@blamejs/exceptd-skills 0.13.103 → 0.13.105

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.13.105 — 2026-05-26
+
+CVE catalog — H2O-3 ML platform unauthenticated control plane. Adds two huntr.dev / Protect AI flaws in H2O-3, the open-source ML/AutoML platform, both reachable without authentication. **CVE-2023-6016** (CWE-94, NVD CVSS 9.8 CRITICAL; huntr CNA 10.0) — the dashboard's POJO (Java) model-import feature compiles and runs the imported model code with no authentication, so importing a malicious model gives remote code execution. **CVE-2023-6038** (CWE-862, NVD CVSS 7.5 HIGH; huntr CNA 9.3) — the REST API's file-import path performs no authorization check, letting an unauthenticated attacker read arbitrary files on the host. H2O.ai documents H2O-3 as a trusted-environment product and ships no fix, so both are scored without patch credit and the only remediation is network isolation plus authenticated access control. CVE-2023-6016 reuses the untrusted-model-artifact control (NEW-CTRL-091) — a POJO model is executable code, the same class as the Keras / Hugging Face / NeMo / PyTorch entries — and CVE-2023-6038 reuses the AI-compute control-plane authentication control (NEW-CTRL-088) shared with the Ray entries. CVE count 386 → 388.
+
+## 0.13.104 — 2026-05-26
+
+CVE catalog — ClearML MLOps platform artifact trust. Adds two flaws in ClearML, the MLOps / experiment-tracking platform, where the client SDK mishandles content other collaborators uploaded (HiddenLayer disclosure). **CVE-2024-24590** (CWE-502, NVD CVSS 8.8 HIGH; HiddenLayer CNA 8.0) — the SDK reconstructs a stored artifact through an unsafe object-deserialization path on retrieval, so a maliciously uploaded artifact runs code on the retrieving user's system. **CVE-2024-24591** (CWE-22, NVD CVSS 8.8 HIGH; HiddenLayer CNA 8.0) — the SDK writes dataset entries without path containment, so a malicious dataset writes files to arbitrary locations (escalating to code execution by overwriting startup files). Neither has a fixed SDK version published in the advisory, so both are scored without patch credit and remediation is to retrieve artifacts/datasets only from trusted projects. Both map MITRE ATLAS AML.T0010 and ATT&CK T1204, and introduce NEW-CTRL-104: an MLOps platform must treat every uploaded artifact and dataset as untrusted — never auto-deserialize through an unsafe loader, and contain dataset extraction paths. CVE count 384 → 386.
+
 ## 0.13.103 — 2026-05-26
 
 CVE catalog — the same Langflow unauthenticated-RCE class, CISA KEV-listed on two different endpoints. Adds two unauthenticated remote-code-execution flaws in Langflow, the visual LLM app/agent builder, where a flow endpoint reaches a code-execution path without authentication — both actively exploited and in the CISA KEV catalog. **CVE-2025-3248** (CWE-94 / CWE-306, VulnCheck CNA CVSS 9.8 CRITICAL; KEV added 2025-05-05) — the `/api/v1/validate/code` endpoint runs attacker-supplied Python with no authentication. **CVE-2026-33017** (CWE-94 / CWE-95 / CWE-306, NVD CVSS 9.8; GitHub CNA CVSS v4.0 9.3; KEV added 2026-03-25) — after the first fix shipped in 1.3.0, the public flow-build endpoint still ran flow-supplied Python through an unsandboxed dynamic-evaluation path, so the same code-injection class was exploited and KEV-listed a second time; fixed in 1.9.0. Both score P1 (patch within 24h) under RWEP. They introduce NEW-CTRL-103: every LLM-app-builder flow validate/build/run endpoint must authenticate and sandbox submitted code, and a fix must cover the whole class of endpoints rather than the single reported route — the first Langflow fix closed one route but not the class. Upgrade Langflow to 1.9.0 or later. CVE count 383 → 384.

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-26T07:28:27.245Z",
+  "generated_at": "2026-05-26T08:18:31.425Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "ebe42e27d88b30dac251769378f4a92f4fa4b7b1fb88adf0f2ce0f4915b9c972",
-    "data/atlas-ttps.json": "92a9a33fbf7a40e97736aca401634a8e618767619130b0ec6a3186dd8b1207cc",
-    "data/attack-techniques.json": "5271b0c86554865b577ce8c046ab4babbc7c298f87c7420acb8256a3792a24e4",
-    "data/cve-catalog.json": "8c6ef17f03ba10d0bc1fc813681e533049e10024bf53db416568eb1b951763ea",
-    "data/cwe-catalog.json": "00fa19bc48839a21fe37a187420e9267716fc5b901d59555b869a71a9c44e8bc",
+    "manifest.json": "998bbbed9265b1421598713e0ffee3232c5fe25bbb6c400899b8dceb99e749d8",
+    "data/atlas-ttps.json": "3263b100824c69cabc2d13a6f643a7a28d8a58f8f7b787951d72473d7a617cfd",
+    "data/attack-techniques.json": "1caef2a1bccec4f8becf2011927a4720f2b7a16ee2d019f2ecad5e5ae6c5c093",
+    "data/cve-catalog.json": "4c54dfc23e191b8583b34885b6a067f1bbd5931dae800ed1b9b87b2bf32700ab",
+    "data/cwe-catalog.json": "33b0eba66adaa67fcb7e62f58608cd7c9627851cdc1b88b0b4e9ce83f8f408c9",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "2e3a467e2e41a2b037dc5451981510cb2098bc43422d41c507247fd8f9e78415",
+    "data/framework-control-gaps.json": "796ccb301ad9d9d3894807604c7f3a4f9e50e293c49af84ee4c59007997faaec",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
-    "data/zeroday-lessons.json": "03831561c960ee39be7c43bd2217012edbb45a3208442e966fcdaa1cd93af592",
+    "data/zeroday-lessons.json": "b945976846cf63ffc77a12331e9f89eb933325aeea191140c37518bce9f603a0",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
     "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 373,
+    "chains_cve_entries": 377,
     "chains_cwe_entries": 171,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -149,7 +149,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 384
+      "entry_count": 388
     },
     {
       "date": "2026-05-18",
@@ -165,7 +165,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 379
+      "entry_count": 383
     },
     {
       "date": "2026-05-17",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 384,
+      "entry_count": 388,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 379,
+      "entry_count": 383,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",