hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
a3edc888346536acfe693aff55035bbcf53cf09e
websafe-kb/08-threat-intel/generated/dashboard/runs.json

3508 行
126 KiB
JSON
原始文件 Blame 文件历史

[
{
"run_id": "nextjs-nextjs--CVE-2024-51479-20260318012913",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2024-51479",
"repro_profile_id": "nextjs-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:29:13+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2024-51479"
},
{
"at": "2026-03-18T01:29:13+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-authz-bypass"
},
{
"at": "2026-03-18T01:29:13+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:29:17+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:29:17+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2024-51479-20260318012913"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:29:13+00:00",
"finished_at": "2026-03-18T01:29:17+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/run.json"
},
"browser_links": [],
"container_links": [
"/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
],
"advisory_meta": {
"canonical_id": "nextjs--CVE-2024-51479",
"title": "Next.js authorization bypass vulnerability",
"summary": "### Impact\nIf a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.\n\n### Patches\nThis issue was patched in Next.js `14.2.15` and later.\n\nIf your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version.\n\n### Workarounds\nThere are no official workarounds for this vulnerability.\n\n#### Credits\nWe'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2024-12-17T15:09:06Z",
"updated_at": "2025-09-10T21:12:24Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
"https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v14.2.15"
],
"aliases": [
"CVE-2024-51479",
"GHSA-7gfc-8cq8-jh5f"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"profile_meta": {
"profile_id": "nextjs-authz-bypass",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Protected route is reachable only after the controlled bypass proof step."
],
"seed_actions": [
{
"kind": "note",
"message": "Seed guest/admin route fixture for server-side recheck."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local authz bypass proof only."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"### Impact\nIf a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.\n\n### Patches\nThis issue was patched in Next.js `14.2.15` and later.\n\nIf your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version.\n\n### Workarounds\nThere are no official workarounds for this vulnerability.\n\n#### Credits\nWe'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.",
"Seed guest/admin route fixture for server-side recheck.",
"Runner performs local authz bypass proof only.",
"Protected route is reachable only after the controlled bypass proof step."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2020-15242-20260318012830",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2020-15242",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:28:30+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2020-15242"
},
{
"at": "2026-03-18T01:28:30+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T01:28:31+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:35+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:35+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:28:37+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:28:37+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2020-15242-20260318012830"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:28:30+00:00",
"finished_at": "2026-03-18T01:28:37+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-28378-20260318012813",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-28378",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:28:13+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-28378"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:28:17+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:17+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:18+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:18+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:28:19+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:28:19+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-28378-20260318012813"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:28:13+00:00",
"finished_at": "2026-03-18T01:28:19+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"seed_actions": [
{
"kind": "note",
"message": "Seed stored content page before browser proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner stores inert script payload and captures proof page."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed stored content page before browser proof capture.",
"Runner stores inert script payload and captures proof page.",
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2020-13246-20260318012806",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2020-13246",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:28:06+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2020-13246"
},
{
"at": "2026-03-18T01:28:06+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T01:28:07+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:11+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:11+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2020-13246-20260318012806"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:28:06+00:00",
"finished_at": "2026-03-18T01:28:13+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html",
"report_md": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md",
"timeline": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2018-15192-20260318012749",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-15192",
"repro_profile_id": "gitea-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:27:49+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-15192"
},
{
"at": "2026-03-18T01:27:49+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-ssrf"
},
{
"at": "2026-03-18T01:27:49+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:27:54+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:27:54+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-15192-20260318012749"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:27:49+00:00",
"finished_at": "2026-03-18T01:27:54+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html",
"report_md": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md",
"timeline": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/run.json"
},
"browser_links": [],
"container_links": [
"/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
"/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Server-side callback reaches the local sink and is recorded in proof output."
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink counters only."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner triggers callback strictly to local sink endpoint."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink counters only.",
"Runner triggers callback strictly to local sink endpoint.",
"Server-side callback reaches the local sink and is recorded in proof output."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68940-20260318012708",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68940",
"repro_profile_id": "gitea-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:27:08+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68940"
},
{
"at": "2026-03-18T01:27:08+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-authz-bypass"
},
{
"at": "2026-03-18T01:27:08+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:27:12+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:27:12+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68940-20260318012708"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:27:08+00:00",
"finished_at": "2026-03-18T01:27:12+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/run.json"
},
"browser_links": [],
"container_links": [
"/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-authz-bypass",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Controlled guest request reaches the protected admin route inside the fixture."
],
"seed_actions": [
{
"kind": "note",
"message": "Seed low-privilege and admin boundary fixture state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner verifies guest-to-admin bypass only inside fixture route."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed low-privilege and admin boundary fixture state.",
"Runner verifies guest-to-admin bypass only inside fixture route.",
"Controlled guest request reaches the protected admin route inside the fixture."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2019-1010261-20260318012624",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2019-1010261",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:26:24+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2019-1010261"
},
{
"at": "2026-03-18T01:26:24+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T01:26:24+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:26:28+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:26:28+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:26:29+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:26:29+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:26:30+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:26:30+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2019-1010261-20260318012624"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:26:24+00:00",
"finished_at": "2026-03-18T01:26:30+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html",
"report_md": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md",
"timeline": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"seed_actions": [
{
"kind": "note",
"message": "Seed stored content page before browser proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner stores inert script payload and captures proof page."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed stored content page before browser proof capture.",
"Runner stores inert script payload and captures proof page.",
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2018-18926-20260318012526",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-18926",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:25:26+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-18926"
},
{
"at": "2026-03-18T01:25:26+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T01:25:27+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:25:41+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:25:43+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:25:43+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:25:45+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:25:45+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-18926-20260318012526"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:25:26+00:00",
"finished_at": "2026-03-18T01:25:45+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html",
"report_md": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md",
"timeline": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-livecheck-20260316",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68939",
"repro_profile_id": "file-upload-generic",
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [],
"attack_steps": [],
"browser_refs": [],
"browser_evidence": {
"required": true,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null
},
"container_log_refs": [],
"request_log_refs": [],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-17T07:02:55+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68939"
},
{
"at": "2026-03-17T07:02:55+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "file-upload-generic"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "provision-compose-environment",
"status": "blocked-artifact",
"detail": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "baseline-snapshot",
"status": "skipped",
"detail": "no baseline urls or provisioning blocked"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "browser-replay-before-attack",
"status": "skipped",
"detail": "baseline browser capture unavailable"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "controlled-attack-chain",
"status": "skipped",
"detail": "provisioning blocked"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "browser-replay-after-attack",
"status": "skipped",
"detail": "proof browser capture unavailable"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "collect-logs-and-evidence",
"status": "skipped",
"detail": "container_logs=0"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-livecheck-20260316"
}
],
"started_at": "2026-03-17T07:02:55+00:00",
"finished_at": "2026-03-17T07:02:56+00:00",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-livecheck-20260316/report.html",
"report_md": "/runs/gitea-livecheck-20260316/report.md",
"timeline": "/runs/gitea-livecheck-20260316/timeline.mmd",
"bundle": "/runs/gitea-livecheck-20260316/run.json"
},
"browser_links": [],
"container_links": [],
"request_links": [],
"advisory_meta": {},
"profile_meta": {
"profile_id": "file-upload-generic",
"vuln_family": "file-upload",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Upload acceptance or bypass path is demonstrated with reversible test artifacts."
],
"seed_actions": [
{
"kind": "note",
"message": "Use inert marker files and non-executable payloads by default."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Validate extension, storage path, and preview behavior using inert files."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Use inert marker files and non-executable payloads by default.",
"Validate extension, storage path, and preview behavior using inert files.",
"Upload acceptance or bypass path is demonstrated with reversible test artifacts."
],
"progress": {
"completed": 3,
"skipped": 5,
"failed": 0,
"blocked": 1,
"planned": 0,
"other": 0
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-livecheck-20260316/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-livecheck-20260316/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-livecheck-20260316/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-livecheck-20260316/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-livecheck-20260316/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68939",
"repro_profile_id": "file-upload-generic",
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [],
"attack_steps": [],
"browser_refs": [],
"container_log_refs": [],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json"
],
"timeline": [],
"started_at": "2026-03-17T06:33:30+00:00",
"finished_at": "2026-03-17T06:33:30+00:00",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/run.json"
},
"browser_evidence": {
"required": true,
"present": false,
"refs": []
},
"browser_links": [],
"container_links": [],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "file-upload-generic",
"vuln_family": "file-upload",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Upload acceptance or bypass path is demonstrated with reversible test artifacts."
],
"seed_actions": [
{
"kind": "note",
"message": "Use inert marker files and non-executable payloads by default."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Validate extension, storage path, and preview behavior using inert files."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Use inert marker files and non-executable payloads by default.",
"Validate extension, storage path, and preview behavior using inert files.",
"Upload acceptance or bypass path is demonstrated with reversible test artifacts."
],
"progress": {
"completed": 0,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 0
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 2,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
"label": "attack.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-29927",
"repro_profile_id": "authz-bypass-generic",
"verification_status": "triage-manual",
"verification_mode": "real",
"artifact_mode": "official-source",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
],
"attack_steps": [
{
"kind": "note",
"tool": null,
"args": [],
"status": "planned"
}
],
"browser_refs": [],
"container_log_refs": [],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
],
"timeline": [],
"started_at": "2026-03-17T06:30:47+00:00",
"finished_at": "2026-03-17T06:30:47+00:00",
"blocked_reason": "dry-run only",
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/run.json"
},
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"browser_links": [],
"container_links": [],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "authz-bypass-generic",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Protected route or action is evaluated with controlled credentials and logged."
],
"seed_actions": [
{
"kind": "note",
"message": "Create low-privilege and admin test users for server-side recheck validation."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Use minimal authorization bypass probes defined by case-specific runner or manual session tooling."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Create low-privilege and admin test users for server-side recheck validation.",
"Use minimal authorization bypass probes defined by case-specific runner or manual session tooling.",
"Protected route or action is evaluated with controlled credentials and logged."
],
"progress": {
"completed": 0,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 0
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
}
]
在新工单中引用 查看 Git Blame 复制永久链接