@blamejs/exceptd-skills 0.13.102 → 0.13.103

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1667 -896
  6. package/data/atlas-ttps.json +2 -0
  7. package/data/attack-techniques.json +5 -0
  8. package/data/cve-catalog.json +223 -98
  9. package/data/cwe-catalog.json +2 -0
  10. package/data/framework-control-gaps.json +25 -6
  11. package/data/zeroday-lessons.json +100 -32
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.13.103 — 2026-05-26
4
+
5
+ CVE catalog — the same Langflow unauthenticated-RCE class, CISA KEV-listed on two different endpoints. Adds two unauthenticated remote-code-execution flaws in Langflow, the visual LLM app/agent builder, where a flow endpoint reaches a code-execution path without authentication — both actively exploited and in the CISA KEV catalog. **CVE-2025-3248** (CWE-94 / CWE-306, VulnCheck CNA CVSS 9.8 CRITICAL; KEV added 2025-05-05) — the `/api/v1/validate/code` endpoint runs attacker-supplied Python with no authentication. **CVE-2026-33017** (CWE-94 / CWE-95 / CWE-306, NVD CVSS 9.8; GitHub CNA CVSS v4.0 9.3; KEV added 2026-03-25) — after the first fix shipped in 1.3.0, the public flow-build endpoint still ran flow-supplied Python through an unsandboxed dynamic-evaluation path, so the same code-injection class was exploited and KEV-listed a second time; fixed in 1.9.0. Both score P1 (patch within 24h) under RWEP. They introduce NEW-CTRL-103: every LLM-app-builder flow validate/build/run endpoint must authenticate and sandbox submitted code, and a fix must cover the whole class of endpoints rather than the single reported route — the first Langflow fix closed one route but not the class. Upgrade Langflow to 1.9.0 or later. CVE count 383 → 384.
6
+
3
7
  ## 0.13.102 — 2026-05-25
4
8
 
5
9
  CVE catalog — prompt injection to code execution in natural-language data-analysis agents. Adds two flaws in agents whose purpose is to turn a natural-language question into code that the framework then runs, so prompt injection is the exploit primitive. **CVE-2024-5565** (Vanna.AI, CWE-94 / CWE-77, JFrog CNA CVSS 8.1 HIGH; GitHub advisory 9.2; NVD unscored) — the text-to-SQL `ask` method runs LLM-generated Python to build a Plotly visualization (default-on), so an injected question executes arbitrary Python on the host. **CVE-2024-12366** (PandasAI, CWE-94, CISA-ADP CVSS 9.8 CRITICAL; NVD unscored) — the `chat` interface runs LLM-generated Python against DataFrames without separating analytical input from injected instructions, giving unauthenticated RCE / sandbox escape. Neither has a fixed release, so both are scored without patch credit and remediation is sandboxing the code-execution path; both map MITRE ATLAS AML.T0051 (LLM Prompt Injection) and ATT&CK T1059.006, and introduce a control (NEW-CTRL-102) requiring NL-to-code/SQL agents to treat the question and analyzed data as untrusted and never run model-generated code with host privileges. CVE count 381 → 383.
package/data/_indexes/_meta.json CHANGED
@@ -1,21 +1,21 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-26T06:46:06.333Z",
3
+ "generated_at": "2026-05-26T07:28:27.245Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 54,
6
6
  "source_hashes": {
7
- "manifest.json": "94703e7d93b8acb54cc44ea919df56dc5d2dd47d8741a775cd2879f8485decc1",
8
- "data/atlas-ttps.json": "95682d60e815e4cce2ba2e973b7f47b4f1d11d0bbdcb1ef720f2ca5947dc5ba8",
9
- "data/attack-techniques.json": "452a40aa2876ccc28791f3b643e018c38c72167a91e2a4123ecda2d7b6a4f6bb",
10
- "data/cve-catalog.json": "16f203c85ed6a003b9bac9543b041d67d4bfcc7ea19c1239651101b08411c1a8",
11
- "data/cwe-catalog.json": "97033c785065cf314a64f0c614f0e86dbfd53be466c5580a53d36bc6a099c3e2",
7
+ "manifest.json": "ebe42e27d88b30dac251769378f4a92f4fa4b7b1fb88adf0f2ce0f4915b9c972",
8
+ "data/atlas-ttps.json": "92a9a33fbf7a40e97736aca401634a8e618767619130b0ec6a3186dd8b1207cc",
9
+ "data/attack-techniques.json": "5271b0c86554865b577ce8c046ab4babbc7c298f87c7420acb8256a3792a24e4",
10
+ "data/cve-catalog.json": "8c6ef17f03ba10d0bc1fc813681e533049e10024bf53db416568eb1b951763ea",
11
+ "data/cwe-catalog.json": "00fa19bc48839a21fe37a187420e9267716fc5b901d59555b869a71a9c44e8bc",
12
12
  "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
13
13
  "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
14
14
  "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
15
- "data/framework-control-gaps.json": "841949de4006de3b72c0a1d56850c10c124293197a8f9c9ce4cbdb61545df9e3",
15
+ "data/framework-control-gaps.json": "2e3a467e2e41a2b037dc5451981510cb2098bc43422d41c507247fd8f9e78415",
16
16
  "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
17
17
  "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
18
- "data/zeroday-lessons.json": "fe65f9fafddb07614eb5c520b899a1b44d620b4be982c088362a1d4f45ce6588",
18
+ "data/zeroday-lessons.json": "03831561c960ee39be7c43bd2217012edbb45a3208442e966fcdaa1cd93af592",
19
19
  "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
20
20
  "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
21
21
  "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
72
72
  "dlp_refs": 0
73
73
  },
74
74
  "trigger_table_entries": 538,
75
- "chains_cve_entries": 372,
75
+ "chains_cve_entries": 373,
76
76
  "chains_cwe_entries": 171,
77
77
  "jurisdictions_indexed": 29,
78
78
  "handoff_dag_nodes": 42,
package/data/_indexes/activity-feed.json CHANGED
@@ -149,7 +149,7 @@
149
149
  "artifact": "data/cve-catalog.json",
150
150
  "path": "data/cve-catalog.json",
151
151
  "schema_version": "1.0.0",
152
- "entry_count": 383
152
+ "entry_count": 384
153
153
  },
154
154
  {
155
155
  "date": "2026-05-18",
@@ -165,7 +165,7 @@
165
165
  "artifact": "data/zeroday-lessons.json",
166
166
  "path": "data/zeroday-lessons.json",
167
167
  "schema_version": "1.1.0",
168
- "entry_count": 378
168
+ "entry_count": 379
169
169
  },
170
170
  {
171
171
  "date": "2026-05-17",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 383,
65
+ "entry_count": 384,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 378,
241
+ "entry_count": 379,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",