hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

比较提交

基准分支: hao:87008d1bd50de2cc386b9a03c3212acfd906f9c1
分支列表 Git 标签列表
hao:main hao:codex/intel-20260317-000751
...
比较: hao:96b5353a910929c07f1e9747fd7bd9704751e883
分支列表 Git 标签列表
hao:codex/intel-20260317-000751 hao:main

3 次代码提交
87008d1bd5 ... 96b5353a91

作者 SHA1 备注 提交日期
hao
96b5353a91 更新: 2423 个文件 - 2026-03-18 14:23:01 2026-03-18 14:23:01 -07:00
hao
9a5f48cdf7 Refresh rendered dashboard snapshots 2026-03-18 14:18:50 -07:00
hao
00d828d090 Expand intel coverage and refresh monitoring 2026-03-18 14:18:09 -07:00
修改 3658 个文件,包含 123157 行新增14385 行删除
展开所有文件 折叠所有文件

2
07-framework-security/cms/directus/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

4
07-framework-security/cms/discourse/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -26,7 +26,9 @@
- `official` [Discourse Meta Security](https://meta.discourse.org/c/bug/security/40) (mode=core)
- `official` [Discourse Release Notes RSS](https://meta.discourse.org/tag/release-notes.rss) (mode=core)
- `official` [Discourse Security RSS](https://meta.discourse.org/tag/security.rss) (mode=core)
- `official` [GitHub Discourse Advisories](https://github.com/advisories) (ecosystem=rubygems; mode=core)
- `ecosystem-authority` [OSV Discourse](https://osv.dev/) (mode=core)
## 案例列表

77
07-framework-security/cms/drupal/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `drupal`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `70`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-18T18:33:21+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -33,73 +33,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Sep 2023 16:23:05 +0000` | - |
| Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:29:59 +0000` | - |
| Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:27:28 +0000` | - |
| Drupal core - Less critical - Gadget chain - SA-CORE-2024-006 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:25:47 +0000` | - |
| Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:24:02 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:21:58 +0000` | - |
| Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:20:16 +0000` | - |
| Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Mar 2025 18:54:35 +0000` | - |
| Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Feb 2025 17:03:28 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Feb 2025 16:58:10 +0000` | - |
| Drupal core - Critical - Cross site scripting - SA-CORE-2025-001 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Feb 2025 16:49:28 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Apr 2023 17:06:18 +0000` | - |
| Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 17 Jan 2024 17:04:39 +0000` | - |
| Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 16 Oct 2024 16:27:27 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 15 Mar 2023 16:26:24 +0000` | - |
| Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 15 Mar 2023 16:24:29 +0000` | - |
| Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 20:16:22 +0000` | - |
| Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 20:16:21 +0000` | - |
| Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 18:34:02 +0000` | - |
| Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 18:33:05 +0000` | - |
| CVE-2007-0505 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0506 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0136 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0124 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6646 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6647 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6528 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6529 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6530 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6531 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6386 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5608 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5475 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5476 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5477 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-4947 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4949 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4821 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4717 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4646 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4355 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4356 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4360 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4120 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4107 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4108 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4109 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4002 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3570 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3473 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2831 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2832 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2833 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2742 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2743 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2260 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1225 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1226 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1227 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1228 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0070 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3973 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3974 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3975 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2498 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1921 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2106 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1871 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0682 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-1806 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

4
07-framework-security/cms/ghost/INDEX.md
查看文件

@@ -4,7 +4,7 @@
- 系统 ID: `ghost`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

2
07-framework-security/cms/ghost/README.md
查看文件

@@ -3,7 +3,7 @@
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
- 分类: `cms`
- 覆盖层级: `rolling-24m`
- 覆盖层级: `history-full`
- Advisory 模式: core
- 输出目录: `07-framework-security/cms/ghost`
- 修复主题: authz-server-side-recheck, xss-output-encoding, token-cookie-storage

107
07-framework-security/cms/joomla/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `joomla`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `100`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,103 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2006-4553 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4556 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4466 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4468 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4469 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4470 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4471 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4472 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4473 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4474 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4475 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4476 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4378 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4348 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4320 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4282 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4263 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4269 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4242 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4229 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4129 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4130 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4074 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3990 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3995 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3969 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3970 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3773 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3774 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3750 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3530 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3480 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3481 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2960 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2815 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1956 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1957 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1047 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1048 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1049 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1027 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1028 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1029 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1030 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0303 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0114 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4650 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3771 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3772 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3773 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| API Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Joomla! Framework | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20260101] - Core - Inadequate content filtering for data URLs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Joomla Home | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tracker | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Project Roadmap | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer Network | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20250902] - Core - User-Enumeration in passkey authentication method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer Network™ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Forum | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| What is Joomla? | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sponsor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Community Portal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User Groups | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contribute | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Framework | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CMS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The Joomla Foundation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20250901] - Core - Inadequate content filtering within the checkAttribute filter code | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Trademark & Licensing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Site Showcase | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Languages | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Benefits & Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Service Providers Directory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Announcements | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issue Tracker | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Downloads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Project & Leadership | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Extensions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Centre | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RSS reader. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Certification | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Blogs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Shop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get a domain | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Volunteers Portal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Magazine | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vulnerable Extensions List | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get a free site | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Training | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Joomla! Security Centre | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

3
07-framework-security/cms/mediawiki/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -25,6 +25,7 @@
## 来源
- `official` [MediaWiki Security Releases](https://www.mediawiki.org/wiki/Security) (mode=core)
- `official` [MediaWiki Announce RSS](https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/feed/) (mode=core)
- `official` [NVD MediaWiki](https://nvd.nist.gov/vuln/search) (keyword=MediaWiki; mode=core)
## 案例列表

2
07-framework-security/cms/moodle/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

2
07-framework-security/cms/strapi/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:29+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

147
07-framework-security/cms/wordpress/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `wordpress`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `140`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `140`
- 最近渲染时间: `2026-03-18T18:33:15+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -35,143 +35,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2007-1893 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1894 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1732 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1622 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1599 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1409 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1277 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1244 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1230 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1049 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0539 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0540 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0541 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0262 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0233 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0106 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0107 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0109 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6863 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6808 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6016 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6017 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5705 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-4743 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4208 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4028 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3389 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3390 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2702 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2667 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1796 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1263 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1012 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0985 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0986 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0733 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4463 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3330 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2612 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1921 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2107 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2108 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2109 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2110 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1810 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1687 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1688 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1102 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1559 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1584 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| Interviews | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Forums | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Swag Store ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Booster for WooCommerce < 7.11.3 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Blocks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wicked Folders <= 4.1.0 Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Manage subscriptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How to Install WPScan | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Stats WordPress stats | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Modern Events Calendar <= 7.29.0 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Gutenberg ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Showcase | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WordPress.org | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Education | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Education | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Subscriptions for WooCommerce <= 1.9.2 Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Submit vulnerabilities | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| CLI scanner | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Patterns | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Design | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Writeprint Stylometry <= 0.1 Reflected Cross-Site Scripting via 'p' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Hosting | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CLI Scanner | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| General | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WowStore <= 4.4.3 WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Disclosure policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Five for the Future | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Unpatched Vulnerability in TI WooCommerce Wishlist Plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Jannah <= 7.6.3 Local File Inclusion vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Month in WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report this content | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Contextual Related Posts < 4.2.2 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Log in now. | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Awards | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All Posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Enterprise | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WordPress.tv ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CR]Paid Link Manager <= 0.5 Reflected Cross-Site Scripting vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WP User Frontend <= 4.2.8 Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Duplicate Post <= 4.5 Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Pricing | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Object Injection vulnerability fixed in SEOPress 7.9 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Unauthorized Plugin Installation/Activation in Hunk Companion | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| View site in Reader | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Unauthenticated Privilege Escalation in Profile-Builder plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| New Malware Campaign Targets WP-Automatic Plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| NEX-Forms <= 9.1.9 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Make WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Photo Directory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| NEX-Forms <= 9.1.9 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Job Board ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Thim Elementor Kit <= 1.3.7 Missing Authorization to Unauthenticated Private Course Disclosure vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Meta | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Our Stats | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Managed VDP New | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Community | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vulnerability statistics | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Whitepaper 2026 New | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WP EasyPay <= 4.2.11 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Master Addons for Elementor <= 2.1.3 Cross Site Scripting (XSS) vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WP Go Maps <= 10.0.05 Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WordPress plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Software vendors | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Enterprise Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| LearnPress &#8211; Sepay Payment <= 4.0.0 Broken Authentication vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| The 10 Best Vulnerability Scanners for Effective Web Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Flexmls® IDX <= 3.15.9 Reflected Cross Site Scripting (XSS) vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Learn WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Royal Elementor Addons <= 1.7.1049 WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

88
07-framework-security/ecommerce/adobe-commerce/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `adobe-commerce`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `81`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `81`
- 最近渲染时间: `2026-03-18T18:33:36+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -34,84 +34,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2024-20759 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-11T15:59:16.957` | - |
| CVE-2024-20758 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-16T14:53:40.187` | - |
| CVE-2024-20720 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:53:01.000` | - |
| CVE-2024-20719 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:53:00.843` | - |
| CVE-2024-20718 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:53:00.647` | - |
| CVE-2024-20717 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:52:59.233` | - |
| CVE-2024-20716 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:52:59.103` | - |
| CVE-2023-38251 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:11.070` | - |
| CVE-2023-38250 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:10.920` | - |
| CVE-2023-38249 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:10.773` | - |
| CVE-2023-38221 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:07.010` | - |
| CVE-2023-38220 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:06.863` | - |
| CVE-2023-38219 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:06.720` | - |
| CVE-2023-38218 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:06.583` | - |
| CVE-2023-26367 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:51:12.530` | - |
| CVE-2023-26366 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:51:12.390` | - |
| CVE-2022-24093 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:49:47.413` | - |
| CVE-2023-38209 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:05.447` | - |
| CVE-2023-38208 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:05.317` | - |
| CVE-2023-38207 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:05.193` | - |
| CVE-2023-29297 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:49.170` | - |
| CVE-2023-29296 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:49.063` | - |
| CVE-2023-29295 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.960` | - |
| CVE-2023-29294 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.850` | - |
| CVE-2023-29293 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.747` | - |
| CVE-2023-29292 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.640` | - |
| CVE-2023-29291 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.530` | - |
| CVE-2023-29290 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.423` | - |
| CVE-2023-29289 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.313` | - |
| CVE-2023-29288 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.197` | - |
| CVE-2023-29287 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.080` | - |
| CVE-2023-22248 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:23.877` | - |
| CVE-2023-22251 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:24.210` | - |
| CVE-2023-22250 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:24.110` | - |
| CVE-2023-22249 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:24.003` | - |
| CVE-2023-22247 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:23.737` | - |
| CVE-2022-42344 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:24:47.620` | - |
| CVE-2022-35698 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:11:30.073` | - |
| CVE-2022-35689 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:11:28.990` | - |
| CVE-2022-35692 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:11:29.357` | - |
| CVE-2022-34259 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:10.063` | - |
| CVE-2022-34258 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.953` | - |
| CVE-2022-34257 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.827` | - |
| CVE-2022-34256 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.690` | - |
| CVE-2022-34255 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.567` | - |
| CVE-2022-34254 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.437` | - |
| CVE-2022-34253 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.320` | - |
| CVE-2022-24086 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-10-23T14:51:16.013` | - |
| CVE-2021-39864 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:20:25.057` | - |
| CVE-2021-36035 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:12:59.820` | - |
| APSB26-05  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-86  Securityupdates availablefor Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-22  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-41  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-61  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-88 : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-38  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-42  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-30  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-26  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Back to top | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-73  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-17  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-18  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-50  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-35  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-71  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-12  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-08  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-40  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-90 : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-08  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-94  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-48 : Security updates available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-02  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-59  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-13  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-64  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-50 : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-03  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-47  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

111
07-framework-security/ecommerce/magento-open-source/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `magento-open-source`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `101`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `101`
- 最近渲染时间: `2026-03-18T18:33:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,107 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2019-7885 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.997` | - |
| CVE-2019-7882 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.893` | - |
| CVE-2019-7881 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.783` | - |
| CVE-2019-7880 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.670` | - |
| CVE-2019-7877 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.560` | - |
| CVE-2019-7876 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.450` | - |
| CVE-2019-7875 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.337` | - |
| CVE-2019-7874 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.227` | - |
| CVE-2019-7873 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.113` | - |
| CVE-2019-7872 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.003` | - |
| CVE-2019-7871 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.883` | - |
| CVE-2019-7869 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.650` | - |
| CVE-2019-7868 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.527` | - |
| CVE-2019-7867 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.407` | - |
| CVE-2019-7866 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.287` | - |
| CVE-2019-7865 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.163` | - |
| CVE-2019-7864 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.043` | - |
| CVE-2019-7863 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.933` | - |
| CVE-2019-7862 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.820` | - |
| CVE-2019-7861 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.697` | - |
| CVE-2019-7860 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.580` | - |
| CVE-2019-7859 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.463` | - |
| CVE-2019-7858 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.343` | - |
| CVE-2019-7857 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.230` | - |
| CVE-2019-7855 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.113` | - |
| CVE-2019-7854 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.000` | - |
| CVE-2019-7853 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.883` | - |
| CVE-2019-7852 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.770` | - |
| CVE-2019-7851 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.660` | - |
| CVE-2019-7849 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.440` | - |
| CVE-2019-7139 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:47:38.667` | - |
| CVE-2018-5301 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:08:32.663` | - |
| CVE-2016-10704 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2015-8707 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2014-9758 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2017-13761 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-6485 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-4010 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-2212 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2012-3243 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-3458 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-3457 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-1399 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-1398 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-1397 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-2068 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-2067 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-8770 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2011-5240 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2009-0541 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| Surge in Magento 2 template attacks 2022-09-22 The critical template vulnerability in Magento 2 (CVE-2022-24086) is gaining popularity among eCommerce cyber criminals. The majority of recent Sansec forensic cases concern this attack method. In this article we share our findings of 3 template hacks, and hope it will help you if you are confron... skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| MagentoCore group hacks 7,339 stores and counting 2018-08-30 A single group is responsible for planting skimmers on 7339 individual stores in the last 6 months. The MagentoCore skimmer is now the most successful to date. Update 2018-09-07: Because Google Chrome has added the campaign to its blocklist last Saturday, the skimmers are now rapidly replacing &q... skimming MagentoCore skimmer | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Competing digital skimmers sabotage each other 2018-11-20 Skimmers found to subtly sabotage each others fraud operations. Competition is grim in the online skimming business (aka "MageCart"). The aggressive MagentoCore skimmer was previously observed to kick contending parasites from its victim hosts. But this week, we discovered that the bat... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Case Study: How eCommerce Hackers Silently Steal Credit Card Data 2021-05-03 The majority of online stores have never been hacked and, as a result, take a somewhat lax approach to cybersecurity. However, no less than 20% of all online stores get hacked every year, which means it might only be a matter of time until yours becomes the next victim. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento wish list exploit bypasses WAF protection 2023-12-18 Found your Magento 2 store hacked recently? Chances are, that attackers injected a malicious wish list. Just before Christmas? Oh the irony. skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento Security Release APSB25-08 [Impact Analysis] 2025-02-12 Critical (CVSS 9.4) release enables attackers to take control of customer accounts. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Bad extensions now main source of Magento hacks: a solution! 2019-01-29 In October last year I discovered several Magento extension 0days. As it turns out, this was only the tip of the iceberg: today, insecure 3rd party extensions are used to hack into thousands of stores. A group of Magento professionals have identified 63 vulnerable extensions, and are now releasin... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento and the Log4j vulnerability 2021-12-13 Updated Dec 20th. This article describes how Magento is affected by the critical log4j vulnerability, and what you can (and should) do to prevent a hack. A critical vulnerability in the popular Log4j Java library has been massively exploited since December 1st. It exposes full control to a remote... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Persistent Magento backdoor hidden in XML 2024-04-04 Does your Interceptor.php keep getting infected? Attackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly crafted layout template in the database, which was used to automatically inject malware. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Persistent parasite in EOL Magento 2 2020-12-02 Over the last months, hackers have quietly added a subtle security flaw to over 50 large online stores, only to exploit them right before Black Friday, Sansec research shows. The flaw's presence would ensure future access for the attackers, even if their primary operation was blown. Sansec has be... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Magento security extentions vendor got hacked 2019-10-07 The store of a US Magento extension vendor was found compromised. Attackers had write access to the server selling extensions. We are awaiting a statement on the integrity of downloaded software. Our malware crawlers detected a compromise of Extendware, a vendor of Magento extensions such as &quo... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento PolyShell: unrestricted file upload in Magento and Adobe Commerce 2026-03-17 A new vulnerability in the Magento and Adobe Commerce REST API allows attackers to upload executable files to any store. Adobe fixed the issue in a pre-release version but has not backported the patch. Many stores run web server configurations that enable either remote code execution (RCE) or acc... skimming magento adobe-commerce rce +3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| magento2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vendors defeat Magento security patch (+ simple check) 2023-01-17 Magento and Adobe Commerce stores around the world have been hammered with Trojan Order attacks this winter. And even if you have patched or installed Adobe’s 2.4.4 release, you may still be vulnerable. Sansec discovered that several vendors and agencies are actively bypassing this security fix, ... skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Warning: fake Magento patch 9789 contains virus 2017-04-21 Update May 21st: a similar phishing mail circulates about a fake patch SUPEE-1798. Update Apr 22nd: added reference to Neutrino Bot and POS systems This week a mail was sent out to announce the new Magento patch SUPEE-9789. It is fake and it contains malware. There is no patch 9789. The message... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| An OpenCart/Magento hacking dashboard 2017-04-07 This post shows how sophisticated Magento hacking operations have become nowadays. While investigating a bruteforced Magento store, we noticed that the hacker logged in using a curious referrer site: "GET /rss/catalog/notifystock/ HTTP/1.1" 200 5676 "http://194.87.232.147:777/"... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Pull requests
804 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SessionReaper attacks have started, 3 in 5 stores still vulnerable 2025-10-22 Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. Sansec Shield blocked dozens of attacks today. With only 38% of stores patched and exploit details now public, mass abuse will follow in the coming hours. skimming CVE-2025-54236 magento adobe-commerce +6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Claude finds 353 zero-days on Packagist 2026-01-22 We built an AI-powered security pipeline to audit popular ecommerce extensions on Packagist. The vulnerabilities we found range from password leaks to full remote code execution. skimming magento adobe-commerce supply-chain +1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CosmicSting attack threatens 75% of Adobe Commerce stores 2024-06-18 One week after the release of a critical security fix, just a quarter of all Adobe Commerce and Magento stores has been patched. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236) 2025-09-08 SessionReaper (CVE-2025-54236) is a critical bug in Magento & Adobe Commerce. The bug may hand full control of a store to unauthenticated attackers. Automated attacks have hit over 50% of all stores globally. Merchants should act immediately. skimming CVE-2025-54236 magento adobe-commerce +5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| CosmicSting attack & defense overview 2024-09-16 CosmicSting (aka CVE-2024-34102) is the worst bug to hit Magento and Adobe Commerce stores in two years. Sansec observes that stores are getting hacked at a rate of 5 to 30 per hour. Merchants need to implement these counter measures as soon as possible. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns 2024-10-01 Cybercriminals have hacked 5% of all Adobe Commerce and Magento stores this summer. Among the victims are large international brands. Seven distinct groups are using CosmicSting attacks to plant malicious code on victim stores. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Adobe patches critical Magento admin takeover via menu injection 2025-06-12 A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Fake Klaviyo accounts added to Magento 2022-12-21 Are your Magento admin accounts legitimate? Chances are, that a klaviyo_support_XXXX account was added this week. Best to quickly remove it and read this article. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Do these two things to keep your Magento 1 store running after June 2020-05-28 Over a 100 thousands Magento 1 stores will be running after Adobe terminates support in June (end-of-life). Many merchants need more time to transition to Magento 2 or another platform. No need to panic, your store will not suddenly crash on July 1st. But you should make two important arrangement... skimming magento 1 deadline | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Extortion of Magento merchants 2022-11-07 Sansec has received reports of criminals trying to extort Magento merchants with the message below. As long as the sender does not produce evidence, they almost certainly did not steal your sensitive data. Ignoring them is best. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Critical Magento 2 flaw exploited within 16 hours 2019-05-10 The number of hacked Magento 2 stores spiked in the last four weeks, after a critical security flaw was discovered in March and criminals stole admin passwords within 16 hours. Merchants are advised to implement emergency measures, even if they had already patched. Update June 12th: While there w... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| A Magento breach analysis: part 1 2017-04-12 Part of a series where Magento security professionals share their case notes, so that we can ultimately distill a set of best practices, tools and workflow. Part of the job of running the MageReport service is that I get to investigate tons of hacked stores. About 50-200 new stores get hacked pe... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Cardbleed: 3% of Magento install base hacked 2020-09-14 Update Sept 18: Cardbleed has infected 2806 Magento1 stores so far (3% of total install base) Over the weekend, almost two thousand Magento 1 stores across the world have been hacked in the largest documented campaign to date. It was a typical Magecart attack: injected malicious code would inter... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Issues
1.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Adobe Commerce merchants to be hit with TrojanOrders this season 2022-11-15 At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November. skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Magento 2 critical vulnerability (CVE-2022-24086 & CVE-2022-24087) 2022-02-14 Adobe has released two emergency patches for a critical vulnerability in Magento 2. You need to apply both patches, in order. The vulnerability allows unauthenticated remote code execution (RCE), which is the worst possible type. Actual abuse has already been reported. To illustrate the severity,... skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| ConnectPOS leaked Github secrets for years 2026-01-12 Sansec discovered that ConnectPOS has been showing their Github credentials on their site for 4 years. This would enable attackers to slip malicious code into each of the thousands of ConnectPOS retail installations. Sansec recommends to verify integrity of installed code. skimming supply-chain magento connectpos +2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Visbot malware found on 6691 stores [analysis] 2016-12-01 Visbot is one of the oldest Magecart payment skimmers: it steals customer data and credit cards. The first case was documented as early as March 2015. But being publicly discussed did not stop it from spreading. We conducted a global research into 300.000 Magento stores and found active Visbot i... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento vendor Fishpig hacked, backdoors added 2022-09-13 Fishpig, a vendor of popular Magento-Wordpress integrations, has been hacked. Sansec found that attackers have injected malware in Fishpig software and taken control of Fishpig servers. Online stores running Fishpig software may now have the "Rekoobe" malware installed on their servers,... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| PHP tool 'Adminer' leaks passwords 2019-01-17 Update 2019-01-20: the root cause is a protocol flaw in MySQL. Adminer is a popular PHP tool to administer MySQL and PostgreSQL databases. However, it can be lured to disclose arbitrary files. Attackers can abuse that to fetch passwords for popular apps such as Magento and Wordpress, and gain con... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| NaturalFreshMall: a Magento Mass Hack 2022-02-08 An investigative report by Sansec researchers on how one vulnerable Magento extension leads to a mass web store attack, with Magecart attackers using naturalfreshmall.com to hide and serve malware to 500+ ecommerce websites. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Hackers breached Magento through helpdesk 2017-12-28 Magento merchants have recently received messages like this: Hey, I strongly recommend you to make a redesign! Please contact me if you need a good designer! -- knockers@yahoo.com Upon closer examination, the message contains a specially crafted sender that contains an XSS attack: an attempt to... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Is your store’s newsletter being used for phishing? 2023-11-10 Cybercriminals in eCommerce are diversifying their targets, now aiming at entire customer databases instead of just stealing credit cards. A recent incident revealed this trend: a hacked Magento admin account was exploited to launch a phishing campaign through the platform's newsletter system, re... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Will Magento 1 stay PCI compliant? 2020-05-08 Magento 1 will no longer receive official updates & security fixes per July 1st, 2020 (the end-of-life, or EOL date). Merchants are urged to upgrade to Magento 2, but for many stores this deadline is not feasible. Merchants want to know: Will my Magento 1 store still be secure after July 1st... skimming magento 1 pci | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

2
07-framework-security/ecommerce/medusa/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:19+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

110
07-framework-security/ecommerce/opencart/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `opencart`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `100`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-18T18:34:19+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,106 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2025-1749 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:49:23.300` | - |
| CVE-2025-1748 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:47:43.517` | - |
| CVE-2025-1747 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:47:20.830` | - |
| CVE-2025-1746 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:47:12.877` | - |
| CVE-2025-1117 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-08T13:15:07.843` | - |
| CVE-2025-1116 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-08T12:15:39.660` | - |
| CVE-2025-0974 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-03T02:15:26.433` | - |
| CVE-2025-0841 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-29T21:15:20.973` | - |
| CVE-2025-0580 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-20T03:15:08.540` | - |
| CVE-2025-0579 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-20T03:15:08.353` | - |
| CVE-2025-0460 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T16:15:34.800` | - |
| CVE-2025-22335 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-07T16:15:42.703` | - |
| CVE-2025-0214 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-04T17:15:07.507` | - |
| CVE-2024-36694 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-22T15:36:02.527` | - |
| CVE-2024-51835 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-19T21:56:45.533` | - |
| CVE-2024-21519 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:54:36.377` | - |
| CVE-2024-21518 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:54:36.223` | - |
| CVE-2024-21517 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T17:15:16.380` | - |
| CVE-2024-21516 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T17:15:15.903` | - |
| CVE-2024-21515 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T17:15:15.357` | - |
| CVE-2024-21514 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:54:35.600` | - |
| CVE-2023-47444 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:30:17.177` | - |
| CVE-2023-2315 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:58:22.310` | - |
| CVE-2023-40834 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:20:11.673` | - |
| CVE-2020-20491 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-12-10T20:15:07.187` | - |
| CVE-2021-37823 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-05T14:15:21.957` | - |
| CVE-2022-41403 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-15T19:15:54.980` | - |
| CVE-2013-1891 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:50:35.890` | - |
| CVE-2022-24108 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:49:49.213` | - |
| CVE-2020-29471 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:24:03.283` | - |
| CVE-2020-29470 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:24:03.120` | - |
| CVE-2020-28838 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:23:10.513` | - |
| CVE-2020-15478 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:05:35.830` | - |
| CVE-2020-13980 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:17.100` | - |
| CVE-2020-10596 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:55:40.073` | - |
| CVE-2019-15081 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:28:00.747` | - |
| CVE-2018-1000640 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:40:18.203` | - |
| CVE-2018-13067 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:46:20.270` | - |
| CVE-2018-11495 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:29.193` | - |
| CVE-2018-11494 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:29.020` | - |
| CVE-2018-11231 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:42:57.327` | - |
| CVE-2014-3990 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:09:17.240` | - |
| CVE-2016-10509 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2015-4671 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2011-3763 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-1610 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-0956 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2009-1621 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-1027 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-3130 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14937 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.0.5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| opencart | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14933 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.0.5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14961 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Latest | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14936 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tags | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14943 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15029 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15012 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14874 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14929 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15010 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14941 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14940 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14938 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14980 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15011 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14879 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14875 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| /pull/14942 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14877 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14928 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
27 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14955 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14930 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14931 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14932 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14934 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14979 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15034 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| opencart | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14939 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14956 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| bf120c7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14935 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14916 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
112 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

2
07-framework-security/ecommerce/openmage/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:33:45+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

127
07-framework-security/ecommerce/prestashop/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `prestashop`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `112`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `112`
- 最近渲染时间: `2026-03-18T18:34:04+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -33,123 +33,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2020-5294 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:51.140` | - |
| CVE-2020-5273 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:48.777` | - |
| CVE-2020-5266 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:47.980` | - |
| CVE-2020-5277 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:49.217` | - |
| CVE-2020-5250 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:45.950` | - |
| CVE-2013-6295 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:58:57.763` | - |
| CVE-2013-4792 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:56:25.330` | - |
| CVE-2013-4791 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:56:25.180` | - |
| CVE-2012-2517 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:39:10.433` | - |
| CVE-2013-6358 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:59:04.000` | - |
| CVE-2020-6632 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:36:04.413` | - |
| CVE-2019-19595 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:35:01.013` | - |
| CVE-2019-19594 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:35:00.853` | - |
| CVE-2019-15565 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:29:01.730` | - |
| CVE-2019-13461 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:24:56.967` | - |
| CVE-2019-11876 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:21:56.310` | - |
| CVE-2018-20717 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:01.370` | - |
| CVE-2018-19355 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:47.527` | - |
| CVE-2018-19126 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:22.610` | - |
| CVE-2018-19125 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:22.450` | - |
| CVE-2018-19124 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:22.300` | - |
| CVE-2018-13784 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:47:58.403` | - |
| CVE-2018-8824 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:23.640` | - |
| CVE-2018-10942 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:42:21.540` | - |
| CVE-2018-8823 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:23.493` | - |
| CVE-2018-7491 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:12:14.077` | - |
| CVE-2018-5682 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:09:09.393` | - |
| CVE-2018-5681 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:09:09.263` | - |
| CVE-2015-1175 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-2009 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-2008 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2012-6641 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2012-5801 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-5800 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-5799 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-4545 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-4544 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-3796 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2008-6503 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5791 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download sources (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-6648] Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → Discover the PrestaShop example modules repository A hands-on library of working code examples to help you understand how PrestaShop module development really works. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Support (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Latest Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS can be stored in DB from "add a message form" in order detail page (FO) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → PrestaShop Core Monthly - January 2026 9.1 Beta opens for feedback, Developer Conference videos go live, and big features take shape | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2025-51586] User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → PrestaShop 8.2.4 is available Security improvements for branch 8.2.x | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → Hummingbird v2: Architecture, Best Practices, and Contribution Guide A developer-oriented foundation for modern and scalable PrestaShop themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| its members and contributors | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2025-61922] Customer account takeover via email in PrestaShop Checkout module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Contributor's Guide | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Path disclosure in JavaScript variable | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SQL injection possible in search product in BO | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → Join us at the inaugural Ecommerce Open Source Summit (EO2S) in Paris Organized by Friends of Presta, EO2S brings together the open source ecommerce community on March 26, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join Slack
Community
(external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| path traversal: file deletion | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → PrestaShop Core Monthly - February 2026 New releases, Hummingbird v2, B2B foundations, and a one-page checkout on the horizon | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Core Monthly | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer
Documentation (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → Cleaning up old branches: a routine maintenance for a healthier repository We are removing old branches from our repository | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Some attribute not escaped in Validate::isCleanHTML method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
305 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Top Contributors
(external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contact us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Start Developing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-36682] Exposure of Private Personal Information to an Unauthorized Actor in Promokit.eu - Theme settings module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| [CVE-2025-69633] Improper neutralization of SQL parameters in Advanced Popup Creator module from Idnovate for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → PrestaShop 9.1 RC1 is open for testing! The first Release Candidate of PrestaShop 9.1 is here. Help us validate it before the final release. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Time based enumeration in FO login form | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Live Updates | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-34989] Improper neutralization of SQL parameter in RSI PDF/HTML catalog evolution (prestapdf) module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| New possible XSS injection through Validate::isCleanHTML method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Top Translators (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2023-45256] Improper neutralization of SQL parameters in Monetico Paiement module from EuroInformation for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Anonymous customer can download other customers's invoices | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop 8.x | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop 9.x | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → AI-Powered API Hackathon: 14+ Endpoints in a Single Day How PrestaShop teams used Claude Code to accelerate Admin API contributions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-36683] Improper neutralization of SQL parameter in Smart Modules - Products Alert module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Email enumeration | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How-to Guides | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub Discussions (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-41670] Improperly Implemented Security Check for Standard in PayPal Official for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → PrestaShop Developer Conference 2025 Filmed Sessions - Community and Security Friends of Presta, Cybersecurity and Ecommerce Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| YouTube
Channel (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Development Tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
53 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Useful Tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS via customer contact form in FO, through file upload | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

2
07-framework-security/ecommerce/saleor/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:19+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

81
07-framework-security/ecommerce/shopware/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `shopware`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `71`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `71`
- 最近渲染时间: `2026-03-18T18:34:10+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,77 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2023-22730 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:45:18.660` | - |
| CVE-2022-36102 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:12:23.590` | - |
| CVE-2022-36101 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:12:23.440` | - |
| CVE-2022-31148 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:03:59.930` | - |
| CVE-2022-31057 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:03:48.270` | - |
| CVE-2022-24892 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:20.243` | - |
| CVE-2022-24879 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:18.403` | - |
| CVE-2022-24873 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:17.737` | - |
| CVE-2022-24872 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:17.607` | - |
| CVE-2022-24871 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:17.483` | - |
| CVE-2022-24956 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:27.467` | - |
| CVE-2022-24748 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.577` | - |
| CVE-2022-24747 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.453` | - |
| CVE-2022-24746 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.337` | - |
| CVE-2022-24745 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.213` | - |
| CVE-2022-24744 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.097` | - |
| CVE-2022-21652 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:45:09.557` | - |
| CVE-2022-21651 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:45:09.420` | - |
| CVE-2021-41188 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:25:43.210` | - |
| CVE-2021-37710 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.890` | - |
| CVE-2021-37709 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.713` | - |
| CVE-2021-37708 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.560` | - |
| CVE-2021-37707 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.410` | - |
| CVE-2021-32717 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:35.447` | - |
| CVE-2021-32716 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:35.340` | - |
| CVE-2021-32713 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:35.013` | - |
| CVE-2021-32712 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.910` | - |
| CVE-2021-32711 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.803` | - |
| CVE-2021-32710 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.690` | - |
| CVE-2021-32709 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.577` | - |
| CVE-2020-28199 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:22:27.980` | - |
| CVE-2020-13997 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:18.893` | - |
| CVE-2020-13971 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:16.100` | - |
| CVE-2020-13970 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:15.970` | - |
| CVE-2019-12935 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:23:51.287` | - |
| CVE-2019-12799 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:23:36.247` | - |
| CVE-2018-20713 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:00.820` | - |
| CVE-2017-18357 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:19:55.227` | - |
| CVE-2017-15374 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-3109 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
186 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
1.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `/api/_info/config` route exposes information about licenses | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Reflected XSS in Storefront Login Page | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `/api/_info/config` route exposes information about active security fixes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| shopware | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper Control of Generation of Code in Twig rendered views | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User enumeration via distinct error codes on Store API login endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthenticated data extraction possible through store-api.order endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Reflective Cross Site-Scripting (XSS) in CMS components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| shopware | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
68 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Password recovery link does not expire after email change | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Path traversal via Plugin upload | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Potential take over of app credentials | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

121
07-framework-security/ecommerce/woocommerce/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `woocommerce`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `111`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `111`
- 最近渲染时间: `2026-03-18T18:33:54+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -34,117 +34,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2019-18834 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:33:40.530` | - |
| CVE-2019-20891 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:39:37.827` | - |
| CVE-2020-11727 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:58:29.603` | - |
| CVE-2020-8819 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:39:30.133` | - |
| CVE-2014-4558 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:10:26.603` | - |
| CVE-2019-18668 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:33:29.677` | - |
| CVE-2019-14979 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:48.810` | - |
| CVE-2019-14978 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:48.663` | - |
| CVE-2017-18592 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:20:28.627` | - |
| CVE-2016-10935 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:45:06.817` | - |
| CVE-2019-15092 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:28:02.440` | - |
| CVE-2016-10923 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:45:05.073` | - |
| CVE-2016-10922 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:45:04.920` | - |
| CVE-2018-20966 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:35.007` | - |
| CVE-2019-14948 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:44.950` | - |
| CVE-2017-18506 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:20:16.597` | - |
| CVE-2019-14796 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:22.400` | - |
| CVE-2019-14774 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:19.310` | - |
| CVE-2019-1010124 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:17:58.953` | - |
| CVE-2019-5979 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:45:50.723` | - |
| CVE-2019-11807 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:21:48.027` | - |
| CVE-2019-7441 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:14.587` | - |
| CVE-2019-9168 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:51:07.733` | - |
| CVE-2018-20782 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:09.783` | - |
| CVE-2018-20714 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:00.963` | - |
| CVE-2017-18356 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:19:55.073` | - |
| CVE-2018-11525 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:32.763` | - |
| CVE-2018-11486 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:27.857` | - |
| CVE-2018-11485 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:27.710` | - |
| CVE-2018-11579 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:39.363` | - |
| CVE-2018-8711 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:10.983` | - |
| CVE-2018-8710 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:10.840` | - |
| CVE-2015-2329 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:27:13.723` | - |
| CVE-2018-5316 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:08:34.753` | - |
| CVE-2017-17058 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-10112 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-5065 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-2069 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-6313 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-4549 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| woocommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Second parameter of woocommerce_get_breadcrumb may be null for Core Breadcrumbs block in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HPOS sync on read to be disabled by default in WooCommerce 10.7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join the Community Slack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Booster for WooCommerce < 7.11.3 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WooCommerce 10.6.1: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Call for Testing: WooCommerce Order Fulfillments | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join us for our “Building Ecommerce Community” Live Event | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.6: What’s coming for developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Subscriptions for WooCommerce <= 1.9.2 Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| AI & Agentic Commerce in WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contribute to WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How AI and Automation are Improving the Woo Release Process | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Blind SQL Injection possible via Authenticated Web-hook Search API Endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.4.3: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Become a Woo agency partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5: What’s coming for developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce Meetups | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Product images are now lazy-loaded by default in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WowStore <= 4.4.3 WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Release Calendar | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improving WooCommerce Performance at Scale | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5 Release is Delayed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Changelog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contact Us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.6: Enhanced blocks and a faster dashboard | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.6k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| What we’re doing to get the Woo Block Theme ready for you | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get started | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Call for testing: Experimental REST API Caching in WooCommerce 10.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Experimental Product Object Caching in WooCommerce 10.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Become a Marketplace partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stay updated | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Restricting per_page for Product and ProductReview Store API Requests in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| March Office Hours: Testing, testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5.3: Dot release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| woocommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Roadmap Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Mailchimp API Maintenance on February 28, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Community Forum | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS Vulnerability in WooCommerce checkout & registration forms | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5.1: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Call for Testing: WooCommerce MCP Beta | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
368 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5: Improving analytics and admin performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Store API Vulnerability Patched in WooCommerce 5.4+ – What You Need To Know | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Release Posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Status | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| See all Developer Advisories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| See all posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5.2: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Understanding the Interactivity API-driven future for WooCommerce Blocks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WooCommerce Block Theme: An update on our strategy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join the Woo community on Slack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Release downloads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

2
07-framework-security/frameworks/angular/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

119
07-framework-security/frameworks/angular/cases/angular-cve-2026-27970.md 普通文件
查看文件

@@ -0,0 +1,119 @@
---
title: "Angular i18n vulnerable to Cross-Site Scripting"
system_id: "angular"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-02-27T18:33:16Z"
updated_date: "2026-02-28T06:24:33.665085Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2026-27970"
- "GHSA-prjf-86w9-mfqv"
affected_versions:
- "introduced=21.2.0-next.0, fixed<21.2.0"
- "introduced=21.0.0-next.0, fixed<21.1.6"
- "introduced=20.0.0-next.0, fixed<20.3.17"
- "introduced=19.0.0-next.0, fixed<19.2.19"
- "introduced=0, last_affected=18.2.14"
fixed_versions:
- "21.2.0"
- "21.1.6"
- "20.3.17"
- "19.2.19"
secure_code_topics:
- "xss-output-encoding"
- "template-injection-guard"
- "csp-trusted-types"
- "token-cookie-storage"
primary_source: "https://github.com/angular/angular/security/advisories/GHSA-prjf-86w9-mfqv"
---
# Angular i18n vulnerable to Cross-Site Scripting
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `angular--CVE-2026-27970`
- 系统: `angular`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/angular/angular/security/advisories/GHSA-prjf-86w9-mfqv
- 影响版本: `introduced=21.2.0-next.0, fixed<21.2.0, introduced=21.0.0-next.0, fixed<21.1.6, introduced=20.0.0-next.0, fixed<20.3.17, introduced=19.0.0-next.0, fixed<19.2.19, introduced=0, last_affected=18.2.14`
- 修复版本: `21.2.0, 21.1.6, 20.3.17, 19.2.19`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-27970
- https://github.com/angular/angular/pull/67183
- https://github.com/angular/angular/commit/306f367899dfc2e04238fecd3455547b5d54075d
- https://github.com/angular/angular/commit/7d58b798c626bb0e4e5f89ca8affdce4f352b232
- https://github.com/angular/angular/commit/b85830953281ff3a1a77bbfe69019d352d509c93
- https://angular.dev/best-practices/security#enforcing-trusted-types
- https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP
- https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XSS
- https://github.com/angular/angular
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:template-injection-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/template-injection-guard.md)
- [nodejs:template-injection-guard](/Users/x/websafe/05-defense/secure-code/nodejs/template-injection-guard.md)
- [java:template-injection-guard](/Users/x/websafe/05-defense/secure-code/java/template-injection-guard.md)
- [php:template-injection-guard](/Users/x/websafe/05-defense/secure-code/php/template-injection-guard.md)
- [python:template-injection-guard](/Users/x/websafe/05-defense/secure-code/python/template-injection-guard.md)
- [ruby:template-injection-guard](/Users/x/websafe/05-defense/secure-code/ruby/template-injection-guard.md)
- [csharp:template-injection-guard](/Users/x/websafe/05-defense/secure-code/csharp/template-injection-guard.md)
- [go:template-injection-guard](/Users/x/websafe/05-defense/secure-code/go/template-injection-guard.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

117
07-framework-security/frameworks/angular/cases/angular-cve-2026-32635.md 普通文件
查看文件

@@ -0,0 +1,117 @@
---
title: "Angular vulnerable to XSS in i18n attribute bindings"
system_id: "angular"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-13T20:56:18Z"
updated_date: "2026-03-17T01:31:35.828211Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2026-32635"
- "GHSA-g93w-mfhg-p222"
affected_versions:
- "introduced=22.0.0-next.0, fixed<22.0.0-next.3"
- "introduced=21.0.0-next.0, fixed<21.2.4"
- "introduced=20.0.0-next.0.0.0, fixed<20.3.18"
- "introduced=19.0.0-next.0, fixed<19.2.20"
- "introduced=17.0.0-next.0, last_affected=18.2.14"
fixed_versions:
- "22.0.0-next.3"
- "21.2.4"
- "20.3.18"
- "19.2.20"
secure_code_topics:
- "xss-output-encoding"
- "template-injection-guard"
- "csp-trusted-types"
- "token-cookie-storage"
primary_source: "https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222"
---
# Angular vulnerable to XSS in i18n attribute bindings
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `angular--CVE-2026-32635`
- 系统: `angular`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222
- 影响版本: `introduced=22.0.0-next.0, fixed<22.0.0-next.3, introduced=21.0.0-next.0, fixed<21.2.4, introduced=20.0.0-next.0.0.0, fixed<20.3.18, introduced=19.0.0-next.0, fixed<19.2.20, introduced=17.0.0-next.0, last_affected=18.2.14`
- 修复版本: `22.0.0-next.3, 21.2.4, 20.3.18, 19.2.20`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-32635
- https://github.com/angular/angular/pull/67541
- https://github.com/angular/angular/pull/67561
- https://github.com/angular/angular/commit/224e60ecb1b90115baa702f1c06edc1d64d86187
- https://github.com/angular/angular/commit/78dea55351fb305b33a919c43a6b363137eca166
- https://github.com/angular/angular/commit/8630319f74c9575a21693d875cc7d5252516146d
- https://github.com/angular/angular/commit/ed2d324f9cc12aab6cfa0569ef10b73243a62c65
- https://github.com/angular/angular
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:template-injection-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/template-injection-guard.md)
- [nodejs:template-injection-guard](/Users/x/websafe/05-defense/secure-code/nodejs/template-injection-guard.md)
- [java:template-injection-guard](/Users/x/websafe/05-defense/secure-code/java/template-injection-guard.md)
- [php:template-injection-guard](/Users/x/websafe/05-defense/secure-code/php/template-injection-guard.md)
- [python:template-injection-guard](/Users/x/websafe/05-defense/secure-code/python/template-injection-guard.md)
- [ruby:template-injection-guard](/Users/x/websafe/05-defense/secure-code/ruby/template-injection-guard.md)
- [csharp:template-injection-guard](/Users/x/websafe/05-defense/secure-code/csharp/template-injection-guard.md)
- [go:template-injection-guard](/Users/x/websafe/05-defense/secure-code/go/template-injection-guard.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

2
07-framework-security/frameworks/aspnet-core/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

2
07-framework-security/frameworks/astro/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

124
07-framework-security/frameworks/astro/cases/astro-cve-2024-47885.md 普通文件
查看文件

@@ -0,0 +1,124 @@
---
title: "DOM Clobbering Gadget found in astro's client-side router that leads to XSS"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2024-10-14T20:02:21Z"
updated_date: "2025-11-27T08:16:37.087731Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2024-47885"
- "GHSA-m85w-3h95-hcf9"
affected_versions:
- "introduced=3.0.0, fixed<4.16.1"
fixed_versions:
- "4.16.1"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "xss-output-encoding"
- "dom-sink-hardening"
- "plugin-extension-trust-policy"
- "dependency-upgrade-policy"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-m85w-3h95-hcf9"
---
# DOM Clobbering Gadget found in astro's client-side router that leads to XSS
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2024-47885`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-m85w-3h95-hcf9
- 影响版本: `introduced=3.0.0, fixed<4.16.1`
- 修复版本: `4.16.1`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2024-47885
- https://github.com/withastro/astro/commit/a4ffbfaa5cb460c12bd486fd75e36147f51d3e5e
- https://github.com/withastro/astro
- https://github.com/withastro/astro/blob/7814a6cad15f06931f963580176d9b38aa7819f2/packages/astro/src/transitions/router.ts#L135-L156
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dom-sink-hardening.md)
- [nodejs:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/nodejs/dom-sink-hardening.md)
- [java:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/java/dom-sink-hardening.md)
- [php:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/php/dom-sink-hardening.md)
- [python:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/python/dom-sink-hardening.md)
- [ruby:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/ruby/dom-sink-hardening.md)
- [csharp:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/csharp/dom-sink-hardening.md)
- [go:dom-sink-hardening](/Users/x/websafe/05-defense/secure-code/go/dom-sink-hardening.md)
- [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
- [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
- [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
- [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
- [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
- [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
- [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
- [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

116
07-framework-security/frameworks/astro/cases/astro-cve-2024-56140.md 普通文件
查看文件

@@ -0,0 +1,116 @@
---
title: "Atro CSRF Middleware Bypass (security.checkOrigin)"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2024-12-18T15:02:37Z"
updated_date: "2025-11-27T08:18:05.038082Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2024-56140"
- "GHSA-c4pw-33h3-35xw"
affected_versions:
- "introduced=0, fixed<4.16.17"
fixed_versions:
- "4.16.17"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "token-cookie-storage"
- "dependency-upgrade-policy"
- "proxy-trust-boundary"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-c4pw-33h3-35xw"
---
# Atro CSRF Middleware Bypass (security.checkOrigin)
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2024-56140`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-c4pw-33h3-35xw
- 影响版本: `introduced=0, fixed<4.16.17`
- 修复版本: `4.16.17`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2024-56140
- https://github.com/withastro/astro/commit/e7d14c374b9d45e27089994a4eb72186d05514de
- https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests
- https://github.com/withastro/astro
- https://github.com/withastro/astro/blob/6031962ab5f56457de986eb82bd24807e926ba1b/packages/astro/src/core/app/middlewares.ts
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

102
07-framework-security/frameworks/astro/cases/astro-cve-2024-56159.md 普通文件
查看文件

@@ -0,0 +1,102 @@
---
title: "Astro's server source code is exposed to the public if sourcemaps are enabled"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2024-12-19T15:12:33Z"
updated_date: "2025-11-27T08:18:38.026555Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2024-56159"
- "GHSA-49w6-73cw-chjr"
affected_versions:
- "introduced=5.0.0-alpha.0, fixed<5.0.8"
- "introduced=0, fixed<4.16.18"
fixed_versions:
- "5.0.8"
- "4.16.18"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "dependency-upgrade-policy"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-49w6-73cw-chjr"
---
# Astro's server source code is exposed to the public if sourcemaps are enabled
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2024-56159`
- 系统: `astro`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-49w6-73cw-chjr
- 影响版本: `introduced=5.0.0-alpha.0, fixed<5.0.8, introduced=0, fixed<4.16.18`
- 修复版本: `5.0.8, 4.16.18`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2024-56159
- https://github.com/withastro/astro/issues/12703
- https://github.com/withastro/astro/commit/039d022b1bbaacf9ea83071d27affc5318e0e515
- https://github.com/withastro/astro/commit/c879f501ff01b1a3c577de776a1f7100d78f8dd5
- https://github.com/getsentry/sentry-javascript/blob/develop/packages/astro/src/integration/index.ts#L50
- https://github.com/withastro/astro
- https://github.com/withastro/astro/blob/176fe9f113fd912f9b61e848b00bbcfecd6d5c2c/packages/astro/src/core/build/static-build.ts#L139
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

87
07-framework-security/frameworks/astro/cases/astro-cve-2025-54793.md 普通文件
查看文件

@@ -0,0 +1,87 @@
---
title: "Astros's duplicate trailing slash feature leads to an open redirection security issue"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-08-07T16:41:55Z"
updated_date: "2025-11-27T08:35:13.558198Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-54793"
- "GHSA-cq8c-xv66-36gw"
affected_versions:
- "introduced=5.2.0, fixed<5.12.8"
fixed_versions:
- "5.12.8"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw"
---
# Astros's duplicate trailing slash feature leads to an open redirection security issue
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-54793`
- 系统: `astro`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw
- 影响版本: `introduced=5.2.0, fixed<5.12.8`
- 修复版本: `5.12.8`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-54793
- https://github.com/withastro/astro/commit/0567fb7b50c0c452be387dd7c7264b96bedab48f
- https://github.com/withastro/astro
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)

100
07-framework-security/frameworks/astro/cases/astro-cve-2025-55303.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "Astro allows unauthorized third-party images in _image endpoint"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-08-19T15:40:31Z"
updated_date: "2025-11-27T08:22:36.525875Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-55303"
- "GHSA-xf8x-j4p2-f749"
affected_versions:
- "introduced=5.0.0-alpha.0, fixed<5.13.2"
- "introduced=0, fixed<9.1.1"
- "introduced=0, fixed<4.16.19"
fixed_versions:
- "5.13.2"
- "9.1.1"
- "4.16.19"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "xss-output-encoding"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-xf8x-j4p2-f749"
---
# Astro allows unauthorized third-party images in _image endpoint
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-55303`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-xf8x-j4p2-f749
- 影响版本: `introduced=5.0.0-alpha.0, fixed<5.13.2, introduced=0, fixed<9.1.1, introduced=0, fixed<4.16.19`
- 修复版本: `5.13.2, 9.1.1, 4.16.19`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-55303
- https://github.com/withastro/astro/commit/4d16de7f95db5d1ec1ce88610d2a95e606e83820
- https://github.com/withastro/astro
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)

115
07-framework-security/frameworks/astro/cases/astro-cve-2025-59837.md 普通文件
查看文件

@@ -0,0 +1,115 @@
---
title: "Astro's bypass of image proxy domain validation leads to SSRF and potential XSS"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-10-28T17:45:04Z"
updated_date: "2025-10-29T14:48:45Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-59837"
- "GHSA-qcpr-679q-rhm2"
affected_versions:
- "introduced=5.13.4, fixed<5.13.10"
fixed_versions:
- "5.13.10"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "xss-output-encoding"
- "ssrf-url-validation"
- "proxy-trust-boundary"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-qcpr-679q-rhm2"
---
# Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-59837`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-qcpr-679q-rhm2
- 影响版本: `introduced=5.13.4, fixed<5.13.10`
- 修复版本: `5.13.10`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-59837
- https://github.com/withastro/astro/commit/1e2499e8ea83ebfa233a18a7499e1ccf169e56f4
- https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252
- https://github.com/withastro/astro
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

97
07-framework-security/frameworks/astro/cases/astro-cve-2025-61925.md 普通文件
查看文件

@@ -0,0 +1,97 @@
---
title: "Astro's `X-Forwarded-Host` is reflected without validation"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-10-10T23:41:29Z"
updated_date: "2025-10-11T00:12:31.565977Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-61925"
- "GHSA-5ff5-9fcw-vg88"
affected_versions:
- "introduced=0, fixed<5.14.3"
fixed_versions:
- "5.14.3"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "proxy-trust-boundary"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-5ff5-9fcw-vg88"
---
# Astro's `X-Forwarded-Host` is reflected without validation
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-61925`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-5ff5-9fcw-vg88
- 影响版本: `introduced=0, fixed<5.14.3`
- 修复版本: `5.14.3`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-61925
- https://github.com/withastro/astro/commit/6ee63bfac4856f21b4d4633021b3d2ee059e553f
- https://github.com/Chisnet/minimal_dynamic_astro_server
- https://github.com/withastro/astro
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

134
07-framework-security/frameworks/astro/cases/astro-cve-2025-64525.md 普通文件
查看文件

@@ -0,0 +1,134 @@
---
title: "Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-11-13T22:46:24Z"
updated_date: "2025-11-13T22:46:24Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-64525"
- "GHSA-hr2q-hp5q-x767"
affected_versions:
- "introduced=2.16.0, fixed<5.15.5"
fixed_versions:
- "5.15.5"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "xss-output-encoding"
- "token-cookie-storage"
- "ssrf-url-validation"
- "dependency-upgrade-policy"
- "proxy-trust-boundary"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-hr2q-hp5q-x767"
---
# Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-64525`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-hr2q-hp5q-x767
- 影响版本: `introduced=2.16.0, fixed<5.15.5`
- 修复版本: `5.15.5`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-64525
- https://github.com/withastro/astro/commit/dafbb1ba29912099c4faff1440033edc768af8b4
- https://github.com/withastro/astro
- https://github.com/withastro/astro/blob/970ac0f51172e1e6bff4440516a851e725ac3097/packages/astro/src/core/app/node.ts#L121
- https://github.com/withastro/astro/blob/970ac0f51172e1e6bff4440516a851e725ac3097/packages/astro/src/core/app/node.ts#L97
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

116
07-framework-security/frameworks/astro/cases/astro-cve-2025-64745.md 普通文件
查看文件

@@ -0,0 +1,116 @@
---
title: "Astro development server error page is vulnerable to reflected Cross-site Scripting"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-11-13T22:38:30Z"
updated_date: "2025-11-27T08:22:31.471739Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-64745"
- "GHSA-w2vj-39qv-7vh7"
affected_versions:
- "introduced=5.2.0, fixed<5.15.6"
fixed_versions:
- "5.15.6"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "xss-output-encoding"
- "token-cookie-storage"
- "dependency-upgrade-policy"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-w2vj-39qv-7vh7"
---
# Astro development server error page is vulnerable to reflected Cross-site Scripting
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-64745`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-w2vj-39qv-7vh7
- 影响版本: `introduced=5.2.0, fixed<5.15.6`
- 修复版本: `5.15.6`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-64745
- https://github.com/withastro/astro/pull/12994
- https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91
- https://github.com/withastro/astro
- https://github.com/withastro/astro/blob/5bc37fd5cade62f753aef66efdf40f982379029a/packages/astro/src/template/4xx.ts#L133-L149
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

105
07-framework-security/frameworks/astro/cases/astro-cve-2025-64757.md 普通文件
查看文件

@@ -0,0 +1,105 @@
---
title: "Astro Development Server has Arbitrary Local File Read"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-11-19T19:43:05Z"
updated_date: "2025-11-20T14:43:59.558170Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-64757"
- "GHSA-x3h8-62x9-952g"
affected_versions:
- "introduced=0, fixed<5.14.3"
fixed_versions:
- "5.14.3"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "path-traversal-guard"
- "dependency-upgrade-policy"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-x3h8-62x9-952g"
---
# Astro Development Server has Arbitrary Local File Read
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-64757`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-x3h8-62x9-952g
- 影响版本: `introduced=0, fixed<5.14.3`
- 修复版本: `5.14.3`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-64757
- https://github.com/withastro/astro/commit/b8ca69b97149becefaf89bf21853de9c905cdbb7
- https://github.com/withastro/astro
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

114
07-framework-security/frameworks/astro/cases/astro-cve-2025-64764.md 普通文件
查看文件

@@ -0,0 +1,114 @@
---
title: "Astro vulnerable to reflected XSS via the server islands feature"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-11-19T20:00:14Z"
updated_date: "2025-11-20T14:43:59.624508Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-64764"
- "GHSA-wrwg-2hg8-v723"
affected_versions:
- "introduced=0, fixed<5.15.8"
fixed_versions:
- "5.15.8"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "xss-output-encoding"
- "plugin-extension-trust-policy"
- "dependency-upgrade-policy"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-wrwg-2hg8-v723"
---
# Astro vulnerable to reflected XSS via the server islands feature
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-64764`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-wrwg-2hg8-v723
- 影响版本: `introduced=0, fixed<5.15.8`
- 修复版本: `5.15.8`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-64764
- https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91
- https://github.com/withastro/astro
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
- [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
- [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
- [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
- [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
- [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
- [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
- [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

114
07-framework-security/frameworks/astro/cases/astro-cve-2025-64765.md 普通文件
查看文件

@@ -0,0 +1,114 @@
---
title: "Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-11-19T20:03:21Z"
updated_date: "2026-02-04T03:01:27.986221Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-64765"
- "GHSA-ggxq-hp9w-j794"
affected_versions:
- "introduced=0, fixed<5.15.8"
fixed_versions:
- "5.15.8"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "plugin-extension-trust-policy"
- "dependency-upgrade-policy"
- "proxy-trust-boundary"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794"
---
# Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-64765`
- 系统: `astro`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794
- 影响版本: `introduced=0, fixed<5.15.8`
- 修复版本: `5.15.8`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-64765
- https://github.com/withastro/astro/commit/6f800813516b07bbe12c666a92937525fddb58ce
- https://github.com/withastro/astro
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
- [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
- [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
- [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
- [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
- [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
- [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
- [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

132
07-framework-security/frameworks/astro/cases/astro-cve-2025-65019.md 普通文件
查看文件

@@ -0,0 +1,132 @@
---
title: "Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-11-19T20:09:12Z"
updated_date: "2025-11-27T08:33:26.119485Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-65019"
- "GHSA-fvmw-cj7j-j39q"
affected_versions:
- "introduced=0, fixed<5.15.9"
fixed_versions:
- "5.15.9"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "xss-output-encoding"
- "token-cookie-storage"
- "plugin-extension-trust-policy"
- "dependency-upgrade-policy"
- "proxy-trust-boundary"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-fvmw-cj7j-j39q"
---
# Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-65019`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-fvmw-cj7j-j39q
- 影响版本: `introduced=0, fixed<5.15.9`
- 修复版本: `5.15.9`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-65019
- https://github.com/withastro/astro/commit/9e9c528191b6f5e06db9daf6ad26b8f68016e533
- https://github.com/withastro/astro
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
- [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
- [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
- [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
- [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
- [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
- [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
- [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

98
07-framework-security/frameworks/astro/cases/astro-cve-2025-66202.md 普通文件
查看文件

@@ -0,0 +1,98 @@
---
title: "Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765"
system_id: "astro"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-12-08T16:26:43Z"
updated_date: "2026-02-04T02:27:12.689316Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2025-66202"
- "GHSA-whqg-ppgf-wp8c"
affected_versions:
- "introduced=0, fixed<5.15.8"
fixed_versions:
- "5.15.8"
secure_code_topics:
- "authz-server-side-recheck"
- "csp-trusted-types"
- "proxy-trust-boundary"
primary_source: "https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794"
---
# Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `astro--CVE-2025-66202`
- 系统: `astro`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794
- 影响版本: `introduced=0, fixed<5.15.8`
- 修复版本: `5.15.8`
## 其他来源
- https://github.com/withastro/astro/security/advisories/GHSA-whqg-ppgf-wp8c
- https://nvd.nist.gov/vuln/detail/CVE-2025-64765
- https://nvd.nist.gov/vuln/detail/CVE-2025-66202
- https://github.com/withastro/astro/commit/6f800813516b07bbe12c666a92937525fddb58ce
- https://github.com/withastro/astro
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/javascript-typescript/csp-trusted-types.md)
- [nodejs:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/nodejs/csp-trusted-types.md)
- [java:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/java/csp-trusted-types.md)
- [php:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/php/csp-trusted-types.md)
- [python:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/python/csp-trusted-types.md)
- [ruby:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/ruby/csp-trusted-types.md)
- [csharp:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/csharp/csp-trusted-types.md)
- [go:csp-trusted-types](/Users/x/websafe/05-defense/secure-code/go/csp-trusted-types.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

2
07-framework-security/frameworks/django/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

137
07-framework-security/frameworks/django/cases/django-cve-2019-11358.md 普通文件
查看文件

@@ -0,0 +1,137 @@
---
title: "XSS in jQuery as used in Drupal, Backdrop CMS, and other products"
system_id: "django"
category: "frameworks"
advisory_mode: "core"
published_date: "2019-04-26T16:29:11Z"
updated_date: "2026-03-13T21:56:20.301637Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2019-11358"
- "DRUPAL-CORE-2019-006"
- "GHSA-6c3j-c64m-qhgq"
affected_versions:
- "0.1.1"
- "0.1.2"
- "0.1.3"
- "0.2"
- "0.2.1"
- "0.2.2"
- "0.2.3"
- "0.2.4"
- "0.2.5"
- "0.2.6"
- "0.2.7"
- "1.0"
- "1.0.1"
- "1.0.10"
- "1.0.11"
- "1.0.12"
- "1.0.13"
- "1.0.14"
- "1.0.15"
- "1.0.16"
fixed_versions:
- "3.4.0"
- "4.3.4"
- "2.1.9"
- "2.2.2"
- "1.19.0"
secure_code_topics:
- "xss-output-encoding"
- "path-traversal-guard"
- "file-upload-validation"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
---
# XSS in jQuery as used in Drupal, Backdrop CMS, and other products
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `django--CVE-2019-11358`
- 系统: `django`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2019-11358
- 影响版本: `0.1.1, 0.1.2, 0.1.3, 0.2, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6`
- 修复版本: `3.4.0, 4.3.4, 2.1.9, 2.2.2, 1.19.0`
## 其他来源
- https://github.com/maximebf/php-debugbar/issues/447
- https://github.com/jquery/jquery/pull/4333
- https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc
- https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f
- https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829
- https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad
- https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
- https://seclists.org/bugtraq/2019/Apr/32
- https://seclists.org/bugtraq/2019/Jun/12
- https://seclists.org/bugtraq/2019/May/18
- https://www.tenable.com/security/tns-2020-02
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

120
07-framework-security/frameworks/django/cases/django-cve-2025-14550.md 普通文件
查看文件

@@ -0,0 +1,120 @@
---
title: "Django has Inefficient Algorithmic Complexity"
system_id: "django"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-02-03T15:30:23Z"
updated_date: "2026-02-22T23:41:06.153879Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-django-2025-14550"
- "CVE-2025-14550"
- "GHSA-33mw-q7rj-mjwj"
affected_versions:
- "6.0"
- "6.0.1"
- "6.0a1"
- "6.0b1"
- "6.0rc1"
- "5.2"
- "5.2.1"
- "5.2.10"
- "5.2.2"
- "5.2.3"
- "5.2.4"
- "5.2.5"
- "5.2.6"
- "5.2.7"
- "5.2.8"
- "5.2.9"
- "5.2a1"
- "5.2b1"
- "5.2rc1"
- "4.2"
fixed_versions:
- "6.0.2"
- "5.2.11"
- "4.2.28"
secure_code_topics:
- "xss-output-encoding"
- "path-traversal-guard"
- "file-upload-validation"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2025-14550"
---
# Django has Inefficient Algorithmic Complexity
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `django--CVE-2025-14550`
- 系统: `django`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2025-14550
- 影响版本: `6.0, 6.0.1, 6.0a1, 6.0b1, 6.0rc1, 5.2, 5.2.1, 5.2.10, 5.2.2, 5.2.3`
- 修复版本: `6.0.2, 5.2.11, 4.2.28`
## 其他来源
- https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
- https://docs.djangoproject.com/en/dev/releases/security
- https://github.com/django/django
- https://groups.google.com/g/django-announce
- https://www.djangoproject.com/weblog/2026/feb/03/security-releases
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

120
07-framework-security/frameworks/django/cases/django-cve-2026-1285.md 普通文件
查看文件

@@ -0,0 +1,120 @@
---
title: "Django has Inefficient Algorithmic Complexity"
system_id: "django"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-02-03T15:30:23Z"
updated_date: "2026-02-22T23:26:02.134436Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-django-2026-1285"
- "CVE-2026-1285"
- "GHSA-4rrr-2h4v-f3j9"
affected_versions:
- "6.0"
- "6.0.1"
- "6.0a1"
- "6.0b1"
- "6.0rc1"
- "5.2"
- "5.2.1"
- "5.2.10"
- "5.2.2"
- "5.2.3"
- "5.2.4"
- "5.2.5"
- "5.2.6"
- "5.2.7"
- "5.2.8"
- "5.2.9"
- "5.2a1"
- "5.2b1"
- "5.2rc1"
- "4.2"
fixed_versions:
- "6.0.2"
- "5.2.11"
- "4.2.28"
secure_code_topics:
- "xss-output-encoding"
- "path-traversal-guard"
- "file-upload-validation"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2026-1285"
---
# Django has Inefficient Algorithmic Complexity
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `django--CVE-2026-1285`
- 系统: `django`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2026-1285
- 影响版本: `6.0, 6.0.1, 6.0a1, 6.0b1, 6.0rc1, 5.2, 5.2.1, 5.2.10, 5.2.2, 5.2.3`
- 修复版本: `6.0.2, 5.2.11, 4.2.28`
## 其他来源
- https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
- https://docs.djangoproject.com/en/dev/releases/security
- https://github.com/django/django
- https://groups.google.com/g/django-announce
- https://www.djangoproject.com/weblog/2026/feb/03/security-releases
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

119
07-framework-security/frameworks/django/cases/django-cve-2026-25673.md 普通文件
查看文件

@@ -0,0 +1,119 @@
---
title: "Django vulnerable to Uncontrolled Resource Consumption"
system_id: "django"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-03T15:31:41Z"
updated_date: "2026-03-06T19:44:13.458245Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-django-2026-25673"
- "CVE-2026-25673"
- "GHSA-8p8v-wh79-9r56"
affected_versions:
- "6.0"
- "6.0.1"
- "6.0.2"
- "5.2"
- "5.2.1"
- "5.2.10"
- "5.2.11"
- "5.2.2"
- "5.2.3"
- "5.2.4"
- "5.2.5"
- "5.2.6"
- "5.2.7"
- "5.2.8"
- "5.2.9"
- "4.2"
- "4.2.1"
- "4.2.10"
- "4.2.11"
- "4.2.12"
fixed_versions:
- "6.0.3"
- "5.2.12"
- "4.2.29"
secure_code_topics:
- "xss-output-encoding"
- "path-traversal-guard"
- "file-upload-validation"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2026-25673"
---
# Django vulnerable to Uncontrolled Resource Consumption
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `django--CVE-2026-25673`
- 系统: `django`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2026-25673
- 影响版本: `6.0, 6.0.1, 6.0.2, 5.2, 5.2.1, 5.2.10, 5.2.11, 5.2.2, 5.2.3, 5.2.4`
- 修复版本: `6.0.3, 5.2.12, 4.2.29`
## 其他来源
- https://docs.djangoproject.com/en/dev/releases/security
- https://github.com/django/django
- https://groups.google.com/g/django-announce
- https://www.djangoproject.com/weblog/2026/mar/03/security-releases
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

119
07-framework-security/frameworks/django/cases/django-cve-2026-25674.md 普通文件
查看文件

@@ -0,0 +1,119 @@
---
title: "Django has a Race Condition vulnerability"
system_id: "django"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-03T15:31:41Z"
updated_date: "2026-03-06T19:44:14.996605Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-django-2026-25674"
- "CVE-2026-25674"
- "GHSA-mjgh-79qc-68w3"
affected_versions:
- "6.0"
- "6.0.1"
- "6.0.2"
- "5.2"
- "5.2.1"
- "5.2.10"
- "5.2.11"
- "5.2.2"
- "5.2.3"
- "5.2.4"
- "5.2.5"
- "5.2.6"
- "5.2.7"
- "5.2.8"
- "5.2.9"
- "4.2"
- "4.2.1"
- "4.2.10"
- "4.2.11"
- "4.2.12"
fixed_versions:
- "6.0.3"
- "5.2.12"
- "4.2.29"
secure_code_topics:
- "xss-output-encoding"
- "path-traversal-guard"
- "file-upload-validation"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2026-25674"
---
# Django has a Race Condition vulnerability
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `django--CVE-2026-25674`
- 系统: `django`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2026-25674
- 影响版本: `6.0, 6.0.1, 6.0.2, 5.2, 5.2.1, 5.2.10, 5.2.11, 5.2.2, 5.2.3, 5.2.4`
- 修复版本: `6.0.3, 5.2.12, 4.2.29`
## 其他来源
- https://docs.djangoproject.com/en/dev/releases/security
- https://github.com/django/django
- https://groups.google.com/g/django-announce
- https://www.djangoproject.com/weblog/2026/mar/03/security-releases
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

2
07-framework-security/frameworks/echo/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

95
07-framework-security/frameworks/echo/cases/echo-cve-2020-36565.md 普通文件
查看文件

@@ -0,0 +1,95 @@
---
title: "Directory traversal on Windows in github.com/labstack/echo/v4"
system_id: "echo"
category: "frameworks"
advisory_mode: "core"
published_date: "2021-04-14T20:04:52Z"
updated_date: "2024-05-20T16:03:47Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2020-36565"
- "GHSA-j453-hm5x-c46w"
- "GO-2021-0051"
affected_versions:
- "introduced=0, fixed<4.1.18-0.20201215153152-4422e3b66b9f"
fixed_versions:
- "4.1.18-0.20201215153152-4422e3b66b9f"
secure_code_topics:
- "proxy-trust-boundary"
- "token-cookie-storage"
- "path-traversal-guard"
primary_source: "https://github.com/labstack/echo/pull/1718"
---
# Directory traversal on Windows in github.com/labstack/echo/v4
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `echo--CVE-2020-36565`
- 系统: `echo`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/labstack/echo/pull/1718
- 影响版本: `introduced=0, fixed<4.1.18-0.20201215153152-4422e3b66b9f`
- 修复版本: `4.1.18-0.20201215153152-4422e3b66b9f`
## 其他来源
- https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)

95
07-framework-security/frameworks/echo/cases/echo-cve-2022-40083.md 普通文件
查看文件

@@ -0,0 +1,95 @@
---
title: "Open redirect in github.com/labstack/echo/v4"
system_id: "echo"
category: "frameworks"
advisory_mode: "core"
published_date: "2022-10-11T21:29:24Z"
updated_date: "2024-05-20T16:03:47Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2022-40083"
- "GHSA-crxj-hrmp-4rwf"
- "GO-2022-1031"
affected_versions:
- "introduced=0, fixed<4.9.0"
fixed_versions:
- "4.9.0"
secure_code_topics:
- "proxy-trust-boundary"
- "token-cookie-storage"
- "ssrf-url-validation"
primary_source: "https://github.com/labstack/echo/issues/2259"
---
# Open redirect in github.com/labstack/echo/v4
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `echo--CVE-2022-40083`
- 系统: `echo`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/labstack/echo/issues/2259
- 影响版本: `introduced=0, fixed<4.9.0`
- 修复版本: `4.9.0`
## 其他来源
- https://github.com/labstack/echo/pull/2260
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)

3
07-framework-security/frameworks/esbuild/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -26,6 +26,7 @@
- `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=npm; mode=core)
- `official` [OSV esbuild](https://osv.dev/) (mode=core)
- `ecosystem-authority` [NVD esbuild](https://nvd.nist.gov/vuln/search) (keyword=esbuild; mode=core)
## 案例列表

85
07-framework-security/frameworks/esbuild/cases/esbuild-ghsa-67mh-4wv8-2f99.md 普通文件
查看文件

@@ -0,0 +1,85 @@
---
title: "esbuild enables any website to send any requests to the development server and read the response"
system_id: "esbuild"
category: "frameworks"
advisory_mode: "core"
published_date: "2025-02-10T17:48:07Z"
updated_date: "2026-02-04T02:50:58.022803Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "GHSA-67mh-4wv8-2f99"
affected_versions:
- "introduced=0, fixed<0.25.0"
fixed_versions:
- "0.25.0"
secure_code_topics:
- "dependency-upgrade-policy"
- "file-upload-validation"
primary_source: "https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99"
---
# esbuild enables any website to send any requests to the development server and read the response
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `esbuild--GHSA-67mh-4wv8-2f99`
- 系统: `esbuild`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99
- 影响版本: `introduced=0, fixed<0.25.0`
- 修复版本: `0.25.0`
## 其他来源
- https://github.com/evanw/esbuild/commit/de85afd65edec9ebc44a11e245fd9e9a2e99760d
- https://github.com/evanw/esbuild
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

3
07-framework-security/frameworks/express/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -26,6 +26,7 @@
- `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=npm; mode=core)
- `official` [OSV Express](https://osv.dev/) (mode=core)
- `ecosystem-authority` [NVD Express.js](https://nvd.nist.gov/vuln/search) (keyword=Express.js; mode=core)
## 案例列表

2
07-framework-security/frameworks/fastify/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

109
07-framework-security/frameworks/fastify/cases/fastify-cve-2026-3419.md 普通文件
查看文件

@@ -0,0 +1,109 @@
---
title: "Fastify's Missing End Anchor in 'subtypeNameReg' Allows Malformed Content-Types to Pass Validation"
system_id: "fastify"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-03-05T21:29:54Z"
updated_date: "2026-03-16T03:05:26.332715Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2026-3419"
- "GHSA-573f-x89g-hqp9"
affected_versions:
- "introduced=5.7.2, fixed<5.8.1"
fixed_versions:
- "5.8.1"
secure_code_topics:
- "proxy-trust-boundary"
- "ssrf-url-validation"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9"
---
# Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `fastify--CVE-2026-3419`
- 系统: `fastify`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9
- 影响版本: `introduced=5.7.2, fixed<5.8.1`
- 修复版本: `5.8.1`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-3419
- https://github.com/fastify/fastify/commit/67f6c9b32cb3623d3c9470cc17ed830dd2f083d7
- https://cna.openjsf.org/security-advisories.html
- https://github.com/advisories/GHSA-573f-x89g-hqp9
- https://github.com/fastify/fastify
- https://httpwg.org/specs/rfc9110.html#field.content-type
- https://www.cve.org/CVERecord?id=CVE-2026-3419
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

2
07-framework-security/frameworks/flask/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

125
07-framework-security/frameworks/flask/cases/flask-cve-2026-27205.md 普通文件
查看文件

@@ -0,0 +1,125 @@
---
title: "Flask session does not add `Vary: Cookie` header when accessed in some ways"
system_id: "flask"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-02-19T20:45:41Z"
updated_date: "2026-02-23T23:43:45.778179Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2026-27205"
- "GHSA-68rp-wp8r-4726"
affected_versions:
- "0.1"
- "0.10"
- "0.10.1"
- "0.11"
- "0.11.1"
- "0.12"
- "0.12.1"
- "0.12.2"
- "0.12.3"
- "0.12.4"
- "0.12.5"
- "0.2"
- "0.3"
- "0.3.1"
- "0.4"
- "0.5"
- "0.5.1"
- "0.5.2"
- "0.6"
- "0.6.1"
fixed_versions:
- "3.1.3"
secure_code_topics:
- "xss-output-encoding"
- "ssrf-url-validation"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726"
---
# Flask session does not add `Vary: Cookie` header when accessed in some ways
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `flask--CVE-2026-27205`
- 系统: `flask`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726
- 影响版本: `0.1, 0.10, 0.10.1, 0.11, 0.11.1, 0.12, 0.12.1, 0.12.2, 0.12.3, 0.12.4`
- 修复版本: `3.1.3`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-27205
- https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4
- https://github.com/pallets/flask
- https://github.com/pallets/flask/releases/tag/3.1.3
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

2
07-framework-security/frameworks/gin/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

111
07-framework-security/frameworks/gin/cases/gin-cve-2020-28483.md 普通文件
查看文件

@@ -0,0 +1,111 @@
---
title: "Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin"
system_id: "gin"
category: "frameworks"
advisory_mode: "core"
published_date: "2021-06-23T17:53:21Z"
updated_date: "2026-03-14T10:41:18.820930Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2020-28483"
- "GO-2021-0052"
- "GHSA-h395-qcrw-5vmq"
affected_versions:
- "introduced=0, fixed<1.7.7"
fixed_versions:
- "1.7.7"
secure_code_topics:
- "proxy-trust-boundary"
- "xss-output-encoding"
- "dependency-upgrade-policy"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2020-28483"
---
# Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `gin--CVE-2020-28483`
- 系统: `gin`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2020-28483
- 影响版本: `introduced=0, fixed<1.7.7`
- 修复版本: `1.7.7`
## 其他来源
- https://github.com/gin-gonic/gin/issues/2862
- https://github.com/gin-gonic/gin/issues/2232
- https://github.com/gin-gonic/gin/issues/2473
- https://github.com/gin-gonic/gin/pull/2474
- https://github.com/gin-gonic/gin/pull/2474#23issuecomment-729696437
- https://github.com/gin-gonic/gin/pull/2632
- https://github.com/gin-gonic/gin/pull/2675
- https://github.com/gin-gonic/gin/pull/2844
- https://github.com/gin-gonic/gin/pull/2844/files#diff-e6ce689a25eaef174c2dd51fe869fabbe04a6c6afbd416b23eda138c82e761baR1432
- https://github.com/gin-gonic/gin/commit/03e5e05ae089bc989f1ca41841f05504d29e3fd9
- https://github.com/gin-gonic/gin/commit/5929d521715610c9dd14898ebbe1d188d5de8937
- https://github.com/gin-gonic/gin/commit/bfc8ca285eb46dad60e037d57c545cd260636711
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736
- https://pkg.go.dev/vuln/GO-2021-0052
- https://github.com/gin-gonic/gin/releases/tag/v1.7.7
- https://github.com/gin-gonic/gin/releases/tag/v1.7.0
- https://github.com/gin-gonic/gin
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

4
07-framework-security/frameworks/hapi/INDEX.md
查看文件

@@ -4,7 +4,7 @@
- 系统 ID: `hapi`
- 分类: `frameworks`
- 覆盖策略: `rolling-24m`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

2
07-framework-security/frameworks/hapi/README.md
查看文件

@@ -3,7 +3,7 @@
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
- 分类: `frameworks`
- 覆盖层级: `rolling-24m`
- 覆盖层级: `history-full`
- Advisory 模式: core
- 输出目录: `07-framework-security/frameworks/hapi`
- 修复主题: proxy-trust-boundary, token-cookie-storage

86
07-framework-security/frameworks/hapi/cases/hapi-ghsa-23vw-mhv5-grv5.md 普通文件
查看文件

@@ -0,0 +1,86 @@
---
title: "Denial of Service in @hapi/hapi"
system_id: "hapi"
category: "frameworks"
advisory_mode: "core"
published_date: "2020-09-03T15:48:43Z"
updated_date: "2020-08-31T19:00:56Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "GHSA-23vw-mhv5-grv5"
affected_versions:
- "introduced=0, fixed<18.4.1"
- "introduced=19.0.0, fixed<19.1.1"
fixed_versions:
- "18.4.1"
- "19.1.1"
secure_code_topics:
- "proxy-trust-boundary"
- "token-cookie-storage"
primary_source: "https://www.npmjs.com/advisories/1482"
---
# Denial of Service in @hapi/hapi
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `hapi--GHSA-23vw-mhv5-grv5`
- 系统: `hapi`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://www.npmjs.com/advisories/1482
- 影响版本: `introduced=0, fixed<18.4.1, introduced=19.0.0, fixed<19.1.1`
- 修复版本: `18.4.1, 19.1.1`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

2
07-framework-security/frameworks/koa/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

108
07-framework-security/frameworks/koa/cases/koa-cve-2026-27959.md 普通文件
查看文件

@@ -0,0 +1,108 @@
---
title: "Koa has Host Header Injection via ctx.hostname"
system_id: "koa"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-02-26T22:42:57Z"
updated_date: "2026-02-26T23:36:36.294040Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2026-27959"
- "GHSA-7gcc-r8m5-44qm"
affected_versions:
- "introduced=3.0.0, fixed<3.1.2"
- "introduced=0, fixed<2.16.4"
fixed_versions:
- "3.1.2"
- "2.16.4"
secure_code_topics:
- "proxy-trust-boundary"
- "ssrf-url-validation"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://github.com/koajs/koa/security/advisories/GHSA-7gcc-r8m5-44qm"
---
# Koa has Host Header Injection via ctx.hostname
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `koa--CVE-2026-27959`
- 系统: `koa`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/koajs/koa/security/advisories/GHSA-7gcc-r8m5-44qm
- 影响版本: `introduced=3.0.0, fixed<3.1.2, introduced=0, fixed<2.16.4`
- 修复版本: `3.1.2, 2.16.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-27959
- https://github.com/koajs/koa/commit/55ab9bab044ead4e82c70a30a4f9dc0fc9c1b6df
- https://github.com/koajs/koa/commit/b76ddc01fdb703e51652b0fd131d16394cadcfeb
- https://github.com/koajs/koa
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

2
07-framework-security/frameworks/laravel/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

125
07-framework-security/frameworks/laravel/cases/laravel-cve-2021-21263.md 普通文件
查看文件

@@ -0,0 +1,125 @@
---
title: "Query Binding Exploitation"
system_id: "laravel"
category: "frameworks"
advisory_mode: "core"
published_date: "2021-01-19T19:36:51Z"
updated_date: "2026-03-13T22:15:34.333730Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-laravel-2021-21263"
- "CVE-2021-21263"
- "GHSA-3p32-j457-pg5x"
affected_versions:
- "v8.0.0"
- "v8.0.1"
- "v8.0.2"
- "v8.0.3"
- "v8.0.4"
- "v8.1.0"
- "v8.10.0"
- "v8.11.0"
- "v8.11.1"
- "v8.11.2"
- "v8.12.0"
- "v8.12.1"
- "v8.12.2"
- "v8.12.3"
- "v8.13.0"
- "v8.14.0"
- "v8.15.0"
- "v8.16.0"
- "v8.16.1"
- "v8.17.0"
fixed_versions:
- "8.22.1"
- "7.30.3"
- "6.20.12"
- "6.20.11"
- "7.30.2"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "file-upload-validation"
primary_source: "https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x"
---
# Query Binding Exploitation
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `laravel--CVE-2021-21263`
- 系统: `laravel`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x
- 影响版本: `v8.0.0, v8.0.1, v8.0.2, v8.0.3, v8.0.4, v8.1.0, v8.10.0, v8.11.0, v8.11.1, v8.11.2`
- 修复版本: `8.22.1, 7.30.3, 6.20.12, 6.20.11, 7.30.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-21263
- https://github.com/laravel/framework/pull/35865
- https://blog.laravel.com/security-laravel-62011-7302-8221-released
- https://blog.laravel.com/security-laravel-62012-7303-released
- https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/database/CVE-2021-21263.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2021-21263.yaml
- https://packagist.org/packages/illuminate/database
- https://packagist.org/packages/laravel/framework
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

125
07-framework-security/frameworks/laravel/cases/laravel-cve-2021-43808.md 普通文件
查看文件

@@ -0,0 +1,125 @@
---
title: "Laravel Framework XSS in Blade templating engine"
system_id: "laravel"
category: "frameworks"
advisory_mode: "core"
published_date: "2021-12-08T19:57:36Z"
updated_date: "2026-03-13T22:01:16.767646Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2021-43808"
- "GHSA-66hf-2p6w-jqfw"
affected_versions:
- "5.0.30"
- "5.2.41"
- "v4.0.0"
- "v4.0.0-BETA2"
- "v4.0.0-BETA3"
- "v4.0.0-BETA4"
- "v4.0.1"
- "v4.0.10"
- "v4.0.11"
- "v4.0.2"
- "v4.0.3"
- "v4.0.4"
- "v4.0.5"
- "v4.0.6"
- "v4.0.7"
- "v4.0.8"
- "v4.0.9"
- "v4.1.0"
- "v4.1.1"
- "v4.1.10"
fixed_versions:
- "6.20.42"
- "7.30.6"
- "8.75.0"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "file-upload-validation"
primary_source: "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"
---
# Laravel Framework XSS in Blade templating engine
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `laravel--CVE-2021-43808`
- 系统: `laravel`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
- 影响版本: `5.0.30, 5.2.41, v4.0.0, v4.0.0-BETA2, v4.0.0-BETA3, v4.0.0-BETA4, v4.0.1, v4.0.10, v4.0.11, v4.0.2`
- 修复版本: `6.20.42, 7.30.6, 8.75.0`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-43808
- https://github.com/laravel/framework/pull/39906
- https://github.com/laravel/framework/pull/39908
- https://github.com/laravel/framework/pull/39909
- https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b
- https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/view/CVE-2021-43808.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/CVE-2021-43808.yaml
- https://github.com/laravel/framework
- https://github.com/laravel/framework/releases/tag/v6.20.42
- https://github.com/laravel/framework/releases/tag/v7.30.6
- https://github.com/laravel/framework/releases/tag/v8.75.0
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

3
07-framework-security/frameworks/nestjs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -26,6 +26,7 @@
- `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=npm; mode=core)
- `official` [OSV NestJS](https://osv.dev/) (mode=core)
- `ecosystem-authority` [NVD NestJS](https://nvd.nist.gov/vuln/search) (keyword=NestJS; mode=core)
## 案例列表

82
07-framework-security/frameworks/nextjs/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nextjs`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `66`
- 近 30 天新增/更新: `10`
- 重点 Markdown 案例数: `41`
- 已实证(真实版本): `26`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-18T18:34:26+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,72 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Next.js: HTTP request smuggling in rewrites | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:26.646070Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-29057.md) |
| Next.js: Unbounded next/image disk cache growth can exhaust storage | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:33.597080Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27980.md) |
| Next.js: Unbounded postponed resume buffering can lead to DoS | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T16:31:34.160932Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27979.md) |
| Next.js: null origin can bypass Server Actions CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:43.484729Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27978.md) |
| Next.js: null origin can bypass dev HMR websocket CSRF checks | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-17T15:46:26.028580Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2026-27977.md) |
| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
| Next Server Actions Source Code Exposure | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
| Next.JS vulnerability can lead to DoS via cache poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `verified-real` | `real` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `verified-real` | `real` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
| Authorization Bypass in Next.js Middleware | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
| Next.js authorization bypass vulnerability | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
| Denial of Service condition in Next.js image optimization | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
| Next.js Cache Poisoning | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
| Next.js Denial of Service (DoS) condition | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-11-06T14:30:33Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-39693.md) |
| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
| Next.js Vulnerable to HTTP Request Smuggling | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-07-09T18:28:18Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34350.md) |
| Next.js missing cache-control header may lead to CDN caching empty reply | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:13:42.231979Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2023-46298.md) |
| Unexpected server crash in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:09:58.785797Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2022-36046.md) |
| Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:08:26.298810Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2022-23646.md) |
| Denial of Service Vulnerability in next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:08:09.355091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2022-21721.md) |
| Unexpected server crash in Next.js. | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
| XSS in Image Optimization API for Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
| Open Redirect in Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
| Open Redirect in Next.js versions | `low` | `generated` | `verified-real` | `real` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
| Remote Code Execution in next | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2022-04-28T19:57:43Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5vj8-3v2h-h38v.md) |
| Directory Traversal in Next.js | `low` | `generated` | `verified-real` | `real` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |
| Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:00:05.061101Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2018-18282.md) |
| Directory traversal vulnerability in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:00:21.025418Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2018-6184.md) |
| Next.js Directory Traversal Vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-04-22T19:49:35Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2017-16877.md) |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service in Partial Pre Rendering | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service with Server Components - Incomplete Fix Follow-Up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| next.js | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| null origin can bypass Server Actions CSRF checks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
36 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Server Actions Source Code Exposure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service with Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service in Image Optimizer | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unbounded next/image disk cache growth can exhaust storage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| null origin can bypass dev HMR websocket CSRF checks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HTTP request smuggling in rewrites | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
1.4k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unbounded postponed resume buffering can lead to DoS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.1k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

15
07-framework-security/frameworks/nodejs/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nodejs`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `8`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `8`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,11 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-21` | - |
| System Information Library for Node.JS Command Injection | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2022-02-01` | - |
| Tuesday, January 13, 2026 Security Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenSSL Security Advisory Assessment, January 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| New security releases to be made available Tuesday, March 24, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wednesday, May 14, 2025 Security Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tuesday, July 15, 2025 Security Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

40
07-framework-security/frameworks/nuxt/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `nuxt`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `28`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `5`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `28`
- 最近渲染时间: `2026-03-18T18:34:30+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,34 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-18T13:04:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2025-59414.md) |
| Nuxt allows DOS via cache poisoning with payload rendering response | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-03-20T19:31:04Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2025-27415.md) |
| Nuxt vulnerable to remote code execution via the browser when running the test locally | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-11-18T16:27:00Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2024-34344.md) |
| nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-05-15T21:26:45Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2024-34343.md) |
| nuxt Code Injection vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2024-11-18T16:26:30Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nuxt/cases/nuxt-cve-2023-3224.md) |
| Opening a malicious website while running a Nuxt dev server could allow read-only access to code | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS in navigateTo if used after SSR | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Remote code execution via the browser when running e2e tests locally | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Opening a malicious website while running a Nuxt dev server could allow read-only access to code | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Path Traversal: '../filedir' in Nuxt Devtools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
788 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Models | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Client-Side Path Traversal in Nuxt Island Payload Revival | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
118 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| nuxt | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| nuxt | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DOS via cache poisoning with payload rendering response | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

3
07-framework-security/frameworks/rails/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -26,6 +26,7 @@
- `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=rubygems; mode=core)
- `official` [OSV Rails](https://osv.dev/) (mode=core)
- `ecosystem-authority` [NVD Ruby on Rails](https://nvd.nist.gov/vuln/search) (keyword=Ruby on Rails; mode=core)
## 案例列表

113
07-framework-security/frameworks/rails/cases/rails-cve-2006-4111.md 普通文件
查看文件

@@ -0,0 +1,113 @@
---
title: "Ruby on Rails vulnerable to code injection"
system_id: "rails"
category: "frameworks"
advisory_mode: "core"
published_date: "2017-10-24T18:33:38Z"
updated_date: "2025-04-03T14:58:34.698394Z"
severity: "high"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2006-4111"
- "GHSA-rvpq-5xqx-pfpp"
affected_versions:
- "1.1.0"
- "1.1.1"
- "1.1.2"
- "1.1.3"
- "1.1.4"
- "1.1.5"
- "introduced=1.1.0, fixed<1.1.6"
fixed_versions:
- "1.1.6"
secure_code_topics:
- "xss-output-encoding"
- "file-upload-validation"
- "authz-server-side-recheck"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2006-4111"
---
# Ruby on Rails vulnerable to code injection
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `rails--CVE-2006-4111`
- 系统: `rails`
- 严重度: `high`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2006-4111
- 影响版本: `1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, introduced=1.1.0, fixed<1.1.6`
- 修复版本: `1.1.6`
## 其他来源
- http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html
- https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml
- https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
- https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
- http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits
- http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
- http://www.novell.com/linux/security/advisories/2006_21_sr.html
- http://secunia.com/advisories/21466
- http://secunia.com/advisories/21749
- http://securitytracker.com/id?1016673
- http://www.securityfocus.com/bid/19454
- http://www.vupen.com/english/advisories/2006/3237
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)

124
07-framework-security/frameworks/rails/cases/rails-cve-2006-4112.md 普通文件
查看文件

@@ -0,0 +1,124 @@
---
title: "Rails Denial of Service vulnerability"
system_id: "rails"
category: "frameworks"
advisory_mode: "core"
published_date: "2017-10-24T18:33:38Z"
updated_date: "2025-04-03T15:46:47.783301Z"
severity: "high"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2006-4112"
- "GHSA-9wrq-xvmp-xjc8"
affected_versions:
- "1.1.0"
- "1.1.1"
- "1.1.2"
- "1.1.3"
- "1.1.4"
- "1.1.5"
- "introduced=1.1.0, fixed<1.1.6"
fixed_versions:
- "1.1.6"
secure_code_topics:
- "xss-output-encoding"
- "file-upload-validation"
- "authz-server-side-recheck"
- "dependency-upgrade-policy"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2006-4112"
---
# Rails Denial of Service vulnerability
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `rails--CVE-2006-4112`
- 系统: `rails`
- 严重度: `high`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2006-4112
- 影响版本: `1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, introduced=1.1.0, fixed<1.1.6`
- 修复版本: `1.1.6`
## 其他来源
- http://secunia.com/advisories/21424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28364
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml
- https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
- https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded
- https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
- http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure
- http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
- http://www.kb.cert.org/vuls/id/699540
- http://www.novell.com/linux/security/advisories/2006_21_sr.html
- http://secunia.com/advisories/21466
- http://secunia.com/advisories/21749
- http://securitytracker.com/id?1016673
- http://www.securityfocus.com/archive/1/442934/100/0/threaded
- http://www.securityfocus.com/bid/19454
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

128
07-framework-security/frameworks/rails/cases/rails-cve-2007-3227.md 普通文件
查看文件

@@ -0,0 +1,128 @@
---
title: "Moderate severity vulnerability that affects rails"
system_id: "rails"
category: "frameworks"
advisory_mode: "core"
published_date: "2017-10-24T18:33:38Z"
updated_date: "2025-04-09T15:30:21.670801Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2007-3227"
- "GHSA-gm25-fpmr-43fj"
affected_versions:
- "0.10.0"
- "0.10.1"
- "0.11.0"
- "0.11.1"
- "0.12.0"
- "0.12.1"
- "0.13.0"
- "0.13.1"
- "0.14.1"
- "0.14.2"
- "0.14.3"
- "0.14.4"
- "0.8.0"
- "0.8.5"
- "0.9.0"
- "0.9.1"
- "0.9.2"
- "0.9.3"
- "0.9.4"
- "0.9.4.1"
fixed_versions:
- "1.2.5"
secure_code_topics:
- "xss-output-encoding"
- "file-upload-validation"
- "authz-server-side-recheck"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2007-3227"
---
# Moderate severity vulnerability that affects rails
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `rails--CVE-2007-3227`
- 系统: `rails`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2007-3227
- 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
- 修复版本: `1.2.5`
## 其他来源
- http://bugs.gentoo.org/show_bug.cgi?id=195315
- https://github.com/advisories/GHSA-gm25-fpmr-43fj
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml
- http://dev.rubyonrails.org/ticket/8371
- http://osvdb.org/36378
- http://pastie.caboo.se/65550.txt
- http://secunia.com/advisories/25699
- http://secunia.com/advisories/27657
- http://secunia.com/advisories/27756
- http://security.gentoo.org/glsa/glsa-200711-17.xml
- http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release
- http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
- http://www.novell.com/linux/security/advisories/2007_24_sr.html
- http://www.securityfocus.com/bid/24161
- http://www.vupen.com/english/advisories/2007/2216
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)

129
07-framework-security/frameworks/rails/cases/rails-cve-2007-5379.md 普通文件
查看文件

@@ -0,0 +1,129 @@
---
title: "Moderate severity vulnerability that affects rails"
system_id: "rails"
category: "frameworks"
advisory_mode: "core"
published_date: "2017-10-24T18:33:38Z"
updated_date: "2025-05-01T18:49:06.777708Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2007-5379"
- "GHSA-fjfg-q662-gm6j"
affected_versions:
- "0.10.0"
- "0.10.1"
- "0.11.0"
- "0.11.1"
- "0.12.0"
- "0.12.1"
- "0.13.0"
- "0.13.1"
- "0.14.1"
- "0.14.2"
- "0.14.3"
- "0.14.4"
- "0.8.0"
- "0.8.5"
- "0.9.0"
- "0.9.1"
- "0.9.2"
- "0.9.3"
- "0.9.4"
- "0.9.4.1"
fixed_versions:
- "1.2.4"
secure_code_topics:
- "xss-output-encoding"
- "file-upload-validation"
- "authz-server-side-recheck"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2007-5379"
---
# Moderate severity vulnerability that affects rails
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `rails--CVE-2007-5379`
- 系统: `rails`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2007-5379
- 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
- 修复版本: `1.2.4`
## 其他来源
- http://bugs.gentoo.org/show_bug.cgi?id=195315
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml
- https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
- https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://security.gentoo.org/glsa/glsa-200711-17.xml
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://www.vupen.com/english/advisories/2007/3508
- http://www.vupen.com/english/advisories/2007/4238
- http://dev.rubyonrails.org/ticket/8453
- http://osvdb.org/40717
- http://secunia.com/advisories/27657
- http://secunia.com/advisories/28136
- http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
- http://www.securityfocus.com/bid/26096
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)

137
07-framework-security/frameworks/rails/cases/rails-cve-2007-5380.md 普通文件
查看文件

@@ -0,0 +1,137 @@
---
title: "Session fixation vulnerability in Rails "
system_id: "rails"
category: "frameworks"
advisory_mode: "core"
published_date: "2017-10-24T18:33:38Z"
updated_date: "2025-04-09T15:30:02.622007Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2007-5380"
- "GHSA-jwhv-rgqc-fqj5"
affected_versions:
- "0.10.0"
- "0.10.1"
- "0.11.0"
- "0.11.1"
- "0.12.0"
- "0.12.1"
- "0.13.0"
- "0.13.1"
- "0.14.1"
- "0.14.2"
- "0.14.3"
- "0.14.4"
- "0.8.0"
- "0.8.5"
- "0.9.0"
- "0.9.1"
- "0.9.2"
- "0.9.3"
- "0.9.4"
- "0.9.4.1"
fixed_versions:
- "1.2.4"
secure_code_topics:
- "xss-output-encoding"
- "file-upload-validation"
- "authz-server-side-recheck"
- "token-cookie-storage"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2007-5380"
---
# Session fixation vulnerability in Rails
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `rails--CVE-2007-5380`
- 系统: `rails`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2007-5380
- 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
- 修复版本: `1.2.4`
## 其他来源
- http://bugs.gentoo.org/show_bug.cgi?id=195315
- https://github.com/advisories/GHSA-jwhv-rgqc-fqj5
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://secunia.com/advisories/27657
- http://secunia.com/advisories/27965
- http://secunia.com/advisories/28136
- http://security.gentoo.org/glsa/glsa-200711-17.xml
- http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
- http://www.novell.com/linux/security/advisories/2007_25_sr.html
- http://www.securityfocus.com/bid/26096
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://www.vupen.com/english/advisories/2007/3508
- http://www.vupen.com/english/advisories/2007/4238
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

135
07-framework-security/frameworks/rails/cases/rails-cve-2007-6077.md 普通文件
查看文件

@@ -0,0 +1,135 @@
---
title: "session fixation protection mechanism in cgi_process.rb in Rails"
system_id: "rails"
category: "frameworks"
advisory_mode: "core"
published_date: "2017-10-24T18:33:38Z"
updated_date: "2025-04-09T15:55:51.425352Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2007-6077"
- "GHSA-p4c6-77gc-694x"
affected_versions:
- "0.10.0"
- "0.10.1"
- "0.11.0"
- "0.11.1"
- "0.12.0"
- "0.12.1"
- "0.13.0"
- "0.13.1"
- "0.14.1"
- "0.14.2"
- "0.14.3"
- "0.14.4"
- "0.8.0"
- "0.8.5"
- "0.9.0"
- "0.9.1"
- "0.9.2"
- "0.9.3"
- "0.9.4"
- "0.9.4.1"
fixed_versions:
- "1.2.6"
secure_code_topics:
- "xss-output-encoding"
- "file-upload-validation"
- "authz-server-side-recheck"
- "token-cookie-storage"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2007-6077"
---
# session fixation protection mechanism in cgi_process.rb in Rails
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `rails--CVE-2007-6077`
- 系统: `rails`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2007-6077
- 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
- 修复版本: `1.2.6`
## 其他来源
- http://dev.rubyonrails.org/changeset/8177
- https://github.com/advisories/GHSA-p4c6-77gc-694x
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml
- https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
- http://dev.rubyonrails.org/ticket/10048
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://secunia.com/advisories/27781
- http://secunia.com/advisories/28136
- http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
- http://www.securityfocus.com/bid/26598
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://www.vupen.com/english/advisories/2007/4009
- http://www.vupen.com/english/advisories/2007/4238
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

119
07-framework-security/frameworks/rails/cases/rails-cve-2008-5189.md 普通文件
查看文件

@@ -0,0 +1,119 @@
---
title: "rails is vulnerable to CRLF injection"
system_id: "rails"
category: "frameworks"
advisory_mode: "core"
published_date: "2017-10-24T18:33:38Z"
updated_date: "2025-04-09T17:02:22.936736Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2008-5189"
- "GHSA-jmgf-p46x-982h"
affected_versions:
- "0.10.0"
- "0.10.1"
- "0.11.0"
- "0.11.1"
- "0.12.0"
- "0.12.1"
- "0.13.0"
- "0.13.1"
- "0.14.1"
- "0.14.2"
- "0.14.3"
- "0.14.4"
- "0.8.0"
- "0.8.5"
- "0.9.0"
- "0.9.1"
- "0.9.2"
- "0.9.3"
- "0.9.4"
- "0.9.4.1"
fixed_versions:
- "2.0.5"
secure_code_topics:
- "xss-output-encoding"
- "file-upload-validation"
- "authz-server-side-recheck"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2008-5189"
---
# rails is vulnerable to CRLF injection
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `rails--CVE-2008-5189`
- 系统: `rails`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2008-5189
- 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
- 修复版本: `2.0.5`
## 其他来源
- http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml
- http://github.com/rails/rails
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
- http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing
- http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
- http://www.securityfocus.com/bid/32359
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)

140
07-framework-security/frameworks/rails/cases/rails-cve-2009-4214.md 普通文件
查看文件

@@ -0,0 +1,140 @@
---
title: "Moderate severity vulnerability that affects rails"
system_id: "rails"
category: "frameworks"
advisory_mode: "core"
published_date: "2017-10-24T18:33:38Z"
updated_date: "2025-04-09T20:05:53.148849Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2009-4214"
- "GHSA-9p3v-wf2w-v29c"
affected_versions:
- "0.10.0"
- "0.10.1"
- "0.11.0"
- "0.11.1"
- "0.12.0"
- "0.12.1"
- "0.13.0"
- "0.13.1"
- "0.14.1"
- "0.14.2"
- "0.14.3"
- "0.14.4"
- "0.8.0"
- "0.8.5"
- "0.9.0"
- "0.9.1"
- "0.9.2"
- "0.9.3"
- "0.9.4"
- "0.9.4.1"
fixed_versions:
- "2.2.2"
- "2.3.5"
secure_code_topics:
- "xss-output-encoding"
- "file-upload-validation"
- "authz-server-side-recheck"
- "token-cookie-storage"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2009-4214"
---
# Moderate severity vulnerability that affects rails
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `rails--CVE-2009-4214`
- 系统: `rails`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2009-4214
- 影响版本: `0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.1, 0.14.2`
- 修复版本: `2.2.2, 2.3.5`
## 其他来源
- http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5
- https://github.com/advisories/GHSA-9p3v-wf2w-v29c
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml
- http://github.com/rails/rails
- http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://secunia.com/advisories/37446
- http://secunia.com/advisories/38915
- http://support.apple.com/kb/HT4077
- http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
- http://www.debian.org/security/2011/dsa-2260
- http://www.debian.org/security/2011/dsa-2301
- http://www.openwall.com/lists/oss-security/2009/11/27/2
- http://www.openwall.com/lists/oss-security/2009/12/08/3
- http://www.securityfocus.com/bid/37142
- http://www.securitytracker.com/id?1023245
- http://www.vupen.com/english/advisories/2009/3352
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

124
07-framework-security/frameworks/rails/cases/rails-cve-2014-0081.md 普通文件
查看文件

@@ -0,0 +1,124 @@
---
title: "Rails vulnerable to Cross-site Scripting"
system_id: "rails"
category: "frameworks"
advisory_mode: "core"
published_date: "2017-10-24T18:33:36Z"
updated_date: "2024-12-08T05:43:59.579843Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2014-0081"
- "GHSA-m46p-ggm5-5j83"
affected_versions:
- "3.0.0"
- "3.0.1"
- "3.0.10"
- "3.0.10.rc1"
- "3.0.11"
- "3.0.12"
- "3.0.12.rc1"
- "3.0.13"
- "3.0.13.rc1"
- "3.0.14"
- "3.0.15"
- "3.0.16"
- "3.0.17"
- "3.0.18"
- "3.0.19"
- "3.0.2"
- "3.0.20"
- "3.0.3"
- "3.0.4"
- "3.0.4.rc1"
fixed_versions:
- "3.2.17"
- "4.0.3"
secure_code_topics:
- "xss-output-encoding"
- "file-upload-validation"
- "authz-server-side-recheck"
primary_source: "https://nvd.nist.gov/vuln/detail/CVE-2014-0081"
---
# Rails vulnerable to Cross-site Scripting
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `rails--CVE-2014-0081`
- 系统: `rails`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://nvd.nist.gov/vuln/detail/CVE-2014-0081
- 影响版本: `3.0.0, 3.0.1, 3.0.10, 3.0.10.rc1, 3.0.11, 3.0.12, 3.0.12.rc1, 3.0.13, 3.0.13.rc1, 3.0.14`
- 修复版本: `3.2.17, 4.0.3`
## 其他来源
- https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml
- https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782
- https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647
- https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
- http://openwall.com/lists/oss-security/2014/02/18/8
- http://rhn.redhat.com/errata/RHSA-2014-0215.html
- http://rhn.redhat.com/errata/RHSA-2014-0306.html
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)

121
07-framework-security/frameworks/rails/cases/rails-cve-2024-26143.md 普通文件
查看文件

@@ -0,0 +1,121 @@
---
title: "Rails has possible XSS Vulnerability in Action Controller"
system_id: "rails"
category: "frameworks"
advisory_mode: "core"
published_date: "2024-02-27T21:41:12Z"
updated_date: "2024-12-20T10:42:26.578616Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-rails-2024-26143"
- "CVE-2024-26143"
- "GHSA-9822-6m93-xqf4"
affected_versions:
- "7.0.0"
- "7.0.1"
- "7.0.2"
- "7.0.2.1"
- "7.0.2.2"
- "7.0.2.3"
- "7.0.2.4"
- "7.0.3"
- "7.0.3.1"
- "7.0.4"
- "7.0.4.1"
- "7.0.4.2"
- "7.0.4.3"
- "7.0.5"
- "7.0.5.1"
- "7.0.6"
- "7.0.7"
- "7.0.7.1"
- "7.0.7.2"
- "7.0.8"
fixed_versions:
- "7.0.8.1"
- "7.1.3.1"
secure_code_topics:
- "xss-output-encoding"
- "file-upload-validation"
- "authz-server-side-recheck"
primary_source: "https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4"
---
# Rails has possible XSS Vulnerability in Action Controller
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `rails--CVE-2024-26143`
- 系统: `rails`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
- 影响版本: `7.0.0, 7.0.1, 7.0.2, 7.0.2.1, 7.0.2.2, 7.0.2.3, 7.0.2.4, 7.0.3, 7.0.3.1, 7.0.4`
- 修复版本: `7.0.8.1, 7.1.3.1`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2024-26143
- https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
- https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
- https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
- https://security.netapp.com/advisory/ntap-20240510-0004
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)

33
07-framework-security/frameworks/react/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `react`
- 分类: `frameworks`
- 覆盖策略: `history-full`
- 总案例数: `21`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `3`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `21`
- 最近渲染时间: `2026-03-18T18:34:21+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,27 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Cross-Site Scripting in react | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T03:57:27.158332Z` | [link](/Users/x/websafe/07-framework-security/frameworks/react/cases/react-cve-2013-7035.md) |
| Cross-Site Scripting in react | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2021-10-01T20:15:16Z` | [link](/Users/x/websafe/07-framework-security/frameworks/react/cases/react-ghsa-hg79-j56m-fxgv.md) |
| Cross-Site Scripting in react-dom | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2023-11-08T04:00:21.209483Z` | [link](/Users/x/websafe/07-framework-security/frameworks/react/cases/react-cve-2018-6341.md) |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
810 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Source Code Exposure Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Critical Security Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service Vulnerability in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| react | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
371 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial of Service Vulnerabilities in React Server Components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Models | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

2
07-framework-security/frameworks/spring-boot/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

106
07-framework-security/frameworks/spring-boot/cases/spring-boot-cve-2022-27772.md 普通文件
查看文件

@@ -0,0 +1,106 @@
---
title: "Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot"
system_id: "spring-boot"
category: "frameworks"
advisory_mode: "core"
published_date: "2022-07-11T20:59:02Z"
updated_date: "2026-03-13T21:59:19.426456Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "ecosystem-authority"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2022-27772"
- "GHSA-cm59-pr5q-cw85"
affected_versions:
- "1.0.0.RELEASE"
- "1.0.1.RELEASE"
- "1.0.2.RELEASE"
- "1.1.0.RELEASE"
- "1.1.1.RELEASE"
- "1.1.10.RELEASE"
- "1.1.11.RELEASE"
- "1.1.12.RELEASE"
- "1.1.2.RELEASE"
- "1.1.3.RELEASE"
- "1.1.4.RELEASE"
- "1.1.5.RELEASE"
- "1.1.6.RELEASE"
- "1.1.7.RELEASE"
- "1.1.8.RELEASE"
- "1.1.9.RELEASE"
- "1.2.0.RELEASE"
- "1.2.1.RELEASE"
- "1.2.2.RELEASE"
- "1.2.3.RELEASE"
fixed_versions:
- "2.2.11.RELEASE"
secure_code_topics:
- "proxy-trust-boundary"
- "authz-server-side-recheck"
primary_source: "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85"
---
# Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `spring-boot--CVE-2022-27772`
- 系统: `spring-boot`
- 严重度: `low`
- 来源置信度: `ecosystem-authority`
- 官方主源: https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
- 影响版本: `1.0.0.RELEASE, 1.0.1.RELEASE, 1.0.2.RELEASE, 1.1.0.RELEASE, 1.1.1.RELEASE, 1.1.10.RELEASE, 1.1.11.RELEASE, 1.1.12.RELEASE, 1.1.2.RELEASE, 1.1.3.RELEASE`
- 修复版本: `2.2.11.RELEASE`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2022-27772
- https://github.com/spring-projects/spring-boot/commit/667ccdae84822072f9ea1a27ed5c77964c71002d
- https://github.com/spring-projects/spring-boot
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)

2
07-framework-security/frameworks/spring-framework/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-security/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

2
07-framework-security/frameworks/sveltekit/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

95
07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-88qp-p4qg-rqm6.md 普通文件
查看文件

@@ -0,0 +1,95 @@
---
title: "CPU exhaustion in SvelteKit remote form deserialization (experimental only)"
system_id: "sveltekit"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-02-19T20:30:25Z"
updated_date: "2026-02-22T23:23:11.893790Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "GHSA-88qp-p4qg-rqm6"
affected_versions:
- "introduced=2.49.0, fixed<2.52.2"
fixed_versions:
- "2.52.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "deserialization-safety"
primary_source: "https://github.com/sveltejs/kit/security/advisories/GHSA-88qp-p4qg-rqm6"
---
# CPU exhaustion in SvelteKit remote form deserialization (experimental only)
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `sveltekit--GHSA-88qp-p4qg-rqm6`
- 系统: `sveltekit`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://github.com/sveltejs/kit/security/advisories/GHSA-88qp-p4qg-rqm6
- 影响版本: `introduced=2.49.0, fixed<2.52.2`
- 修复版本: `2.52.2`
## 其他来源
- https://github.com/sveltejs/kit/commit/3e607b314aec9e5f278d32847945b8b6323e1cb8
- https://github.com/sveltejs/kit
- https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.52.2
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:deserialization-safety](/Users/x/websafe/05-defense/secure-code/javascript-typescript/deserialization-safety.md)
- [nodejs:deserialization-safety](/Users/x/websafe/05-defense/secure-code/nodejs/deserialization-safety.md)
- [java:deserialization-safety](/Users/x/websafe/05-defense/secure-code/java/deserialization-safety.md)
- [php:deserialization-safety](/Users/x/websafe/05-defense/secure-code/php/deserialization-safety.md)
- [python:deserialization-safety](/Users/x/websafe/05-defense/secure-code/python/deserialization-safety.md)
- [ruby:deserialization-safety](/Users/x/websafe/05-defense/secure-code/ruby/deserialization-safety.md)
- [csharp:deserialization-safety](/Users/x/websafe/05-defense/secure-code/csharp/deserialization-safety.md)
- [go:deserialization-safety](/Users/x/websafe/05-defense/secure-code/go/deserialization-safety.md)

95
07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-fpg4-jhqr-589c.md 普通文件
查看文件

@@ -0,0 +1,95 @@
---
title: "SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)"
system_id: "sveltekit"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-02-28T02:04:39Z"
updated_date: "2026-02-28T06:27:26.115188Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "GHSA-fpg4-jhqr-589c"
affected_versions:
- "introduced=2.49.0, fixed<2.53.3"
fixed_versions:
- "2.53.3"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "deserialization-safety"
primary_source: "https://github.com/sveltejs/kit/security/advisories/GHSA-fpg4-jhqr-589c"
---
# SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `sveltekit--GHSA-fpg4-jhqr-589c`
- 系统: `sveltekit`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://github.com/sveltejs/kit/security/advisories/GHSA-fpg4-jhqr-589c
- 影响版本: `introduced=2.49.0, fixed<2.53.3`
- 修复版本: `2.53.3`
## 其他来源
- https://github.com/sveltejs/kit/commit/faba869db3644077169bf5d7c6e41fd5f3d6c65e
- https://github.com/sveltejs/kit
- https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.53.3
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:deserialization-safety](/Users/x/websafe/05-defense/secure-code/javascript-typescript/deserialization-safety.md)
- [nodejs:deserialization-safety](/Users/x/websafe/05-defense/secure-code/nodejs/deserialization-safety.md)
- [java:deserialization-safety](/Users/x/websafe/05-defense/secure-code/java/deserialization-safety.md)
- [php:deserialization-safety](/Users/x/websafe/05-defense/secure-code/php/deserialization-safety.md)
- [python:deserialization-safety](/Users/x/websafe/05-defense/secure-code/python/deserialization-safety.md)
- [ruby:deserialization-safety](/Users/x/websafe/05-defense/secure-code/ruby/deserialization-safety.md)
- [csharp:deserialization-safety](/Users/x/websafe/05-defense/secure-code/csharp/deserialization-safety.md)
- [go:deserialization-safety](/Users/x/websafe/05-defense/secure-code/go/deserialization-safety.md)

95
07-framework-security/frameworks/sveltekit/cases/sveltekit-ghsa-vrhm-gvg7-fpcf.md 普通文件
查看文件

@@ -0,0 +1,95 @@
---
title: " Memory exhaustion in SvelteKit remote form deserialization (experimental only)"
system_id: "sveltekit"
category: "frameworks"
advisory_mode: "core"
published_date: "2026-02-19T20:29:42Z"
updated_date: "2026-02-22T23:25:49.392878Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "GHSA-vrhm-gvg7-fpcf"
affected_versions:
- "introduced=2.49.0, fixed<2.52.2"
fixed_versions:
- "2.52.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "deserialization-safety"
primary_source: "https://github.com/sveltejs/kit/security/advisories/GHSA-vrhm-gvg7-fpcf"
---
# Memory exhaustion in SvelteKit remote form deserialization (experimental only)
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `sveltekit--GHSA-vrhm-gvg7-fpcf`
- 系统: `sveltekit`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://github.com/sveltejs/kit/security/advisories/GHSA-vrhm-gvg7-fpcf
- 影响版本: `introduced=2.49.0, fixed<2.52.2`
- 修复版本: `2.52.2`
## 其他来源
- https://github.com/sveltejs/kit/commit/f47c01bd8100328c24fdb8522fe35913b0735f35
- https://github.com/sveltejs/kit
- https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.52.2
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:deserialization-safety](/Users/x/websafe/05-defense/secure-code/javascript-typescript/deserialization-safety.md)
- [nodejs:deserialization-safety](/Users/x/websafe/05-defense/secure-code/nodejs/deserialization-safety.md)
- [java:deserialization-safety](/Users/x/websafe/05-defense/secure-code/java/deserialization-safety.md)
- [php:deserialization-safety](/Users/x/websafe/05-defense/secure-code/php/deserialization-safety.md)
- [python:deserialization-safety](/Users/x/websafe/05-defense/secure-code/python/deserialization-safety.md)
- [ruby:deserialization-safety](/Users/x/websafe/05-defense/secure-code/ruby/deserialization-safety.md)
- [csharp:deserialization-safety](/Users/x/websafe/05-defense/secure-code/csharp/deserialization-safety.md)
- [go:deserialization-safety](/Users/x/websafe/05-defense/secure-code/go/deserialization-safety.md)

2
07-framework-security/frameworks/symfony/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束

124
07-framework-security/frameworks/symfony/cases/symfony-cve-2020-15094.md 普通文件
查看文件

@@ -0,0 +1,124 @@
---
title: "RCE in Symfony"
system_id: "symfony"
category: "frameworks"
advisory_mode: "core"
published_date: "2020-09-02T17:29:56Z"
updated_date: "2026-03-13T22:14:38.594283Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-symfony-2020-15094"
- "CVE-2020-15094"
- "GHSA-754h-5r27-7x3r"
affected_versions:
- "v4.3.0"
- "v4.3.1"
- "v4.3.10"
- "v4.3.11"
- "v4.3.2"
- "v4.3.3"
- "v4.3.4"
- "v4.3.5"
- "v4.3.6"
- "v4.3.7"
- "v4.3.8"
- "v4.3.9"
- "v4.4.0"
- "v4.4.0-BETA1"
- "v4.4.0-BETA2"
- "v4.4.0-RC1"
- "v4.4.1"
- "v4.4.10"
- "v4.4.11"
- "v4.4.12"
fixed_versions:
- "4.4.13"
- "5.1.5"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "path-traversal-guard"
primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"
---
# RCE in Symfony
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `symfony--CVE-2020-15094`
- 系统: `symfony`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r
- 影响版本: `v4.3.0, v4.3.1, v4.3.10, v4.3.11, v4.3.2, v4.3.3, v4.3.4, v4.3.5, v4.3.6, v4.3.7`
- 修复版本: `4.4.13, 5.1.5`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2020-15094
- https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2020-15094.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-15094.yaml
- https://github.com/symfony/symfony
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC
- https://packagist.org/packages/symfony/http-kernel
- https://packagist.org/packages/symfony/symfony
- https://symfony.com/cve-2020-15094
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)

117
07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5255.md 普通文件
查看文件

@@ -0,0 +1,117 @@
---
title: "Prevent cache poisoning via a Response Content-Type header in Symfony"
system_id: "symfony"
category: "frameworks"
advisory_mode: "core"
published_date: "2020-03-30T20:09:16Z"
updated_date: "2026-03-13T22:01:08.748385Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-symfony-2020-5255"
- "CVE-2020-5255"
- "GHSA-mcx4-f5f5-4859"
affected_versions:
- "v4.4.0"
- "v4.4.1"
- "v4.4.2"
- "v4.4.3"
- "v4.4.4"
- "v4.4.5"
- "v4.4.6"
- "v5.0.0"
- "v5.0.1"
- "v5.0.2"
- "v5.0.3"
- "v5.0.4"
- "v5.0.5"
- "v5.0.6"
- "introduced=4.4.0, fixed<4.4.7"
- "introduced=5.0.0, fixed<5.0.7"
fixed_versions:
- "4.4.7"
- "5.0.7"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "path-traversal-guard"
primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859"
---
# Prevent cache poisoning via a Response Content-Type header in Symfony
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `symfony--CVE-2020-5255`
- 系统: `symfony`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859
- 影响版本: `v4.4.0, v4.4.1, v4.4.2, v4.4.3, v4.4.4, v4.4.5, v4.4.6, v5.0.0, v5.0.1, v5.0.2`
- 修复版本: `4.4.7, 5.0.7`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2020-5255
- https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2020-5255.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5255.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ
- https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header
- https://symfony.com/cve-2020-5255
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)

110
07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5274.md 普通文件
查看文件

@@ -0,0 +1,110 @@
---
title: "Exceptions displayed in non-debug configurations in Symfony"
system_id: "symfony"
category: "frameworks"
advisory_mode: "core"
published_date: "2020-03-30T20:09:31Z"
updated_date: "2026-03-13T22:15:59.230149Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-symfony-2020-5274"
- "CVE-2020-5274"
- "GHSA-m884-279h-32v2"
affected_versions:
- "v4.4.0"
- "v4.4.1"
- "v4.4.2"
- "v4.4.3"
- "v5.0.0"
- "v5.0.1"
- "v5.0.2"
- "v5.0.3"
- "introduced=4.4.0, fixed<4.4.4"
- "introduced=5.0.0, fixed<5.0.4"
fixed_versions:
- "4.4.4"
- "5.0.4"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "path-traversal-guard"
primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2"
---
# Exceptions displayed in non-debug configurations in Symfony
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `symfony--CVE-2020-5274`
- 系统: `symfony`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2
- 影响版本: `v4.4.0, v4.4.1, v4.4.2, v4.4.3, v5.0.0, v5.0.1, v5.0.2, v5.0.3, introduced=4.4.0, fixed<4.4.4, introduced=5.0.0, fixed<5.0.4`
- 修复版本: `4.4.4, 5.0.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2020-5274
- https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db
- https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/error-handler/CVE-2020-5274.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5274.yaml
- https://symfony.com/cve-2020-5274
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)

117
07-framework-security/frameworks/symfony/cases/symfony-cve-2020-5275.md 普通文件
查看文件

@@ -0,0 +1,117 @@
---
title: "Firewall configured with unanimous strategy was not actually unanimous in Symfony"
system_id: "symfony"
category: "frameworks"
advisory_mode: "core"
published_date: "2020-03-30T20:09:44Z"
updated_date: "2026-03-13T22:16:03.504887Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-symfony-2020-5275"
- "CVE-2020-5275"
- "GHSA-g4m9-5hpf-hx72"
affected_versions:
- "v4.4.0"
- "v4.4.1"
- "v4.4.2"
- "v4.4.3"
- "v4.4.4"
- "v4.4.5"
- "v4.4.6"
- "v5.0.0"
- "v5.0.1"
- "v5.0.2"
- "v5.0.3"
- "v5.0.4"
- "v5.0.5"
- "v5.0.6"
- "introduced=4.4.0, fixed<4.4.7"
- "introduced=5.0.0, fixed<5.0.7"
fixed_versions:
- "4.4.7"
- "5.0.7"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "path-traversal-guard"
primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72"
---
# Firewall configured with unanimous strategy was not actually unanimous in Symfony
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `symfony--CVE-2020-5275`
- 系统: `symfony`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72
- 影响版本: `v4.4.0, v4.4.1, v4.4.2, v4.4.3, v4.4.4, v4.4.5, v4.4.6, v5.0.0, v5.0.1, v5.0.2`
- 修复版本: `4.4.7, 5.0.7`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2020-5275
- https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2020-5275.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2020-5275.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5275.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ
- https://symfony.com/cve-2020-5275
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)

141
07-framework-security/frameworks/symfony/cases/symfony-cve-2021-21424.md 普通文件
查看文件

@@ -0,0 +1,141 @@
---
title: "Prevent user enumeration using Guard or the new Authenticator-based Security"
system_id: "symfony"
category: "frameworks"
advisory_mode: "core"
published_date: "2021-05-13T20:23:02Z"
updated_date: "2026-03-13T22:16:14.858636Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-symfony-2021-21424"
- "CVE-2021-21424"
- "GHSA-5pv8-ppvj-4h68"
affected_versions:
- "v2.8.0"
- "v2.8.1"
- "v2.8.10"
- "v2.8.11"
- "v2.8.12"
- "v2.8.13"
- "v2.8.14"
- "v2.8.15"
- "v2.8.16"
- "v2.8.17"
- "v2.8.18"
- "v2.8.19"
- "v2.8.2"
- "v2.8.20"
- "v2.8.21"
- "v2.8.22"
- "v2.8.23"
- "v2.8.24"
- "v2.8.25"
- "v2.8.26"
fixed_versions:
- "5.2.8"
- "3.4.48"
- "4.4.23"
- "2.10.7"
- "2.11.3"
- "1.29.2"
- "1.31.1"
- "3.4.49"
- "4.4.24"
- "5.2.9"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "path-traversal-guard"
primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68"
---
# Prevent user enumeration using Guard or the new Authenticator-based Security
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `symfony--CVE-2021-21424`
- 系统: `symfony`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
- 影响版本: `v2.8.0, v2.8.1, v2.8.10, v2.8.11, v2.8.12, v2.8.13, v2.8.14, v2.8.15, v2.8.16, v2.8.17`
- 修复版本: `5.2.8, 3.4.48, 4.4.23, 2.10.7, 2.11.3, 1.29.2, 1.31.1, 3.4.49, 4.4.24, 5.2.9`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-21424
- https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
- https://symfony.com/cve-2021-21424
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
- https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
- https://github.com/symfony/symfony
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)

113
07-framework-security/frameworks/symfony/cases/symfony-cve-2021-32693.md 普通文件
查看文件

@@ -0,0 +1,113 @@
---
title: "Authentication granted to all firewalls instead of just one"
system_id: "symfony"
category: "frameworks"
advisory_mode: "core"
published_date: "2021-06-21T17:03:44Z"
updated_date: "2026-03-13T22:01:16.333089Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-symfony-2021-32693"
- "CVE-2021-32693"
- "GHSA-rfcf-m67m-jcrq"
affected_versions:
- "v5.3.0"
- "v5.3.1"
- "introduced=5.3.0, fixed<5.3.2"
fixed_versions:
- "5.3.2"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "path-traversal-guard"
- "token-cookie-storage"
primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq"
---
# Authentication granted to all firewalls instead of just one
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `symfony--CVE-2021-32693`
- 系统: `symfony`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
- 影响版本: `v5.3.0, v5.3.1, introduced=5.3.0, fixed<5.3.2`
- 修复版本: `5.3.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-32693
- https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129
- https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-32693.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-32693.yaml
- https://github.com/symfony/security-http
- https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one
- https://symfony.com/cve-2021-32693
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

129
07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41267.md 普通文件
查看文件

@@ -0,0 +1,129 @@
---
title: "Webcache Poisoning in symfony/http-kernel"
system_id: "symfony"
category: "frameworks"
advisory_mode: "core"
published_date: "2021-11-24T20:04:25Z"
updated_date: "2026-03-13T22:00:11.423907Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-symfony-2021-41267"
- "CVE-2021-41267"
- "GHSA-q3j3-w37x-hq2q"
affected_versions:
- "v5.2.0"
- "v5.2.1"
- "v5.2.10"
- "v5.2.11"
- "v5.2.12"
- "v5.2.13"
- "v5.2.14"
- "v5.2.2"
- "v5.2.3"
- "v5.2.4"
- "v5.2.5"
- "v5.2.6"
- "v5.2.7"
- "v5.2.8"
- "v5.2.9"
- "v5.3.0"
- "v5.3.0-BETA1"
- "v5.3.0-BETA2"
- "v5.3.0-BETA3"
- "v5.3.0-BETA4"
fixed_versions:
- "5.3.12"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "path-traversal-guard"
- "proxy-trust-boundary"
primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q"
---
# Webcache Poisoning in symfony/http-kernel
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `symfony--CVE-2021-41267`
- 系统: `symfony`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
- 影响版本: `v5.2.0, v5.2.1, v5.2.10, v5.2.11, v5.2.12, v5.2.13, v5.2.14, v5.2.2, v5.2.3, v5.2.4`
- 修复版本: `5.3.12`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-41267
- https://github.com/symfony/symfony/pull/44243
- https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml
- https://github.com/symfony/symfony/releases/tag/v5.3.12
- https://symfony.com/cve-2021-41267
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

123
07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41268.md 普通文件
查看文件

@@ -0,0 +1,123 @@
---
title: "Cookie persistence after password changes in symfony/security-bundle"
system_id: "symfony"
category: "frameworks"
advisory_mode: "core"
published_date: "2021-11-24T20:05:22Z"
updated_date: "2026-03-13T22:14:23.582059Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-symfony-2021-41268"
- "CVE-2021-41268"
- "GHSA-qw36-p97w-vcqr"
affected_versions:
- "v5.3.0"
- "v5.3.11"
- "v5.3.2"
- "v5.3.3"
- "v5.3.4"
- "v5.3.7"
- "v5.3.8"
- "v5.3.1"
- "v5.3.10"
- "v5.3.5"
- "v5.3.6"
- "v5.3.9"
- "introduced=5.3.0, fixed<5.3.12"
fixed_versions:
- "5.3.12"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "path-traversal-guard"
- "token-cookie-storage"
primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr"
---
# Cookie persistence after password changes in symfony/security-bundle
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `symfony--CVE-2021-41268`
- 系统: `symfony`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
- 影响版本: `v5.3.0, v5.3.11, v5.3.2, v5.3.3, v5.3.4, v5.3.7, v5.3.8, v5.3.1, v5.3.10, v5.3.5`
- 修复版本: `5.3.12`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-41268
- https://github.com/symfony/symfony/pull/44243
- https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml
- https://github.com/symfony/symfony
- https://github.com/symfony/symfony/releases/tag/v5.3.12
- https://symfony.com/cve-2021-41268
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

126
07-framework-security/frameworks/symfony/cases/symfony-cve-2021-41270.md 普通文件
查看文件

@@ -0,0 +1,126 @@
---
title: "CSV Injection in symfony/serializer"
system_id: "symfony"
category: "frameworks"
advisory_mode: "core"
published_date: "2021-11-24T21:01:23Z"
updated_date: "2026-03-13T21:59:52.395727Z"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-symfony-2021-41270"
- "CVE-2021-41270"
- "GHSA-2xhg-w2g5-w95x"
affected_versions:
- "v5.0.0"
- "v5.0.1"
- "v5.0.10"
- "v5.0.11"
- "v5.0.2"
- "v5.0.3"
- "v5.0.4"
- "v5.0.5"
- "v5.0.6"
- "v5.0.7"
- "v5.0.8"
- "v5.0.9"
- "v5.1.0"
- "v5.1.0-BETA1"
- "v5.1.0-RC1"
- "v5.1.0-RC2"
- "v5.1.1"
- "v5.1.10"
- "v5.1.11"
- "v5.1.2"
fixed_versions:
- "5.3.12"
- "4.4.35"
secure_code_topics:
- "xss-output-encoding"
- "authz-server-side-recheck"
- "path-traversal-guard"
primary_source: "https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x"
---
# CSV Injection in symfony/serializer
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `symfony--CVE-2021-41270`
- 系统: `symfony`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x
- 影响版本: `v5.0.0, v5.0.1, v5.0.10, v5.0.11, v5.0.2, v5.0.3, v5.0.4, v5.0.5, v5.0.6, v5.0.7`
- 修复版本: `5.3.12, 4.4.35`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-41270
- https://github.com/symfony/symfony/pull/44243
- https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml
- https://github.com/symfony/symfony
- https://github.com/symfony/symfony/releases/tag/v5.3.12
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP
- https://symfony.com/cve-2021-41270
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)

3
07-framework-security/frameworks/undici/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:34:34+00:00`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -26,6 +26,7 @@
- `official` [GitHub Global Advisories](https://github.com/advisories) (ecosystem=npm; mode=core)
- `official` [OSV Undici](https://osv.dev/) (mode=core)
- `ecosystem-authority` [NVD Undici](https://nvd.nist.gov/vuln/search) (keyword=undici; mode=core)
## 案例列表

100
07-framework-security/frameworks/undici/cases/undici-cve-2022-31150.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "undici before v5.8.0 vulnerable to CRLF injection in request headers"
system_id: "undici"
category: "frameworks"
advisory_mode: "core"
published_date: "2022-07-21T20:30:10Z"
updated_date: "2023-11-08T04:09:27.728154Z"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2022-31150"
- "GHSA-3cvr-822r-rqcc"
affected_versions:
- "introduced=0, fixed<5.8.0"
fixed_versions:
- "5.8.0"
secure_code_topics:
- "ssrf-url-validation"
- "proxy-trust-boundary"
- "dependency-upgrade-policy"
primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc"
---
# undici before v5.8.0 vulnerable to CRLF injection in request headers
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `undici--CVE-2022-31150`
- 系统: `undici`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc
- 影响版本: `introduced=0, fixed<5.8.0`
- 修复版本: `5.8.0`
## 其他来源
- https://github.com/nodejs/undici/releases/tag/v5.8.0
- https://nvd.nist.gov/vuln/detail/CVE-2022-31150
- https://github.com/nodejs/undici/commit/a29a151d0140d095742d21a004023d024fe93259
- https://hackerone.com/reports/409943
- https://github.com/nodejs/undici
- https://security.netapp.com/advisory/ntap-20220915-0002
- https://security.netapp.com/advisory/ntap-20220915-0002/
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

某些文件未显示,因为此 diff 中更改的文件太多 显示更多