@blamejs/exceptd-skills 0.13.107 → 0.13.109
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +940 -0
- package/data/atlas-ttps.json +4 -0
- package/data/attack-techniques.json +12 -1
- package/data/cve-catalog.json +414 -1
- package/data/cwe-catalog.json +4 -0
- package/data/framework-control-gaps.json +37 -1
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.13.109 — 2026-05-26
|
|
4
|
+
|
|
5
|
+
CVE catalog — Label Studio privilege-escalation chain. Adds the two flaws that chain into full account takeover of Label Studio, the data-labeling platform used in ML pipelines, both sensitive-information exposure (CWE-200). **CVE-2023-47117** (NVD/GitHub CNA CVSS 7.5 HIGH) — the task-filter feature passes user input into a Django ORM query without restricting referenced fields, leaking password hashes and tokens from all accounts; fixed in 1.9.2post0. **CVE-2023-43791** (NVD CVSS 8.8 HIGH; GitHub CNA 9.8 CRITICAL) — exposed information, chained with that ORM leak, lets an attacker impersonate any account and escalate from a low-privilege user to a Django super administrator; fixed in 1.8.2. Both are patched and introduce NEW-CTRL-106: an ML data-platform API must enforce object-level authorization on every read and never expose secrets, tokens, or password hashes through serializers or user-controlled filters — use field allowlists, scope queries to the caller, and store credentials so a read leak is not directly replayable. CVE count 394 → 396.
|
|
6
|
+
|
|
7
|
+
## 0.13.108 — 2026-05-26
|
|
8
|
+
|
|
9
|
+
CVE catalog — Label Studio data-pipeline SSRF. Adds two server-side request forgery flaws in Label Studio, the data-labeling / annotation platform used in ML pipelines, where the server fetches caller-supplied URLs without validating the destination. **CVE-2025-25297** (CWE-918, NVD CVSS 7.7 HIGH; GitHub CNA 8.6) — the S3 storage feature accepts a custom endpoint URL without validation, so an attacker reaches internal services or cloud metadata via the server; fixed in 1.16.0. **CVE-2022-36551** (CWE-918, NIST CVSS 6.5 MEDIUM) — the Data Import module fetches a user-supplied URL with no restriction and self-registration is on by default, so any remote attacker reads arbitrary files or reaches internal services; fixed in 1.6.0. Both are patched and introduce NEW-CTRL-105: an ML data-pipeline platform's import/storage URL fetches must validate and allowlist destinations (block private, link-local, and cloud-metadata addresses and `file://` schemes) and restrict who can configure them. CVE count 392 → 394.
|
|
10
|
+
|
|
3
11
|
## 0.13.107 — 2026-05-26
|
|
4
12
|
|
|
5
13
|
CVE catalog — MLflow model-artifact deserialization (a model is executable code). Adds two of the Protect AI / HiddenLayer MLflow model-flavor deserialization flaws, where loading a stored artifact runs arbitrary code. **CVE-2024-37052** (CWE-502, HiddenLayer CNA CVSS 8.8 HIGH; NVD unscored) — a maliciously crafted scikit-learn model in MLflow runs code when a user loads it. **CVE-2024-37060** (CWE-502, HiddenLayer CNA CVSS 8.8 HIGH; NVD unscored) — a maliciously crafted MLflow Recipe runs code when executed. Both affect MLflow up to 2.14.1 and have no patched version — loading an untrusted model artifact is inherently code execution — so they are scored without patch credit and the control is provenance verification plus sandboxed loading. Both map MITRE ATLAS AML.T0011.000 (unsafe AI artifacts) and ATT&CK T1204, and reuse the untrusted-model-artifact control (NEW-CTRL-091) shared with the Keras / Hugging Face / NeMo / PyTorch / H2O entries — a model artifact is executable code regardless of platform. CVE count 390 → 392.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-26T09:
|
|
3
|
+
"generated_at": "2026-05-26T09:53:44.412Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
8
|
-
"data/atlas-ttps.json": "
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
11
|
-
"data/cwe-catalog.json": "
|
|
7
|
+
"manifest.json": "1a8a81f28111b950c2c6768ffbdf2cc5347263061bd61c35bfe6c9fb03985dfe",
|
|
8
|
+
"data/atlas-ttps.json": "beb3057e6ba28c7e7fa62788b83ea3c72d3c47ab0e8b33a4bd2250b35a7b2b12",
|
|
9
|
+
"data/attack-techniques.json": "ee3dd7b19e05f3ef867bb4b00792e8793fc3c7fab6034a0fe4a5b501c87bb91a",
|
|
10
|
+
"data/cve-catalog.json": "d98e808aac6dcfb7ac2bf77bc01f0c33780d91510e80a6ca945472e196af8378",
|
|
11
|
+
"data/cwe-catalog.json": "b219f6ccbc5d92c2c8033dafc916624ed4a34d14bf3755302b8116cebd6bfeac",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
14
14
|
"data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
|
|
15
|
-
"data/framework-control-gaps.json": "
|
|
15
|
+
"data/framework-control-gaps.json": "ee4da3f308200694a9d7d0d3f7897f6331749157c44949526935deeefef64ad1",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "7d3d9c5af927f8ed35d89cb4f5aea28b9dc7dadc79a0af90520994c344505c85",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
|
|
@@ -72,7 +72,7 @@
|
|
|
72
72
|
"dlp_refs": 0
|
|
73
73
|
},
|
|
74
74
|
"trigger_table_entries": 538,
|
|
75
|
-
"chains_cve_entries":
|
|
75
|
+
"chains_cve_entries": 385,
|
|
76
76
|
"chains_cwe_entries": 171,
|
|
77
77
|
"jurisdictions_indexed": 29,
|
|
78
78
|
"handoff_dag_nodes": 42,
|
|
@@ -149,7 +149,7 @@
|
|
|
149
149
|
"artifact": "data/cve-catalog.json",
|
|
150
150
|
"path": "data/cve-catalog.json",
|
|
151
151
|
"schema_version": "1.0.0",
|
|
152
|
-
"entry_count":
|
|
152
|
+
"entry_count": 396
|
|
153
153
|
},
|
|
154
154
|
{
|
|
155
155
|
"date": "2026-05-18",
|
|
@@ -165,7 +165,7 @@
|
|
|
165
165
|
"artifact": "data/zeroday-lessons.json",
|
|
166
166
|
"path": "data/zeroday-lessons.json",
|
|
167
167
|
"schema_version": "1.1.0",
|
|
168
|
-
"entry_count":
|
|
168
|
+
"entry_count": 391
|
|
169
169
|
},
|
|
170
170
|
{
|
|
171
171
|
"date": "2026-05-17",
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
"rebuild_after_days": 365,
|
|
63
63
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
64
64
|
},
|
|
65
|
-
"entry_count":
|
|
65
|
+
"entry_count": 396,
|
|
66
66
|
"sample_keys": [
|
|
67
67
|
"CVE-2025-53773",
|
|
68
68
|
"CVE-2026-30615",
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
"rebuild_after_days": 365,
|
|
239
239
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
240
240
|
},
|
|
241
|
-
"entry_count":
|
|
241
|
+
"entry_count": 391,
|
|
242
242
|
"sample_keys": [
|
|
243
243
|
"CVE-2026-31431",
|
|
244
244
|
"CVE-2025-53773",
|