": [
"CVE-2024-47831",
"GHSA-g77x-44xx-532m"
],
"cve_ids": [
"CVE-2024-47831"
],
"ghsa_ids": [
"GHSA-g77x-44xx-532m"
],
"osv_ids": [
"GHSA-g77x-44xx-532m"
],
"affected_versions": [
"introduced=10.0.0, fixed<14.2.7"
],
"fixed_versions": [
"14.2.7"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "nextjs--CVE-2024-51479",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js authorization bypass vulnerability",
"summary": "### Impact\nIf a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.\n\n### Patches\nThis issue was patched in Next.js `14.2.15` and later.\n\nIf your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version.\n\n### Workarounds\nThere are no official workarounds for this vulnerability.\n\n#### Credits\nWe'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.",
"published_at": "2024-12-17T15:09:06Z",
"updated_at": "2025-09-10T21:12:24Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
"https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v14.2.15"
],
"aliases": [
"CVE-2024-51479",
"GHSA-7gfc-8cq8-jh5f"
],
"cve_ids": [
"CVE-2024-51479"
],
"ghsa_ids": [
"GHSA-7gfc-8cq8-jh5f"
],
"osv_ids": [
"GHSA-7gfc-8cq8-jh5f"
],
"affected_versions": [
"introduced=9.5.5, fixed<14.2.15"
],
"fixed_versions": [
"14.2.15"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/nextjs--CVE-2024-56332.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "nextjs--CVE-2024-56332",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js Allows a Denial of Service (DoS) with Server Actions",
"summary": "### Impact\nA Denial of Service (DoS) attack allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution.\n\n_Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time._\n\nDeployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing.\n\nThis is the same issue as if the incoming HTTP request has an invalid `Content-Length` header or never closes. If the host has no other mitigations to those then this vulnerability is novel.\n\nThis vulnerability affects only Next.js deployments using Server Actions.\n\n### Patches\n\nThis vulnerability was resolved in Next.js 14.2.21, 15.1.2, and 13.5.8. We recommend that users upgrade to a safe version.\n\n### Workarounds\n\nThere are no official workarounds for this vulnerability.\n\n### Credits\n\nThanks to the PackDraw team for responsibly disclosing this vulnerability.",
"published_at": "2025-01-03T20:19:29Z",
"updated_at": "2026-02-04T04:36:04.252972Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
"https://github.com/vercel/next.js"
],
"aliases": [
"CVE-2024-56332",
"GHSA-7m27-7ghc-44w9"
],
"cve_ids": [
"CVE-2024-56332"
],
"ghsa_ids": [
"GHSA-7m27-7ghc-44w9"
],
"osv_ids": [
"GHSA-7m27-7ghc-44w9"
],
"affected_versions": [
"introduced=13.0.0, fixed<13.5.8",
"introduced=14.0.0, fixed<14.2.21",
"introduced=15.0.0, fixed<15.1.2"
],
"fixed_versions": [
"13.5.8",
"14.2.21",
"15.1.2"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

72
08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json 普通文件
查看文件

@@ -0,0 +1,72 @@
{
"canonical_id": "nextjs--CVE-2025-29927",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Authorization Bypass in Next.js Middleware",
"summary": "# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
"published_at": "2025-03-21T15:20:12Z",
"updated_at": "2026-03-04T15:06:29.993197Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
"https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
"https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v12.3.5",
"https://github.com/vercel/next.js/releases/tag/v13.5.9",
"https://security.netapp.com/advisory/ntap-20250328-0002",
"https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
"http://www.openwall.com/lists/oss-security/2025/03/23/3",
"http://www.openwall.com/lists/oss-security/2025/03/23/4"
],
"aliases": [
"CVE-2025-29927",
"GHSA-f82v-jwr5-mffw"
],
"cve_ids": [
"CVE-2025-29927"
],
"ghsa_ids": [
"GHSA-f82v-jwr5-mffw"
],
"osv_ids": [
"GHSA-f82v-jwr5-mffw"
],
"affected_versions": [
"introduced=13.0.0, fixed<13.5.9",
"introduced=14.0.0, fixed<14.2.25",
"introduced=15.0.0, fixed<15.2.3",
"introduced=12.0.0, fixed<12.3.5"
],
"fixed_versions": [
"13.5.9",
"14.2.25",
"15.2.3",
"12.3.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

69
08-threat-intel/registry/advisories/nextjs--CVE-2025-30218.json 普通文件
查看文件

@@ -0,0 +1,69 @@
{
"canonical_id": "nextjs--CVE-2025-30218",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js may leak x-middleware-subrequest-id to external hosts",
"summary": "## Summary\nIn the process of remediating [CVE-2025-29927](https://github.com/advisories/GHSA-f82v-jwr5-mffw), we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers.\n\nLearn more [here](https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O).\n\n## Credit\n\nThank you to Jinseo Kim [kjsman](https://hackerone.com/kjsman?type=user) and\u00a0[RyotaK](https://hackerone.com/ryotak?type=user) (GMO Flatt Security Inc.) with [takumi-san.ai](https://takumi-san.ai)\u00a0for the responsible disclosure. These researchers were awarded as part of our bug bounty program.",
"published_at": "2025-04-02T22:35:37Z",
"updated_at": "2025-10-13T15:35:50Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-30218",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O"
],
"aliases": [
"CVE-2025-30218",
"GHSA-223j-4rm8-mrmf"
],
"cve_ids": [
"CVE-2025-30218"
],
"ghsa_ids": [
"GHSA-223j-4rm8-mrmf"
],
"osv_ids": [
"GHSA-223j-4rm8-mrmf"
],
"affected_versions": [
"12.3.5",
"13.5.9",
"14.2.25",
"15.2.3",
"introduced=12.3.5, fixed<12.3.6",
"introduced=13.5.9, fixed<13.5.10",
"introduced=14.2.25, fixed<14.2.26",
"introduced=15.2.3, fixed<15.2.4"
],
"fixed_versions": [
"12.3.6",
"13.5.10",
"14.2.26",
"15.2.4"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/nextjs--CVE-2025-32421.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "nextjs--CVE-2025-32421",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js Race Condition to Cache Poisoning",
"summary": "**Summary** \nWe received a responsible disclosure from Allam Rachid (zhero) for a low-severity race-condition vulnerability in Next.js. This issue only affects the **Pages Router** under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML.\n\n[Learn more here](https://vercel.com/changelog/cve-2025-32421)\n\n**Credit** \nThank you to **Allam Rachid (zhero)** for the responsible disclosure. This research was rewarded as part of our bug bounty program.",
"published_at": "2025-05-15T14:12:26Z",
"updated_at": "2025-09-26T17:48:29Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-32421",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/cve-2025-32421"
],
"aliases": [
"CVE-2025-32421",
"GHSA-qpjv-v59x-3qc4"
],
"cve_ids": [
"CVE-2025-32421"
],
"ghsa_ids": [
"GHSA-qpjv-v59x-3qc4"
],
"osv_ids": [
"GHSA-qpjv-v59x-3qc4"
],
"affected_versions": [
"introduced=0.9.9, fixed<14.2.24",
"introduced=15.0.0, fixed<15.1.6"
],
"fixed_versions": [
"14.2.24",
"15.1.6"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "nextjs--CVE-2025-48068",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Information exposure in Next.js dev server due to lack of origin verification",
"summary": "## Summary\n\nA low-severity vulnerability in **Next.js** has been fixed in **version 15.2.2**. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while `npm run dev` is active.\n\nBecause the mitigation is potentially a breaking change for some development setups, to opt-in to the fix, you must configure `allowedDevOrigins` in your next config after upgrading to a patched version. [Learn more](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins).\n\nLearn more: https://vercel.com/changelog/cve-2025-48068\n\n## Credit\n\nThanks to [sapphi-red](https://github.com/sapphi-red) and [Radman Siddiki](https://github.com/R4356th) for responsibly disclosing this issue.",
"published_at": "2025-05-28T21:52:13Z",
"updated_at": "2025-06-13T14:41:21Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-48068",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/cve-2025-48068"
],
"aliases": [
"CVE-2025-48068",
"GHSA-3h52-269p-cp9r"
],
"cve_ids": [
"CVE-2025-48068"
],
"ghsa_ids": [
"GHSA-3h52-269p-cp9r"
],
"osv_ids": [
"GHSA-3h52-269p-cp9r"
],
"affected_versions": [
"introduced=15.0.0, fixed<15.2.2",
"introduced=13.0, fixed<14.2.30"
],
"fixed_versions": [
"15.2.2",
"14.2.30"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/nextjs--CVE-2025-49005.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "nextjs--CVE-2025-49005",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js has a Cache poisoning vulnerability due to omission of the Vary header",
"summary": "### Summary\n\nA cache poisoning issue in **Next.js App Router >=15.3.0 and < 15.3.3** may have allowed RSC payloads to be cached and served in place of HTML, under specific conditions involving middleware and redirects. This issue has been fixed in **Next.js 15.3.3**.\n\nUsers on affected versions should **upgrade immediately** and **redeploy** to ensure proper caching behavior.\n\nMore details: [CVE-2025-49005](https://vercel.com/changelog/cve-2025-49005)",
"published_at": "2025-07-03T20:30:18Z",
"updated_at": "2026-02-04T02:37:18.974477Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-49005",
"https://github.com/vercel/next.js/issues/79346",
"https://github.com/vercel/next.js/pull/79939",
"https://github.com/vercel/next.js/commit/ec202eccf05820b60c6126d6411fe16766ecc066",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v15.3.3",
"https://vercel.com/changelog/cve-2025-49005"
],
"aliases": [
"CVE-2025-49005",
"GHSA-r2fc-ccr8-96c4"
],
"cve_ids": [
"CVE-2025-49005"
],
"ghsa_ids": [
"GHSA-r2fc-ccr8-96c4"
],
"osv_ids": [
"GHSA-r2fc-ccr8-96c4"
],
"affected_versions": [
"introduced=15.3.0, fixed<15.3.3"
],
"fixed_versions": [
"15.3.3"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

62
08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json 普通文件
查看文件

@@ -0,0 +1,62 @@
{
"canonical_id": "nextjs--CVE-2025-49826",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.JS vulnerability can lead to DoS via cache poisoning ",
"summary": "### Summary\nA vulnerability affecting Next.js has been addressed. It impacted versions 15.0.4 through 15.1.8 and involved a cache poisoning bug leading to a Denial of Service (DoS) condition.\n\nUnder certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page\n\nMore details: [CVE-2025-49826](https://vercel.com/changelog/cve-2025-49826)\n\n## Credits\n- Allam Rachid [zhero;](https://zhero-web-sec.github.io/research-and-things/)\n- Allam Yasser (inzo)",
"published_at": "2025-07-03T21:14:48Z",
"updated_at": "2025-07-03T21:49:52Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-49826",
"https://github.com/vercel/next.js/commit/16bfce64ef2157f2c1dfedcfdb7771bc63103fd2",
"https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v15.1.8",
"https://vercel.com/changelog/cve-2025-49826"
],
"aliases": [
"CVE-2025-49826",
"GHSA-67rr-84xm-4c7r"
],
"cve_ids": [
"CVE-2025-49826"
],
"ghsa_ids": [
"GHSA-67rr-84xm-4c7r"
],
"osv_ids": [
"GHSA-67rr-84xm-4c7r"
],
"affected_versions": [
"introduced=15.0.4-canary.51, fixed<15.1.8"
],
"fixed_versions": [
"15.1.8"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "nextjs--CVE-2025-55173",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js Content Injection Vulnerability for Image Optimization",
"summary": "A vulnerability in **Next.js Image Optimization** has been fixed in **v15.4.5** and **v14.2.31**. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery.\n\nAll users relying on `images.domains` or `images.remotePatterns` are encouraged to upgrade and verify that external image sources are strictly validated.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-55173)",
"published_at": "2025-08-29T21:59:55Z",
"updated_at": "2026-02-04T04:35:34.538107Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-55173",
"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/cve-2025-55173",
"http://vercel.com/changelog/cve-2025-55173"
],
"aliases": [
"CVE-2025-55173",
"GHSA-xv57-4mr9-wg8v"
],
"cve_ids": [
"CVE-2025-55173"
],
"ghsa_ids": [
"GHSA-xv57-4mr9-wg8v"
],
"osv_ids": [
"GHSA-xv57-4mr9-wg8v"
],
"affected_versions": [
"introduced=0.9.9, fixed<14.2.31",
"introduced=15.0.0, fixed<15.4.5"
],
"fixed_versions": [
"14.2.31",
"15.4.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "nextjs--CVE-2025-57752",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js Affected by Cache Key Confusion for Image Optimization API Routes",
"summary": "A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers (such as `Cookie` or `Authorization`), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug.\n\nAll users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57752)",
"published_at": "2025-08-29T22:06:22Z",
"updated_at": "2026-02-04T02:50:08.291668Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-57752",
"https://github.com/vercel/next.js/pull/82114",
"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/cve-2025-57752"
],
"aliases": [
"CVE-2025-57752",
"GHSA-g5qg-72qw-gw5v"
],
"cve_ids": [
"CVE-2025-57752"
],
"ghsa_ids": [
"GHSA-g5qg-72qw-gw5v"
],
"osv_ids": [
"GHSA-g5qg-72qw-gw5v"
],
"affected_versions": [
"introduced=0.9.9, fixed<14.2.31",
"introduced=15.0.0, fixed<15.4.5"
],
"fixed_versions": [
"14.2.31",
"15.4.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

63
08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json 普通文件
查看文件

@@ -0,0 +1,63 @@
{
"canonical_id": "nextjs--CVE-2025-57822",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js Improper Middleware Redirect Handling Leads to SSRF",
"summary": "A vulnerability in **Next.js Middleware** has been fixed in **v14.2.32** and **v15.4.7**. The issue occurred when request headers were directly passed into `NextResponse.next()`. In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response.\n\nAll users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the `next()` function.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57822)",
"published_at": "2025-08-29T21:33:09Z",
"updated_at": "2026-02-04T04:20:45.658010Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-57822",
"https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/cve-2025-57822"
],
"aliases": [
"CVE-2025-57822",
"GHSA-4342-x723-ch2f"
],
"cve_ids": [
"CVE-2025-57822"
],
"ghsa_ids": [
"GHSA-4342-x723-ch2f"
],
"osv_ids": [
"GHSA-4342-x723-ch2f"
],
"affected_versions": [
"introduced=0.9.9, fixed<14.2.32",
"introduced=15.0.0-canary.0, fixed<15.4.7"
],
"fixed_versions": [
"14.2.32",
"15.4.7"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"ssrf-url-validation"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "nextjs--CVE-2025-59471",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
"summary": "A DoS vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that `remotePatterns` is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain.\n\nStrongly consider upgrading to 15.5.10 and 16.1.5 to reduce risk and prevent availability issues in Next applications.",
"published_at": "2026-01-27T19:18:25Z",
"updated_at": "2026-02-10T01:28:46.973023Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-59471",
"https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c",
"https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v15.5.10",
"https://github.com/vercel/next.js/releases/tag/v16.1.5"
],
"aliases": [
"CVE-2025-59471",
"GHSA-9g9p-9gw9-jx7f"
],
"cve_ids": [
"CVE-2025-59471"
],
"ghsa_ids": [
"GHSA-9g9p-9gw9-jx7f"
],
"osv_ids": [
"GHSA-9g9p-9gw9-jx7f"
],
"affected_versions": [
"introduced=10.0.0, fixed<15.5.10",
"introduced=15.6.0-canary.0, fixed<16.1.5"
],
"fixed_versions": [
"15.5.10",
"16.1.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "nextjs--CVE-2025-59472",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
"summary": "A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state data. Two closely related vulnerabilities allow an attacker to crash the server process through memory exhaustion:\n\n1. **Unbounded request body buffering**: The server buffers the entire POST request body into memory using `Buffer.concat()` without enforcing any size limit, allowing arbitrarily large payloads to exhaust available memory.\n\n2. **Unbounded decompression (zipbomb)**: The resume data cache is decompressed using `inflateSync()` without limiting the decompressed output size. A small compressed payload can expand to hundreds of megabytes or gigabytes, causing memory exhaustion.\n\nBoth attack vectors result in a fatal V8 out-of-memory error (`FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory`) causing the Node.js process to terminate. The zipbomb variant is particularly dangerous as it can bypass reverse proxy request size limits while still causing large memory allocation on the server.\n\nTo be affected, an application must run with `experimental.ppr: true` or `cacheComponents: true` configured along with the NEXT_PRIVATE_MINIMAL_MODE=1 environment variable.\n\nStrongly consider upgrading to 15.6.0-canary.61 or 16.1.5 to reduce risk and prevent availability issues in Next applications.",
"published_at": "2026-01-28T15:20:55Z",
"updated_at": "2026-02-06T13:13:43.709252Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q-jpqc-wp7h",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-59472",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472"
],
"aliases": [
"CVE-2025-59472",
"GHSA-5f7q-jpqc-wp7h"
],
"cve_ids": [
"CVE-2025-59472"
],
"ghsa_ids": [
"GHSA-5f7q-jpqc-wp7h"
],
"osv_ids": [
"GHSA-5f7q-jpqc-wp7h"
],
"affected_versions": [
"introduced=15.0.0-canary.0, fixed<15.6.0-canary.61",
"introduced=16.0.0-beta.0, fixed<16.1.5"
],
"fixed_versions": [
"15.6.0-canary.61",
"16.1.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

77
08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json 普通文件
查看文件

@@ -0,0 +1,77 @@
{
"canonical_id": "nextjs--GHSA-5j59-xgg2-r9c4",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
"summary": "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. \n\nThis vulnerability affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\nA malicious actor can send a specially crafted HTTP request to a Server Function endpoint that, when deserialized, causes the React Server Components runtime to enter an infinite loop. This can lead to sustained CPU consumption and cause the affected server process to become unresponsive, resulting in a denial-of-service condition in unpatched environments.",
"published_at": "2025-12-12T17:21:57Z",
"updated_at": "2026-02-04T02:46:38.768104Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-67779",
"https://github.com/vercel/next.js",
"https://nextjs.org/blog/security-update-2025-12-11",
"https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components",
"https://www.cve.org/CVERecord?id=CVE-2025-55184",
"https://www.facebook.com/security/advisories/cve-2025-67779"
],
"aliases": [
"GHSA-5j59-xgg2-r9c4"
],
"cve_ids": [],
"ghsa_ids": [
"GHSA-5j59-xgg2-r9c4"
],
"osv_ids": [
"GHSA-5j59-xgg2-r9c4"
],
"affected_versions": [
"introduced=13.3.1-canary.0, fixed<14.2.35",
"introduced=15.0.6, fixed<15.0.7",
"introduced=15.1.10, fixed<15.1.11",
"introduced=15.2.7, fixed<15.2.8",
"introduced=15.3.7, fixed<15.3.8",
"introduced=15.4.9, fixed<15.4.10",
"introduced=15.5.8, fixed<15.5.9",
"introduced=15.6.0-canary.59, fixed<15.6.0-canary.60",
"introduced=16.0.9, fixed<16.0.10",
"introduced=16.1.0-canary.17, fixed<16.1.0-canary.19"
],
"fixed_versions": [
"14.2.35",
"15.0.7",
"15.1.11",
"15.2.8",
"15.3.8",
"15.4.10",
"15.5.9",
"15.6.0-canary.60",
"16.0.10",
"16.1.0-canary.19"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

70
08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json 普通文件
查看文件

@@ -0,0 +1,70 @@
{
"canonical_id": "nextjs--GHSA-9qr9-h5gf-34mp",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js is vulnerable to RCE in React flight protocol",
"summary": "A vulnerability affects certain React packages<sup>1</sup> for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182). \n\nFixed in:\nReact: 19.0.1, 19.1.2, 19.2.1\nNext.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7, 15.6.0-canary.58, 16.1.0-canary.12+\n\nThe vulnerability also affects experimental canary releases starting with 14.3.0-canary.77. Users on any of the 14.3 canary builds should either downgrade to a 14.x stable release or 14.3.0-canary.76.\n\nAll users of stable 15.x or 16.x Next.js versions should upgrade to a patched, stable version immediately.\n\n<sup>1</sup> The affected React packages are:\n- react-server-dom-parcel\n- react-server-dom-turbopack\n- react-server-dom-webpack",
"published_at": "2025-12-03T19:07:11Z",
"updated_at": "2026-02-04T03:45:15.823345Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r",
"secondary_source_urls": [
"https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp",
"https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp",
"https://nvd.nist.gov/vuln/detail/CVE-2025-55182",
"https://github.com/vercel/next.js"
],
"aliases": [
"GHSA-9qr9-h5gf-34mp"
],
"cve_ids": [],
"ghsa_ids": [
"GHSA-9qr9-h5gf-34mp"
],
"osv_ids": [
"GHSA-9qr9-h5gf-34mp"
],
"affected_versions": [
"introduced=14.3.0-canary.77, fixed<15.0.5",
"introduced=15.1.0-canary.0, fixed<15.1.9",
"introduced=15.2.0-canary.0, fixed<15.2.6",
"introduced=15.3.0-canary.0, fixed<15.3.6",
"introduced=15.4.0-canary.0, fixed<15.4.8",
"introduced=15.5.0-canary.0, fixed<15.5.7",
"introduced=16.0.0-canary.0, fixed<16.0.7"
],
"fixed_versions": [
"15.0.5",
"15.1.9",
"15.2.6",
"15.3.6",
"15.4.8",
"15.5.7",
"16.0.7"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

75
08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json 普通文件
查看文件

@@ -0,0 +1,75 @@
{
"canonical_id": "nextjs--GHSA-h25m-26qc-wcjf",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
"summary": "A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).\n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.",
"published_at": "2026-01-28T15:38:01Z",
"updated_at": "2026-02-13T00:43:52.836085Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg",
"secondary_source_urls": [
"https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf",
"https://nvd.nist.gov/vuln/detail/CVE-2026-23864",
"https://github.com/vercel/next.js",
"https://vercel.com/changelog/summary-of-cve-2026-23864"
],
"aliases": [
"GHSA-h25m-26qc-wcjf"
],
"cve_ids": [],
"ghsa_ids": [
"GHSA-h25m-26qc-wcjf"
],
"osv_ids": [
"GHSA-h25m-26qc-wcjf"
],
"affected_versions": [
"introduced=13.0.0, fixed<15.0.8",
"introduced=15.1.1-canary.0, fixed<15.1.12",
"introduced=15.2.0-canary.0, fixed<15.2.9",
"introduced=15.3.0-canary.0, fixed<15.3.9",
"introduced=15.4.0-canary.0, fixed<15.4.11",
"introduced=15.5.1-canary.0, fixed<15.5.10",
"introduced=15.6.0-canary.0, fixed<15.6.0-canary.61",
"introduced=16.0.0-beta.0, fixed<16.0.11",
"introduced=16.1.0-canary.0, fixed<16.1.5"
],
"fixed_versions": [
"15.0.8",
"15.1.12",
"15.2.9",
"15.3.9",
"15.4.11",
"15.5.10",
"15.6.0-canary.61",
"16.0.11",
"16.1.5"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy",
"deserialization-safety"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

75
08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json 普通文件
查看文件

@@ -0,0 +1,75 @@
{
"canonical_id": "nextjs--GHSA-mwv6-3258-q52c",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next Vulnerable to Denial of Service with Server Components",
"summary": "A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).\n\nA malicious HTTP request can be crafted and sent to any App Router endpoint that, when deserialized, can cause the server process to hang and consume CPU. This can result in denial of service in unpatched environments.",
"published_at": "2025-12-11T22:49:27Z",
"updated_at": "2026-02-04T03:55:54.855562Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c",
"secondary_source_urls": [
"https://github.com/vercel/next.js",
"https://nextjs.org/blog/security-update-2025-12-11",
"https://www.cve.org/CVERecord?id=CVE-2025-55184"
],
"aliases": [
"GHSA-mwv6-3258-q52c"
],
"cve_ids": [],
"ghsa_ids": [
"GHSA-mwv6-3258-q52c"
],
"osv_ids": [
"GHSA-mwv6-3258-q52c"
],
"affected_versions": [
"introduced=13.3.0, fixed<14.2.34",
"introduced=15.0.0-canary.0, fixed<15.0.6",
"introduced=15.1.1-canary.0, fixed<15.1.10",
"introduced=15.2.0-canary.0, fixed<15.2.7",
"introduced=15.3.0-canary.0, fixed<15.3.7",
"introduced=15.4.0-canary.0, fixed<15.4.9",
"introduced=15.5.1-canary.0, fixed<15.5.8",
"introduced=15.6.0-canary.0, fixed<15.6.0-canary.59",
"introduced=16.0.0-beta.0, fixed<16.0.9",
"introduced=16.1.0-canary.0, fixed<16.1.0-canary.17"
],
"fixed_versions": [
"14.2.34",
"15.0.6",
"15.1.10",
"15.2.7",
"15.3.7",
"15.4.9",
"15.5.8",
"15.6.0-canary.59",
"16.0.9",
"16.1.0-canary.17"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

73
08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json 普通文件
查看文件

@@ -0,0 +1,73 @@
{
"canonical_id": "nextjs--GHSA-w37m-7fhw-fmv9",
"system_id": "nextjs",
"display_name": "Next.js",
"category": "frameworks",
"advisory_mode": "core",
"title": "Next Server Actions Source Code Exposure ",
"summary": "A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183).\n\nA malicious HTTP request can be crafted and sent to any App Router endpoint that can return the compiled source code of [Server Functions](https://react.dev/reference/rsc/server-functions). This could reveal business logic, but would not expose secrets unless they were hardcoded directly into [Server Function](https://react.dev/reference/rsc/server-functions) code.",
"published_at": "2025-12-11T22:49:56Z",
"updated_at": "2026-02-04T02:51:40.627151Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-w37m-7fhw-fmv9",
"secondary_source_urls": [
"https://github.com/vercel/next.js",
"https://nextjs.org/blog/security-update-2025-12-11",
"https://www.cve.org/CVERecord?id=CVE-2025-55183"
],
"aliases": [
"GHSA-w37m-7fhw-fmv9"
],
"cve_ids": [],
"ghsa_ids": [
"GHSA-w37m-7fhw-fmv9"
],
"osv_ids": [
"GHSA-w37m-7fhw-fmv9"
],
"affected_versions": [
"introduced=15.0.0-canary.0, fixed<15.0.6",
"introduced=15.1.1-canary.0, fixed<15.1.10",
"introduced=15.2.0-canary.0, fixed<15.2.7",
"introduced=15.3.0-canary.0, fixed<15.3.7",
"introduced=15.4.0-canary.0, fixed<15.4.9",
"introduced=15.5.1-canary.0, fixed<15.5.8",
"introduced=15.6.0-canary.0, fixed<15.6.0-canary.59",
"introduced=16.0.0-beta.0, fixed<16.0.9",
"introduced=16.1.0-canary.0, fixed<16.1.0-canary.17"
],
"fixed_versions": [
"15.0.6",
"15.1.10",
"15.2.7",
"15.3.7",
"15.4.9",
"15.5.8",
"15.6.0-canary.59",
"16.0.9",
"16.1.0-canary.17"
],
"package_name": "next",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md",
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Next.js"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/undici--CVE-2022-31151.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "undici--CVE-2022-31151",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect",
"summary": "### Impact\n\nAuthorization headers are already cleared on cross-origin redirect in\nhttps://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189, based on https://github.com/nodejs/undici/issues/872.\n\nHowever, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There also has been active discussion of implementing a cookie store https://github.com/nodejs/undici/pull/1441, which suggests that there are active users using cookie headers in undici.\nAs such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.\n\n### Patches\n\nThis was patched in v5.8.0.\n\n### Workarounds\n\nBy default, this vulnerability is not exploitable.\nDo not enable redirections, i.e. `maxRedirections: 0` (the default). \n\n### References\n\nhttps://hackerone.com/reports/1635514\nhttps://curl.se/docs/CVE-2018-1000007.html\nhttps://curl.se/docs/CVE-2022-27776.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [undici repository](https://github.com/nodejs/undici/issues)\n* To make a report, follow the [SECURITY](https://github.com/nodejs/node/blob/HEAD/SECURITY.md) document\n",
"published_at": "2022-07-21T20:31:05Z",
"updated_at": "2026-02-04T03:02:08.652391Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-31151",
"https://github.com/nodejs/undici/issues/872",
"https://github.com/nodejs/undici/pull/1441",
"https://github.com/nodejs/undici/commit/0a5bee9465e627be36bac88edf7d9bbc9626126d",
"https://hackerone.com/reports/1635514",
"https://github.com/nodejs/undici",
"https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189",
"https://github.com/nodejs/undici/releases/tag/v5.8.0",
"https://security.netapp.com/advisory/ntap-20220909-0006"
],
"aliases": [
"CVE-2022-31151",
"GHSA-q768-x9m6-m9qp"
],
"cve_ids": [
"CVE-2022-31151"
],
"ghsa_ids": [
"GHSA-q768-x9m6-m9qp"
],
"osv_ids": [
"GHSA-q768-x9m6-m9qp"
],
"affected_versions": [
"introduced=0, fixed<5.8.0"
],
"fixed_versions": [
"5.8.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

58
08-threat-intel/registry/advisories/undici--CVE-2022-32210.json 普通文件
查看文件

@@ -0,0 +1,58 @@
{
"canonical_id": "undici--CVE-2022-32210",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "ProxyAgent vulnerable to MITM",
"summary": "### Description\n\n`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.\n\n### Impact\n\nThis affects all use of HTTPS via HTTP proxy using **`Undici.ProxyAgent`** with Undici or Node's global `fetch`. In this case, it removes all HTTPS security from all requests sent using Undici's `ProxyAgent`, allowing trivial MitM attacks by anybody on the network path between the client and the target server (local network users, your ISP, the proxy, the target server's ISP, etc).\nThis less seriously affects HTTPS via HTTPS proxies. When you send HTTPS via a proxy to a remote server, the proxy can freely view or modify all HTTPS traffic unexpectedly (but only the proxy). \n\n### Patches\n\nThis issue was patched in Undici v5.5.1.\n\n### Workarounds\n\nAt the time of writing, the only workaround is to not use `ProxyAgent` as a dispatcher for TLS Connections.",
"published_at": "2022-06-17T01:02:29Z",
"updated_at": "2026-03-13T22:15:23.541247Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-32210",
"https://hackerone.com/reports/1583680",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2022-32210",
"GHSA-pgw7-wx7w-2w33"
],
"cve_ids": [
"CVE-2022-32210"
],
"ghsa_ids": [
"GHSA-pgw7-wx7w-2w33"
],
"osv_ids": [
"GHSA-pgw7-wx7w-2w33"
],
"affected_versions": [
"introduced=4.8.2, fixed<5.5.1"
],
"fixed_versions": [
"5.5.1"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

68
08-threat-intel/registry/advisories/undici--CVE-2023-45143.json 普通文件
查看文件

@@ -0,0 +1,68 @@
{
"canonical_id": "undici--CVE-2023-45143",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
"summary": "### Impact\n\nUndici clears Authorization headers on cross-origin redirects, but does not clear `Cookie` headers. By design, `cookie` headers are [forbidden request headers](https://fetch.spec.whatwg.org/#forbidden-request-header), disallowing them to be set in `RequestInit.headers` in browser environments. Since Undici handles headers more liberally than the specification, there was a disconnect from the assumptions the spec made, and Undici's implementation of fetch.\n\nAs such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.\n\n### Patches\n\nThis was patched in [e041de359221ebeae04c469e8aff4145764e6d76](https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76), which is included in version 5.26.2.\n",
"published_at": "2023-10-16T14:05:37Z",
"updated_at": "2026-02-04T02:35:56.289390Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp",
"secondary_source_urls": [
"https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g",
"https://nvd.nist.gov/vuln/detail/CVE-2023-45143",
"https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76",
"https://hackerone.com/reports/2166948",
"https://github.com/nodejs/undici",
"https://github.com/nodejs/undici/releases/tag/v5.26.2",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
],
"aliases": [
"CVE-2023-45143",
"GHSA-wqq4-5wpv-mx2g"
],
"cve_ids": [
"CVE-2023-45143"
],
"ghsa_ids": [
"GHSA-wqq4-5wpv-mx2g"
],
"osv_ids": [
"GHSA-wqq4-5wpv-mx2g"
],
"affected_versions": [
"introduced=0, fixed<5.26.2"
],
"fixed_versions": [
"5.26.2"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"token-cookie-storage"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/undici--CVE-2024-30260.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "undici--CVE-2024-30260",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
"summary": "### Impact\n\nUndici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`.\n\n### Patches\n\nThis has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75.\nFixes has been released in v5.28.4 and v6.11.1.\n\n### Workarounds\n\nuse `fetch()` or disable `maxRedirections`.\n\n### References\n\nLinzi Shang reported this.\n\n* https://hackerone.com/reports/2408074\n* https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3",
"published_at": "2024-04-04T14:20:39Z",
"updated_at": "2025-11-04T19:44:28Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
"https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f",
"https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75",
"https://hackerone.com/reports/2408074",
"https://github.com/nodejs/undici",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
"https://security.netapp.com/advisory/ntap-20240905-0008"
],
"aliases": [
"CVE-2024-30260",
"GHSA-m4v8-wqvr-p9f7"
],
"cve_ids": [
"CVE-2024-30260"
],
"ghsa_ids": [
"GHSA-m4v8-wqvr-p9f7"
],
"osv_ids": [
"GHSA-m4v8-wqvr-p9f7"
],
"affected_versions": [
"introduced=0, fixed<5.28.4",
"introduced=6.0.0, fixed<6.11.1"
],
"fixed_versions": [
"5.28.4",
"6.11.1"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

66
08-threat-intel/registry/advisories/undici--CVE-2024-30261.json 普通文件
查看文件

@@ -0,0 +1,66 @@
{
"canonical_id": "undici--CVE-2024-30261",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
"summary": "### Impact\n\nIf an attacker can alter the `integrity` option passed to `fetch()`, they can let `fetch()` accept requests as valid even if they have been tampered.\n\n### Patches\n\nFixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3.\nFixes has been released in v5.28.4 and v6.11.1.\n\n\n### Workarounds\n\nEnsure that `integrity` cannot be tampered with.\n\n### References\n\nhttps://hackerone.com/reports/2377760",
"published_at": "2024-04-04T14:20:54Z",
"updated_at": "2025-11-04T19:44:42Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
"https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
"https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
"https://hackerone.com/reports/2377760",
"https://github.com/nodejs/undici",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E",
"https://security.netapp.com/advisory/ntap-20240905-0008"
],
"aliases": [
"CVE-2024-30261",
"GHSA-9qxr-qj54-h672"
],
"cve_ids": [
"CVE-2024-30261"
],
"ghsa_ids": [
"GHSA-9qxr-qj54-h672"
],
"osv_ids": [
"GHSA-9qxr-qj54-h672"
],
"affected_versions": [
"introduced=0, fixed<5.28.4",
"introduced=6.0.0, fixed<6.11.1"
],
"fixed_versions": [
"5.28.4",
"6.11.1"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

67
08-threat-intel/registry/advisories/undici--CVE-2025-22150.json 普通文件
查看文件

@@ -0,0 +1,67 @@
{
"canonical_id": "undici--CVE-2025-22150",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Use of Insufficiently Random Values in undici",
"summary": "### Impact\n\n[Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113) to choose the boundary for a multipart/form-data request. It is known that the output of Math.random() can be predicted if several of its generated values are known.\n\nIf there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, An attacker can tamper with the requests going to the backend APIs if certain conditions are met.\n\n### Patches\n\nThis is fixed in 5.28.5; 6.21.1; 7.2.3.\n\n### Workarounds\n\nDo not issue multipart requests to attacker controlled servers.\n\n### References\n\n* https://hackerone.com/reports/2913312\n* https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\n",
"published_at": "2025-01-21T21:10:47Z",
"updated_at": "2026-02-04T02:29:26.373390Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"https://hackerone.com/reports/2913312",
"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"https://github.com/nodejs/undici",
"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
],
"aliases": [
"CVE-2025-22150",
"GHSA-c76h-2ccp-4975"
],
"cve_ids": [
"CVE-2025-22150"
],
"ghsa_ids": [
"GHSA-c76h-2ccp-4975"
],
"osv_ids": [
"GHSA-c76h-2ccp-4975"
],
"affected_versions": [
"introduced=4.5.0, fixed<5.28.5",
"introduced=6.0.0, fixed<6.21.1",
"introduced=7.0.0, fixed<7.2.3"
],
"fixed_versions": [
"5.28.5",
"6.21.1",
"7.2.3"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/undici--CVE-2025-47279.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "undici--CVE-2025-47279",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "undici Denial of Service attack via bad certificate data",
"summary": "### Impact\n\nApplications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. \n\n### Patches\n\nThis has been patched in https://github.com/nodejs/undici/pull/4088.\n\n### Workarounds\n\nIf a webhook fails, avoid keep calling it repeatedly.\n\n### References\n\nReported as: https://github.com/nodejs/undici/issues/3895",
"published_at": "2025-05-15T14:15:06Z",
"updated_at": "2026-02-06T22:08:08.311705Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-47279",
"https://github.com/nodejs/undici/issues/3895",
"https://github.com/nodejs/undici/pull/4088",
"https://github.com/nodejs/undici/commit/f317618ec28753a4218beccea048bcf89c36db25",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2025-47279",
"GHSA-cxrh-j4jr-qwg3"
],
"cve_ids": [
"CVE-2025-47279"
],
"ghsa_ids": [
"GHSA-cxrh-j4jr-qwg3"
],
"osv_ids": [
"GHSA-cxrh-j4jr-qwg3"
],
"affected_versions": [
"introduced=0, fixed<5.29.0",
"introduced=6.0.0, fixed<6.21.2",
"introduced=7.0.0, fixed<7.5.0"
],
"fixed_versions": [
"5.29.0",
"6.21.2",
"7.5.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/undici--CVE-2026-1525.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "undici--CVE-2026-1525",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"summary": "### Impact\n\nUndici allows duplicate HTTP `Content-Length` headers when they are provided in an array with case-variant names (e.g., `Content-Length` and `content-length`). This produces malformed HTTP/1.1 requests with multiple conflicting `Content-Length` values on the wire.\n\n**Who is impacted:**\n - Applications using `undici.request()`, `undici.Client`, or similar low-level APIs with headers passed as flat arrays\n - Applications that accept user-controlled header names without case-normalization\n\n**Potential consequences:**\n - **Denial of Service**: Strict HTTP parsers (proxies, servers) will reject requests with duplicate `Content-Length` headers (400 Bad Request)\n - **HTTP Request Smuggling**: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\n If upgrading is not immediately possible:\n\n 1. **Validate header names**: Ensure no duplicate `Content-Length` headers (case-insensitive) are present before passing headers to undici\n 2. **Use object format**: Pass headers as a plain object (`{ 'content-length': '123' }`) rather than an array, which naturally deduplicates by key\n 3. **Sanitize user input**: If headers originate from user input, normalize header names to lowercase and reject duplicates",
"published_at": "2026-03-13T20:07:03Z",
"updated_at": "2026-03-14T09:19:54.772219Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"https://hackerone.com/reports/3556037",
"https://cna.openjsf.org/security-advisories.html",
"https://cwe.mitre.org/data/definitions/444.html",
"https://github.com/nodejs/undici",
"https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
],
"aliases": [
"CVE-2026-1525",
"GHSA-2mjp-6q6p-2qxm"
],
"cve_ids": [
"CVE-2026-1525"
],
"ghsa_ids": [
"GHSA-2mjp-6q6p-2qxm"
],
"osv_ids": [
"GHSA-2mjp-6q6p-2qxm"
],
"affected_versions": [
"introduced=0, fixed<6.24.0",
"introduced=7.0.0, fixed<7.24.0"
],
"fixed_versions": [
"6.24.0",
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"request-smuggling-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/undici--CVE-2026-1526.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "undici--CVE-2026-1526",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"summary": "## Description\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a \"decompression bomb\") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.\n\nThe vulnerability exists in the `PerMessageDeflate.decompress()` method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.\n\n## Impact\n\n- Remote denial of service against any Node.js application using undici's WebSocket client\n- A single compressed WebSocket frame of ~6 MB can decompress to ~1 GB or more\n- Memory exhaustion occurs in native/external memory, bypassing V8 heap limits\n- No application-level mitigation is possible as decompression occurs before message delivery\n\n### Patches\n\nUsers should upgrade to fixed versions.\n\n### Workarounds\n\nNo workaround are possible.",
"published_at": "2026-03-13T20:41:56Z",
"updated_at": "2026-03-13T20:54:25.563997Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"https://hackerone.com/reports/3481206",
"https://cna.openjsf.org/security-advisories.html",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://owasp.org/www-community/attacks/Denial_of_Service"
],
"aliases": [
"CVE-2026-1526",
"GHSA-vrm6-8vpv-qv8q"
],
"cve_ids": [
"CVE-2026-1526"
],
"ghsa_ids": [
"GHSA-vrm6-8vpv-qv8q"
],
"osv_ids": [
"GHSA-vrm6-8vpv-qv8q"
],
"affected_versions": [
"introduced=0, fixed<6.24.0",
"introduced=7.0.0, fixed<7.24.0"
],
"fixed_versions": [
"6.24.0",
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/undici--CVE-2026-1527.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "undici--CVE-2026-1527",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"summary": "### Impact\n\nWhen an application passes user-controlled input to the `upgrade` option of `client.request()`, an attacker can inject CRLF sequences (`\\r\\n`) to:\n\n1. Inject arbitrary HTTP headers\n2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)\n\nThe vulnerability exists because undici writes the `upgrade` value directly to the socket without validating for invalid header characters:\n\n```javascript\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}\n```\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nSanitize the `upgrade` option string before passing to undici:\n\n```javascript\nfunction sanitizeUpgrade(value) {\n if (/[\\r\\n]/.test(value)) {\n throw new Error('Invalid upgrade value')\n }\n return value\n}\n\nclient.request({\n upgrade: sanitizeUpgrade(userInput)\n})\n```",
"published_at": "2026-03-13T20:41:26Z",
"updated_at": "2026-03-13T20:54:25.572106Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
"https://hackerone.com/reports/3487198",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-1527",
"GHSA-4992-7rv2-5pvq"
],
"cve_ids": [
"CVE-2026-1527"
],
"ghsa_ids": [
"GHSA-4992-7rv2-5pvq"
],
"osv_ids": [
"GHSA-4992-7rv2-5pvq"
],
"affected_versions": [
"introduced=0, fixed<6.24.0",
"introduced=7.0.0, fixed<7.24.0"
],
"fixed_versions": [
"6.24.0",
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

61
08-threat-intel/registry/advisories/undici--CVE-2026-1528.json 普通文件
查看文件

@@ -0,0 +1,61 @@
{
"canonical_id": "undici--CVE-2026-1528",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"summary": "### Impact\nA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. \n\n### Patches\n\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nThere are no workarounds.",
"published_at": "2026-03-13T20:07:26Z",
"updated_at": "2026-03-14T09:17:45.838435Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"https://hackerone.com/reports/3537648",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-1528",
"GHSA-f269-vfmq-vjvj"
],
"cve_ids": [
"CVE-2026-1528"
],
"ghsa_ids": [
"GHSA-f269-vfmq-vjvj"
],
"osv_ids": [
"GHSA-f269-vfmq-vjvj"
],
"affected_versions": [
"introduced=6.0.0, fixed<6.24.0",
"introduced=7.0.0, fixed<7.24.0"
],
"fixed_versions": [
"6.24.0",
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

60
08-threat-intel/registry/advisories/undici--CVE-2026-22036.json 普通文件
查看文件

@@ -0,0 +1,60 @@
{
"canonical_id": "undici--CVE-2026-22036",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"summary": "### Impact\n\nThe `fetch()` API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, br). This is also supported by the undici decompress interceptor.\n\nHowever, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation.\n\n### Patches\n\nUpgrade to 7.18.2 or 6.23.0.\n\n### Workarounds\n\nIt is possible to apply an undici interceptor and filter long `Content-Encoding` sequences manually.\n\n### References\n\n* https://hackerone.com/reports/3456148\n* https://github.com/advisories/GHSA-gm62-xv2j-4w53\n* https://curl.se/docs/CVE-2022-32206.html",
"published_at": "2026-01-14T21:06:08Z",
"updated_at": "2026-02-04T02:56:17.456091Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-22036",
"https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-22036",
"GHSA-g9mf-h72j-4rw9"
],
"cve_ids": [
"CVE-2026-22036"
],
"ghsa_ids": [
"GHSA-g9mf-h72j-4rw9"
],
"osv_ids": [
"GHSA-g9mf-h72j-4rw9"
],
"affected_versions": [
"introduced=7.0.0, fixed<7.18.2",
"introduced=0, fixed<6.23.0"
],
"fixed_versions": [
"7.18.2",
"6.23.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

64
08-threat-intel/registry/advisories/undici--CVE-2026-2229.json 普通文件
查看文件

@@ -0,0 +1,64 @@
{
"canonical_id": "undici--CVE-2026-2229",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"summary": "### Impact\n\nThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range `server_max_window_bits` value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.\n\nThe vulnerability exists because:\n\n1. The `isValidClientWindowBits()` function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15\n2. The `createInflateRaw()` call is not wrapped in a try-catch block\n3. The resulting exception propagates up through the call stack and crashes the Node.js process\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_",
"published_at": "2026-03-13T20:41:41Z",
"updated_at": "2026-03-13T20:54:26.149214Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"https://hackerone.com/reports/3487486",
"https://cna.openjsf.org/security-advisories.html",
"https://datatracker.ietf.org/doc/html/rfc7692",
"https://github.com/nodejs/undici",
"https://nodejs.org/api/zlib.html#class-zlibinflateraw"
],
"aliases": [
"CVE-2026-2229",
"GHSA-v9p9-hfj2-hcw8"
],
"cve_ids": [
"CVE-2026-2229"
],
"ghsa_ids": [
"GHSA-v9p9-hfj2-hcw8"
],
"osv_ids": [
"GHSA-v9p9-hfj2-hcw8"
],
"affected_versions": [
"introduced=0, fixed<6.24.0",
"introduced=7.0.0, fixed<7.24.0"
],
"fixed_versions": [
"6.24.0",
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

59
08-threat-intel/registry/advisories/undici--CVE-2026-2581.json 普通文件
查看文件

@@ -0,0 +1,59 @@
{
"canonical_id": "undici--CVE-2026-2581",
"system_id": "undici",
"display_name": "Undici",
"category": "frameworks",
"advisory_mode": "core",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"summary": "## Impact\nThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when `interceptors.deduplicate()` is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\n## Patches\n\nThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\n\n## Workarounds\nIf upgrading immediately is not possible:\n\n- Disable `interceptors.deduplicate()` for affected clients/routes.\n- Use `skipHeaderNames` with a marker header to force high-risk requests to bypass deduplication.\n- Avoid concurrent identical requests to untrusted endpoints that may return very large/chunked bodies.\n- Apply upstream/proxy response-size and timeout limits.",
"published_at": "2026-03-13T20:37:58Z",
"updated_at": "2026-03-13T20:54:25.417862Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
"https://hackerone.com/reports/3513473",
"https://cna.openjsf.org/security-advisories.html",
"https://github.com/nodejs/undici"
],
"aliases": [
"CVE-2026-2581",
"GHSA-phc3-fgpg-7m6h"
],
"cve_ids": [
"CVE-2026-2581"
],
"ghsa_ids": [
"GHSA-phc3-fgpg-7m6h"
],
"osv_ids": [
"GHSA-phc3-fgpg-7m6h"
],
"affected_versions": [
"introduced=7.17.0, fixed<7.24.0"
],
"fixed_versions": [
"7.24.0"
],
"package_name": "undici",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md",
"secure_code_topics": [
"ssrf-url-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Undici"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

70
08-threat-intel/registry/advisories/vite--CVE-2024-23331.json 普通文件
查看文件

@@ -0,0 +1,70 @@
{
"canonical_id": "vite--CVE-2024-23331",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem",
"summary": "### Summary\n[Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows.\n\nThis bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems.\n\n### Patches\nFixed in vite@5.0.12, vite@4.5.2, vite@3.2.8, vite@2.9.17\n\n### Details\nSince `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. \n\nSee `picomatch` usage, where `nocase` is defaulted to `false`: https://github.com/vitejs/vite/blob/v5.1.0-beta.1/packages/vite/src/node/server/index.ts#L632\n\nBy requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. \n\n### PoC\n**Setup**\n1. Created vanilla Vite project using `npm create vite@latest` on a Standard Azure hosted Windows 10 instance. \n - `npm run dev -- --host 0.0.0.0`\n - Publicly accessible for the time being here: http://20.12.242.81:5173/ \n2. Created dummy secret files, e.g. `custom.secret` and `production.pem`\n3. Populated `vite.config.js` with\n```javascript\nexport default { server: { fs: { deny: ['.env', '.env.*', '*.{crt,pem}', 'custom.secret'] } } }\n```\n\n**Reproduction**\n1. `curl -s http://20.12.242.81:5173/@fs//`\n - Descriptive error page reveals absolute filesystem path to project root\n2. `curl -s http://20.12.242.81:5173/@fs/C:/Users/darbonzo/Desktop/vite-project/vite.config.js`\n - Discoverable configuration file reveals locations of secrets\n3. `curl -s http://20.12.242.81:5173/@fs/C:/Users/darbonzo/Desktop/vite-project/custom.sEcReT`\n - Secrets are directly accessible using case-augmented version of filename\n\n**Proof**\n![Screenshot 2024-01-19 022736](https://user-images.githubusercontent.com/907968/298020728-3a8d3c06-fcfd-4009-9182-e842f66a6ea5.png)\n\n### Impact\n**Who**\n- Users with exposed dev servers on environments with case-insensitive filesystems\n\n**What**\n- Files protected by `server.fs.deny` are both discoverable, and accessible",
"published_at": "2024-01-19T21:58:47Z",
"updated_at": "2026-02-04T04:17:01.410592Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-34092",
"https://nvd.nist.gov/vuln/detail/CVE-2024-23331",
"https://github.com/vitejs/vite/commit/0cd769c279724cf27934b1270fbdd45d68217691",
"https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
"https://github.com/vitejs/vite/commit/a26c87d20f9af306b5ce3ff1648be7fa5146c278",
"https://github.com/vitejs/vite/commit/eeec23bbc9d476c54a3a6d36e78455867185a7cb",
"https://github.com/vitejs/vite",
"https://vitejs.dev/config/server-options.html#server-fs-deny"
],
"aliases": [
"CVE-2024-23331",
"GHSA-c24v-8rfc-w8vw"
],
"cve_ids": [
"CVE-2024-23331"
],
"ghsa_ids": [
"GHSA-c24v-8rfc-w8vw"
],
"osv_ids": [
"GHSA-c24v-8rfc-w8vw"
],
"affected_versions": [
"introduced=2.7.0, fixed<2.9.17",
"introduced=3.0.0, fixed<3.2.8",
"introduced=4.0.0, fixed<4.5.2",
"introduced=5.0.0, fixed<5.0.12"
],
"fixed_versions": [
"2.9.17",
"3.2.8",
"4.5.2",
"5.0.12"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

73
08-threat-intel/registry/advisories/vite--CVE-2024-45811.json 普通文件
查看文件

@@ -0,0 +1,73 @@
{
"canonical_id": "vite--CVE-2024-45811",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`",
"summary": "### Summary\nThe contents of arbitrary files can be returned to the browser.\n\n### Details\n`@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists.\n\n### PoC\n```sh\n$ npm create vite@latest\n$ cd vite-project/\n$ npm install\n$ npm run dev\n\n$ echo \"top secret content\" > /tmp/secret.txt\n\n# expected behaviour\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt\"\n\n <body>\n <h1>403 Restricted</h1>\n <p>The request url &quot;/tmp/secret.txt&quot; is outside of Vite serving allow list.\n\n# security bypassed\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt?import&raw\"\nexport default \"top secret content\\n\"\n//# sourceMappingURL=data:application/json;base64,eyJ2...\n```\n\n",
"published_at": "2024-09-17T18:44:12Z",
"updated_at": "2026-02-04T04:05:31.919291Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
"https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
"https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
"https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
"https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
"https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
"https://github.com/vitejs/vite"
],
"aliases": [
"CVE-2024-45811",
"GHSA-9cwx-2883-4wfx"
],
"cve_ids": [
"CVE-2024-45811"
],
"ghsa_ids": [
"GHSA-9cwx-2883-4wfx"
],
"osv_ids": [
"GHSA-9cwx-2883-4wfx"
],
"affected_versions": [
"introduced=5.4.0, fixed<5.4.6",
"introduced=5.3.0, fixed<5.3.6",
"introduced=5.2.0, fixed<5.2.14",
"introduced=4.0.0, fixed<4.5.4",
"introduced=0, fixed<3.2.11",
"introduced=5.0.0, fixed<5.1.8"
],
"fixed_versions": [
"5.4.6",
"5.3.6",
"5.2.14",
"4.5.4",
"3.2.11",
"5.1.8"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

79
08-threat-intel/registry/advisories/vite--CVE-2024-45812.json 普通文件
查看文件

文件差异因一行或多行过长而隐藏

65
08-threat-intel/registry/advisories/vite--CVE-2025-24010.json 普通文件
查看文件

文件差异因一行或多行过长而隐藏

71
08-threat-intel/registry/advisories/vite--CVE-2025-30208.json 普通文件
查看文件

@@ -0,0 +1,71 @@
{
"canonical_id": "vite--CVE-2025-30208",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite bypasses server.fs.deny when using ?raw??",
"summary": "### Summary\nThe contents of arbitrary files can be returned to the browser.\n\n### Impact\nOnly apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\n\n### Details\n`@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes.\n\n### PoC\n```bash\n$ npm create vite@latest\n$ cd vite-project/\n$ npm install\n$ npm run dev\n\n$ echo \"top secret content\" > /tmp/secret.txt\n\n# expected behaviour\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt\"\n\n <body>\n <h1>403 Restricted</h1>\n <p>The request url &quot;/tmp/secret.txt&quot; is outside of Vite serving allow list.\n\n# security bypassed\n$ curl \"http://localhost:5173/@fs/tmp/secret.txt?import&raw??\"\nexport default \"top secret content\\n\"\n//# sourceMappingURL=data:application/json;base64,eyJ2...\n```",
"published_at": "2025-03-25T14:00:02Z",
"updated_at": "2026-02-04T03:13:24.371631Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-30208",
"https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4",
"https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c",
"https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41",
"https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca",
"https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1",
"https://github.com/vitejs/vite"
],
"aliases": [
"CVE-2025-30208",
"GHSA-x574-m823-4x7w"
],
"cve_ids": [
"CVE-2025-30208"
],
"ghsa_ids": [
"GHSA-x574-m823-4x7w"
],
"osv_ids": [
"GHSA-x574-m823-4x7w"
],
"affected_versions": [
"introduced=6.2.0, fixed<6.2.3",
"introduced=6.1.0, fixed<6.1.2",
"introduced=6.0.0, fixed<6.0.12",
"introduced=5.0.0, fixed<5.4.15",
"introduced=0, fixed<4.5.10"
],
"fixed_versions": [
"6.2.3",
"6.1.2",
"6.0.12",
"5.4.15",
"4.5.10"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

68
08-threat-intel/registry/advisories/vite--CVE-2025-31125.json 普通文件
查看文件

@@ -0,0 +1,68 @@
{
"canonical_id": "vite--CVE-2025-31125",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query",
"summary": "### Summary\n\nThe contents of arbitrary files can be returned to the browser.\n\n### Impact\nOnly apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\n\n### Details\n\n- base64 encoded content of non-allowed files is exposed using `?inline&import` (originally reported as `?import&?inline=1.wasm?init`)\n- content of non-allowed files is exposed using `?raw?import`\n\n`/@fs/` isn't needed to reproduce the issue for files inside the project root.\n\n### PoC\n\nOriginal report (check details above for simplified cases):\n\nThe ?import&?inline=1.wasm?init ending allows attackers to read arbitrary files and returns the file content if it exists. Base64 decoding needs to be performed twice\n```\n$ npm create vite@latest\n$ cd vite-project/\n$ npm install\n$ npm run dev\n```\n\nExample full URL `http://localhost:5173/@fs/C:/windows/win.ini?import&?inline=1.wasm?init`",
"published_at": "2025-03-31T17:31:54Z",
"updated_at": "2026-02-04T04:37:24.129476Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-31125",
"https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949",
"https://github.com/vitejs/vite",
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125"
],
"aliases": [
"CVE-2025-31125",
"GHSA-4r4m-qw57-chr8"
],
"cve_ids": [
"CVE-2025-31125"
],
"ghsa_ids": [
"GHSA-4r4m-qw57-chr8"
],
"osv_ids": [
"GHSA-4r4m-qw57-chr8"
],
"affected_versions": [
"introduced=6.2.0, fixed<6.2.4",
"introduced=6.1.0, fixed<6.1.3",
"introduced=6.0.0, fixed<6.0.13",
"introduced=5.0.0, fixed<5.4.16",
"introduced=0, fixed<4.5.11"
],
"fixed_versions": [
"6.2.4",
"6.1.3",
"6.0.13",
"5.4.16",
"4.5.11"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

69
08-threat-intel/registry/advisories/vite--CVE-2025-31486.json 普通文件
查看文件

@@ -0,0 +1,69 @@
{
"canonical_id": "vite--CVE-2025-31486",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite allows server.fs.deny to be bypassed with .svg or relative paths",
"summary": "### Summary\n\nThe contents of arbitrary files can be returned to the browser.\n\n### Impact\n\nOnly apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\n\n### Details\n\n#### `.svg`\n\nRequests ending with `.svg` are loaded at this line.\nhttps://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290\nBy adding `?.svg` with `?.wasm?init` or with `sec-fetch-dest: script` header, the restriction was able to bypass.\n\nThis bypass is only possible if the file is smaller than [`build.assetsInlineLimit`](https://vite.dev/config/build-options.html#build-assetsinlinelimit) (default: 4kB) and when using Vite 6.0+.\n\n#### relative paths\n\nThe check was applied before the id normalization. This allowed requests to bypass with relative paths (e.g. `../../`).\n\n### PoC\n\n```bash\nnpm create vite@latest\ncd vite-project/\nnpm install\nnpm run dev\n```\n\nsend request to read `etc/passwd`\n\n```bash\ncurl 'http://127.0.0.1:5173/etc/passwd?.svg?.wasm?init'\n```\n\n```bash\ncurl 'http://127.0.0.1:5173/@fs/x/x/x/vite-project/?/../../../../../etc/passwd?import&?raw'\n```",
"published_at": "2025-04-04T14:20:05Z",
"updated_at": "2026-02-04T03:51:38.412061Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-31486",
"https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647",
"https://github.com/vitejs/vite",
"https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290"
],
"aliases": [
"CVE-2025-31486",
"GHSA-xcj6-pq6g-qj4x"
],
"cve_ids": [
"CVE-2025-31486"
],
"ghsa_ids": [
"GHSA-xcj6-pq6g-qj4x"
],
"osv_ids": [
"GHSA-xcj6-pq6g-qj4x"
],
"affected_versions": [
"introduced=6.2.0, fixed<6.2.5",
"introduced=6.1.0, fixed<6.1.4",
"introduced=6.0.0, fixed<6.0.14",
"introduced=5.0.0, fixed<5.4.17",
"introduced=0, fixed<4.5.12"
],
"fixed_versions": [
"6.2.5",
"6.1.4",
"6.0.14",
"5.4.17",
"4.5.12"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

67
08-threat-intel/registry/advisories/vite--CVE-2025-32395.json 普通文件
查看文件

@@ -0,0 +1,67 @@
{
"canonical_id": "vite--CVE-2025-32395",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite has an `server.fs.deny` bypass with an invalid `request-target`",
"summary": "### Summary\nThe contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun.\n\n### Impact\nOnly apps with the following conditions are affected.\n\n- explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host))\n- running the Vite dev server on runtimes that are not Deno (e.g. Node, Bun)\n\n### Details\n\n[HTTP 1.1 spec (RFC 9112) does not allow `#` in `request-target`](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2). Although an attacker can send such a request. For those requests with an invalid `request-line` (it includes `request-target`), the spec [recommends to reject them with 400 or 301](https://datatracker.ietf.org/doc/html/rfc9112#section-3.2-4). The same can be said for HTTP 2 ([ref1](https://datatracker.ietf.org/doc/html/rfc9113#section-8.3.1-2.4.1), [ref2](https://datatracker.ietf.org/doc/html/rfc9113#section-8.3.1-3), [ref3](https://datatracker.ietf.org/doc/html/rfc9113#section-8.1.1-3)).\n\nOn Node and Bun, those requests are not rejected internally and is passed to the user land. For those requests, the value of [`http.IncomingMessage.url`](https://nodejs.org/docs/latest-v22.x/api/http.html#messageurl) contains `#`. Vite assumed `req.url` won't contain `#` when checking `server.fs.deny`, allowing those kinds of requests to bypass the check.\n\nOn Deno, those requests are not rejected internally and is passed to the user land as well. But for those requests, the value of `http.IncomingMessage.url` did not contain `#`. \n\n### PoC\n```\nnpm create vite@latest\ncd vite-project/\nnpm install\nnpm run dev\n```\nsend request to read `/etc/passwd`\n```\ncurl --request-target /@fs/Users/doggy/Desktop/vite-project/#/../../../../../etc/passwd http://127.0.0.1:5173\n```",
"published_at": "2025-04-11T14:06:03Z",
"updated_at": "2026-02-04T04:11:44.900383Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-32395",
"https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70",
"https://github.com/vitejs/vite"
],
"aliases": [
"CVE-2025-32395",
"GHSA-356w-63v5-8wf4"
],
"cve_ids": [
"CVE-2025-32395"
],
"ghsa_ids": [
"GHSA-356w-63v5-8wf4"
],
"osv_ids": [
"GHSA-356w-63v5-8wf4"
],
"affected_versions": [
"introduced=6.2.0, fixed<6.2.6",
"introduced=6.1.0, fixed<6.1.5",
"introduced=6.0.0, fixed<6.0.15",
"introduced=5.0.0, fixed<5.4.18",
"introduced=0, fixed<4.5.13"
],
"fixed_versions": [
"6.2.6",
"6.1.5",
"6.0.15",
"5.4.18",
"4.5.13"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

67
08-threat-intel/registry/advisories/vite--CVE-2025-46565.json 普通文件
查看文件

@@ -0,0 +1,67 @@
{
"canonical_id": "vite--CVE-2025-46565",
"system_id": "vite",
"display_name": "Vite",
"category": "frameworks",
"advisory_mode": "core",
"title": "Vite's server.fs.deny bypassed with /. for files under project root",
"summary": "### Summary\nThe contents of files in [the project `root`](https://vite.dev/config/shared-options.html#root) that are denied by a file matching pattern can be returned to the browser.\n\n### Impact\n\nOnly apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\nOnly files that are under [project `root`](https://vite.dev/config/shared-options.html#root) and are denied by a file matching pattern can be bypassed.\n\n- Examples of file matching patterns: `.env`, `.env.*`, `*.{crt,pem}`, `**/.env`\n- Examples of other patterns: `**/.git/**`, `.git/**`, `.git/**/*`\n\n### Details\n[`server.fs.deny`](https://vite.dev/config/server-options.html#server-fs-deny) can contain patterns matching against files (by default it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns).\nThese patterns were able to bypass for files under `root` by using a combination of slash and dot (`/.`).\n\n### PoC\n```\nnpm create vite@latest\ncd vite-project/\ncat \"secret\" > .env\nnpm install\nnpm run dev\ncurl --request-target /.env/. http://localhost:5173\n```\n\n![image](https://github.com/user-attachments/assets/822f4416-aa42-461f-8c95-a88d155e674b)\n![image](https://github.com/user-attachments/assets/42902144-863a-4afb-ac5b-fc16effa37cc)",
"published_at": "2025-04-30T17:40:27Z",
"updated_at": "2026-02-04T03:27:17.681639Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-46565",
"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb",
"https://github.com/vitejs/vite"
],
"aliases": [
"CVE-2025-46565",
"GHSA-859w-5945-r5v3"
],
"cve_ids": [
"CVE-2025-46565"
],
"ghsa_ids": [
"GHSA-859w-5945-r5v3"
],
"osv_ids": [
"GHSA-859w-5945-r5v3"
],
"affected_versions": [
"introduced=6.3.0, fixed<6.3.4",
"introduced=6.2.0, fixed<6.2.7",
"introduced=6.0.0, fixed<6.1.6",
"introduced=5.0.0, fixed<5.4.19",
"introduced=0, fixed<4.5.14"
],
"fixed_versions": [
"6.3.4",
"6.2.7",
"6.1.6",
"5.4.19",
"4.5.14"
],
"package_name": "vite",
"render_markdown": true,
"case_path": "07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md",
"secure_code_topics": [
"dependency-upgrade-policy",
"file-upload-validation",
"proxy-trust-boundary"
],
"status": "generated",
"triage_reasons": [],
"metadata": {
"source_names": [
"OSV Vite"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 1
}
}

69
08-threat-intel/registry/advisories/vite--CVE-2025-58751.json 普通文件
查看文件

文件差异因一行或多行过长而隐藏

某些文件未显示,因为此 diff 中更改的文件太多 显示更多