@blamejs/exceptd-skills 0.13.100 → 0.13.102
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1667 -1
- package/data/atlas-ttps.json +12 -3
- package/data/attack-techniques.json +7 -0
- package/data/cve-catalog.json +427 -1
- package/data/cwe-catalog.json +5 -0
- package/data/framework-control-gaps.json +40 -2
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.13.102 — 2026-05-25
|
|
4
|
+
|
|
5
|
+
CVE catalog — prompt injection to code execution in natural-language data-analysis agents. Adds two flaws in agents whose purpose is to turn a natural-language question into code that the framework then runs, so prompt injection is the exploit primitive. **CVE-2024-5565** (Vanna.AI, CWE-94 / CWE-77, JFrog CNA CVSS 8.1 HIGH; GitHub advisory 9.2; NVD unscored) — the text-to-SQL `ask` method runs LLM-generated Python to build a Plotly visualization (default-on), so an injected question executes arbitrary Python on the host. **CVE-2024-12366** (PandasAI, CWE-94, CISA-ADP CVSS 9.8 CRITICAL; NVD unscored) — the `chat` interface runs LLM-generated Python against DataFrames without separating analytical input from injected instructions, giving unauthenticated RCE / sandbox escape. Neither has a fixed release, so both are scored without patch credit and remediation is sandboxing the code-execution path; both map MITRE ATLAS AML.T0051 (LLM Prompt Injection) and ATT&CK T1059.006, and introduce a control (NEW-CTRL-102) requiring NL-to-code/SQL agents to treat the question and analyzed data as untrusted and never run model-generated code with host privileges. CVE count 381 → 383.
|
|
6
|
+
|
|
7
|
+
## 0.13.101 — 2026-05-25
|
|
8
|
+
|
|
9
|
+
CVE catalog — vector-database RCE and backup path traversal. Adds two more flaws in the RAG persistence layer. **CVE-2026-45829** (ChromaDB "ChromaToast", CWE-94, CNA CVSS v4.0 10.0 CRITICAL; NVD unscored) — ChromaDB's Python FastAPI server processes a caller-supplied embedding-function config (a model repo with `trust_remote_code=true`) on the collections endpoint *before* authenticating, giving unauthenticated remote code execution; no fixed Python release is published, so mitigation is network isolation, the Rust `chroma run` / official Docker deployment, and disabling remote model loading. **CVE-2025-67818** (Weaviate, CWE-22, NIST CVSS 7.2) — backup restore does not constrain entry paths, so a write-capable attacker uses absolute / `../` paths (ZipSlip) to create or overwrite arbitrary host files; fixed in 1.33.4. Both map MITRE ATLAS AML.T0049 and ATT&CK T1190; ChromaDB reuses the vector-DB authentication control (NEW-CTRL-101) shared with Milvus, and Weaviate reuses the path-traversal control (NEW-CTRL-094) shared with the Ollama / AnythingLLM entries. The unpatched pre-auth RCE scores well above the patched path-traversal flaw under RWEP. CVE count 379 → 381.
|
|
10
|
+
|
|
3
11
|
## 0.13.100 — 2026-05-25
|
|
4
12
|
|
|
5
13
|
CVE catalog — PyTorch torch.load RCE despite weights_only=True. Adds **CVE-2025-32434** (CWE-502, NIST CVSS 9.8 CRITICAL): PyTorch's `torch.load` executes attacker code from a crafted checkpoint even when called with `weights_only=True` — the setting the ecosystem recommended as the safe way to load untrusted models — so pipelines that followed that guidance on ≤ 2.5.1 remain vulnerable; fixed in 2.6.0. Maps MITRE ATLAS AML.T0010 / AML.T0011 / AML.T0011.000 and ATT&CK T1204 / T1059 / T1195.002, and reuses the untrusted-model-artifact control (NEW-CTRL-091) shared with the Keras, Hugging Face Transformers, and NeMo entries — a model checkpoint is executable code regardless of "safe" load flags. CVE count 378 → 379.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-26T06:46:06.333Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
8
|
-
"data/atlas-ttps.json": "
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
11
|
-
"data/cwe-catalog.json": "
|
|
7
|
+
"manifest.json": "94703e7d93b8acb54cc44ea919df56dc5d2dd47d8741a775cd2879f8485decc1",
|
|
8
|
+
"data/atlas-ttps.json": "95682d60e815e4cce2ba2e973b7f47b4f1d11d0bbdcb1ef720f2ca5947dc5ba8",
|
|
9
|
+
"data/attack-techniques.json": "452a40aa2876ccc28791f3b643e018c38c72167a91e2a4123ecda2d7b6a4f6bb",
|
|
10
|
+
"data/cve-catalog.json": "16f203c85ed6a003b9bac9543b041d67d4bfcc7ea19c1239651101b08411c1a8",
|
|
11
|
+
"data/cwe-catalog.json": "97033c785065cf314a64f0c614f0e86dbfd53be466c5580a53d36bc6a099c3e2",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
14
14
|
"data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
|
|
15
|
-
"data/framework-control-gaps.json": "
|
|
15
|
+
"data/framework-control-gaps.json": "841949de4006de3b72c0a1d56850c10c124293197a8f9c9ce4cbdb61545df9e3",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "fe65f9fafddb07614eb5c520b899a1b44d620b4be982c088362a1d4f45ce6588",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
|
|
@@ -72,7 +72,7 @@
|
|
|
72
72
|
"dlp_refs": 0
|
|
73
73
|
},
|
|
74
74
|
"trigger_table_entries": 538,
|
|
75
|
-
"chains_cve_entries":
|
|
75
|
+
"chains_cve_entries": 372,
|
|
76
76
|
"chains_cwe_entries": 171,
|
|
77
77
|
"jurisdictions_indexed": 29,
|
|
78
78
|
"handoff_dag_nodes": 42,
|
|
@@ -149,7 +149,7 @@
|
|
|
149
149
|
"artifact": "data/cve-catalog.json",
|
|
150
150
|
"path": "data/cve-catalog.json",
|
|
151
151
|
"schema_version": "1.0.0",
|
|
152
|
-
"entry_count":
|
|
152
|
+
"entry_count": 383
|
|
153
153
|
},
|
|
154
154
|
{
|
|
155
155
|
"date": "2026-05-18",
|
|
@@ -165,7 +165,7 @@
|
|
|
165
165
|
"artifact": "data/zeroday-lessons.json",
|
|
166
166
|
"path": "data/zeroday-lessons.json",
|
|
167
167
|
"schema_version": "1.1.0",
|
|
168
|
-
"entry_count":
|
|
168
|
+
"entry_count": 378
|
|
169
169
|
},
|
|
170
170
|
{
|
|
171
171
|
"date": "2026-05-17",
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
"rebuild_after_days": 365,
|
|
63
63
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
64
64
|
},
|
|
65
|
-
"entry_count":
|
|
65
|
+
"entry_count": 383,
|
|
66
66
|
"sample_keys": [
|
|
67
67
|
"CVE-2025-53773",
|
|
68
68
|
"CVE-2026-30615",
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
"rebuild_after_days": 365,
|
|
239
239
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
240
240
|
},
|
|
241
|
-
"entry_count":
|
|
241
|
+
"entry_count": 378,
|
|
242
242
|
"sample_keys": [
|
|
243
243
|
"CVE-2026-31431",
|
|
244
244
|
"CVE-2025-53773",
|