运行 undici-undici--CVE-2024-30261-20260318040251

漏洞条目
undici--CVE-2024-30261

实证状态
verified-real

复现 Profile
undici-ssrf

Artifact 模式
local-fixture

Mermaid 时间线

flowchart LR
A["选择 Advisory"] --> B["解析 Repro Profile"]
B --> C["生成 Compose 环境"]
C --> D["采集基线快照"]
D --> E["执行受控攻击步骤"]
E --> F["浏览器回放验证"]
F --> G["收集日志与证据"]
G --> H["回写 Registry 与报告"]

运行时间线

时间	步骤	状态	说明
`2026-03-18T04:02:51+00:00`	`select-advisory`	`completed`	undici--CVE-2024-30261
`2026-03-18T04:02:51+00:00`	`resolve-repro-profile`	`completed`	undici-ssrf
`2026-03-18T04:02:51+00:00`	`doctor`	`completed`	all checks passed
`2026-03-18T04:02:54+00:00`	`provision-compose-environment`	`ready`	-
`2026-03-18T04:02:54+00:00`	`wait-ready`	`completed`	baseline urls ready (1)
`2026-03-18T04:02:54+00:00`	`seed-environment`	`completed`	steps=1
`2026-03-18T04:02:54+00:00`	`baseline-snapshot`	`completed`	urls=1
`2026-03-18T04:02:54+00:00`	`controlled-attack-chain`	`completed`	steps=1
`2026-03-18T04:02:54+00:00`	`collect-logs-and-evidence`	`completed`	container_logs=1
`2026-03-18T04:02:56+00:00`	`cleanup-compose-environment`	`completed`	docker compose down completed
`2026-03-18T04:02:56+00:00`	`update-registry-and-reports`	`completed`	undici-undici--CVE-2024-30261-20260318040251

攻击步骤

工具	状态	输出
`undici.ssrf`	`completed`	`/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/attack.json`

证据清单

compose/compose.yaml
logs/docker/app.log
logs/attack.json
logs/baseline.json