更新: 331 个文件 - 2026-04-02 03:15:10
这个提交包含在:
hao
@@ -4,7 +4,7 @@ system_id: "nextjs"
|
||||
category: "frameworks"
|
||||
advisory_mode: "core"
|
||||
published_date: "2026-01-28T15:20:55Z"
|
||||
updated_date: "2026-02-06T13:13:43.709252Z"
|
||||
updated_date: "2026-04-01T17:31:03.347234Z"
|
||||
severity: "low"
|
||||
exploit_status: "unknown"
|
||||
source_confidence: "official"
|
||||
@@ -23,11 +23,25 @@ aliases:
|
||||
- "CVE-2025-59472"
|
||||
- "GHSA-5f7q-jpqc-wp7h"
|
||||
affected_versions:
|
||||
- "introduced=15.0.0-canary.0, fixed<15.6.0-canary.61"
|
||||
- "introduced=16.0.0-beta.0, fixed<16.1.5"
|
||||
- "introduced=15.0.0-canary.0"
|
||||
- "introduced=15.0.1-canary.0"
|
||||
- "introduced=15.0.2-canary.0"
|
||||
- "introduced=15.0.3-canary.0"
|
||||
- "introduced=15.0.4-canary.0"
|
||||
- "introduced=15.1.1-canary.0"
|
||||
- "introduced=15.2.0-canary.0"
|
||||
- "introduced=15.2.1-canary.0"
|
||||
- "introduced=15.2.2-canary.0"
|
||||
- "introduced=15.3.0-canary.0"
|
||||
- "introduced=15.3.1-canary.0"
|
||||
- "introduced=15.4.0-canary.0"
|
||||
- "introduced=15.4.2-canary.0"
|
||||
- "introduced=15.5.1-canary.0"
|
||||
- "introduced=15.6.0-canary.0, fixed<15.6.0-canary.61"
|
||||
fixed_versions:
|
||||
- "15.6.0-canary.61"
|
||||
- "16.1.5"
|
||||
- "15.6.0-canary.61"
|
||||
entity_refs:
|
||||
- "nextjs:system:root-system"
|
||||
- "nextjs--project--next:project:affected-component"
|
||||
@@ -56,8 +70,8 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q
|
||||
- 严重度: `low`
|
||||
- 来源置信度: `official`
|
||||
- 官方主源: https://github.com/vercel/next.js/security/advisories/GHSA-5f7q-jpqc-wp7h
|
||||
- 影响版本: `introduced=15.0.0-canary.0, fixed<15.6.0-canary.61, introduced=16.0.0-beta.0, fixed<16.1.5`
|
||||
- 修复版本: `15.6.0-canary.61, 16.1.5`
|
||||
- 影响版本: `introduced=16.0.0-beta.0, fixed<16.1.5, introduced=15.0.0-canary.0, introduced=15.0.1-canary.0, introduced=15.0.2-canary.0, introduced=15.0.3-canary.0, introduced=15.0.4-canary.0, introduced=15.1.1-canary.0, introduced=15.2.0-canary.0, introduced=15.2.1-canary.0, introduced=15.2.2-canary.0`
|
||||
- 修复版本: `16.1.5, 15.6.0-canary.61`
|
||||
|
||||
## 对象与版本映射
|
||||
|
||||
@@ -110,7 +124,7 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q
|
||||
|
||||
### 补丁验证步骤
|
||||
|
||||
- 确认目标版本从 `introduced=15.0.0-canary.0, fixed<15.6.0-canary.61, introduced=16.0.0-beta.0, fixed<16.1.5` 升级或回移到 `15.6.0-canary.61`。
|
||||
- 确认目标版本从 `introduced=16.0.0-beta.0, fixed<16.1.5, introduced=15.0.0-canary.0, introduced=15.0.1-canary.0` 升级或回移到 `16.1.5`。
|
||||
- 保留同一组受控输入,在修复前后分别执行并比对响应、日志与浏览器证据。
|
||||
- 确认修复后仅保留预期业务行为,不再触发越权、回显、异常渲染或错误请求。
|
||||
- 补充 `proxy-boundary` 族自动化回归,避免同类路径在插件、主题或代理链中回归。
|
||||
|
||||
在新工单中引用
屏蔽一个用户