运行 nextjs-nextjs--CVE-2024-51479-20260318012913

漏洞条目
nextjs--CVE-2024-51479

实证状态
verified-real

复现 Profile
nextjs-authz-bypass

Artifact 模式
local-fixture

Mermaid 时间线

flowchart LR
A["选择 Advisory"] --> B["解析 Repro Profile"]
B --> C["生成 Compose 环境"]
C --> D["采集基线快照"]
D --> E["执行受控攻击步骤"]
E --> F["浏览器回放验证"]
F --> G["收集日志与证据"]
G --> H["回写 Registry 与报告"]

运行时间线

时间	步骤	状态	说明
`2026-03-18T01:29:13+00:00`	`select-advisory`	`completed`	nextjs--CVE-2024-51479
`2026-03-18T01:29:13+00:00`	`resolve-repro-profile`	`completed`	nextjs-authz-bypass
`2026-03-18T01:29:13+00:00`	`doctor`	`completed`	all checks passed
`2026-03-18T01:29:16+00:00`	`provision-compose-environment`	`ready`	-
`2026-03-18T01:29:16+00:00`	`wait-ready`	`completed`	baseline urls ready (1)
`2026-03-18T01:29:16+00:00`	`seed-environment`	`completed`	steps=1
`2026-03-18T01:29:16+00:00`	`baseline-snapshot`	`completed`	urls=1
`2026-03-18T01:29:16+00:00`	`controlled-attack-chain`	`completed`	steps=1
`2026-03-18T01:29:16+00:00`	`collect-logs-and-evidence`	`completed`	container_logs=1
`2026-03-18T01:29:17+00:00`	`cleanup-compose-environment`	`completed`	docker compose down completed
`2026-03-18T01:29:17+00:00`	`update-registry-and-reports`	`completed`	nextjs-nextjs--CVE-2024-51479-20260318012913

攻击步骤

工具	状态	输出
`nextjs.authz-bypass`	`completed`	`/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json`

证据清单

compose/compose.yaml
logs/docker/app.log
logs/attack.json
logs/baseline.json