@blamejs/exceptd-skills 0.13.108 → 0.13.109

package/data/cve-catalog.json

@@ -17090,6 +17090,213 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "Label Studio's Data Import fetches user-supplied URLs without restriction (self-registration on by default), letting a remote attacker read files / reach internal services via the server (CWE-918 SSRF); fixed in 1.6.0."
   },
+  "CVE-2023-47117": {
+    "name": "Label Studio ORM Filter Manipulation Sensitive-Field Disclosure",
+    "type": "Information Disclosure",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+    "cvss_note": "GitHub (CNA) CVSS v3.1 base 7.5 (HIGH, confidentiality-only); NVD has not published its own assessed score. Label Studio lets users set task filters that are passed into a Django ORM query without restriction, so an attacker manipulates the filter to read sensitive fields (including password hashes and tokens) from all user accounts (CWE-200 information exposure).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the disclosing advisory (https://github.com/advisories/GHSA-6hjj-gq77-j4qw); manipulate the task filter to read password hashes/tokens from all accounts.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via the GitHub Security Advisory (https://github.com/advisories/GHSA-6hjj-gq77-j4qw). The abused surface is Label Studio, a widely used data-labeling / annotation platform in ML pipelines.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is broken object-level authorization / sensitive-field exposure in an ML data-platform API.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "Label Studio before 1.9.2post0.",
+    "affected_versions": [
+      "Label Studio < 1.9.2post0"
+    ],
+    "vector": "Label Studio's task-filter feature passes user-controlled filter expressions into a Django ORM query without restricting which fields can be referenced. An attacker crafts a filter that selects sensitive columns (password hashes, auth tokens) across all user accounts and reads them back - a sensitive-field exposure via ORM manipulation (CWE-200) that supplies the material to forge sessions and impersonate users.",
+    "complexity": "low",
+    "complexity_notes": "GitHub CNA AV:N / AC:L / PR:N - unauthenticated field disclosure.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to 1.9.2post0 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade Label Studio to 1.9.2post0 or later. Enforce object-level authorization and serializer field allowlists on the API (never let user-controlled filters or responses expose secrets, tokens, or other users' fields), and rotate any exposed session-signing secrets / credentials."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-AC-3": "Access enforcement does not constrain which records/fields a user can read - a user-controlled ORM filter reads other accounts' sensitive fields.",
+      "NIST-800-53-SC-28": "Protection of information at rest is insufficient: sensitive fields (password hashes, tokens) are readable through the API and directly usable once leaked.",
+      "ISO-27001-2022-A.5.15": "Access control does not enforce object-level authorization on the ML data-platform API.",
+      "NIS2-Art21-identity-management": "Identity/access measures do not prevent API-level sensitive-field exposure from enabling account impersonation.",
+      "DORA-Art-9": "ICT protection measures do not model API sensitive-field exposure / account takeover of an ML platform as an ICT-risk event.",
+      "UK-CAF-B2": "Identity and Access Control objective has no objective for object-level authorization on AI data-platform APIs.",
+      "UK-CAF-B4": "System Security objective has no objective for serializer field allowlisting / ORM-filter restriction in ML platforms.",
+      "AU-ISM-1546": "Patch-application control does not single out ML data-labeling platforms.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an ML data-platform API's object-level authorization and sensitive-field exposure as integrity controls whose failure yields account takeover."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1552"
+    ],
+    "rwep_score": 23,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 18,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Moderate (RWEP 23, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3): poc_available=20 + blast_radius=18, minus patch_available 15. This is the first half of a Label Studio privilege-escalation chain - the ORM sensitive-field leak (CVE-2023-47117) supplies the material the impersonation flaw (CVE-2023-43791) replays.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2023-47117",
+    "cwe_refs": [
+      "CWE-200"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Label Studio task-filter requests referencing sensitive columns (password hashes, tokens) or other users' fields.",
+        "API responses returning sensitive fields from accounts other than the requester's.",
+        "Label Studio < 1.9.2post0 with the task-filter API reachable - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the GitHub Security Advisory (https://github.com/advisories/GHSA-6hjj-gq77-j4qw) and NVD CVE-2023-47117 (CWE-200)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2023-47117",
+      "https://github.com/advisories/GHSA-6hjj-gq77-j4qw"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2023-47117",
+        "url": "https://github.com/advisories/GHSA-6hjj-gq77-j4qw",
+        "severity": "high",
+        "published_date": "2023-11-14"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2023-47117",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47117",
+        "severity": "high",
+        "published_date": "2023-11-14"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from the GitHub Security Advisory (https://github.com/advisories/GHSA-6hjj-gq77-j4qw, CWE-200) + NVD (CVSS v3.1 7.5). Label Studio privilege-escalation chain (47117 ORM leak -> 43791 impersonation); introduces the AI-app API object-authorization / field-exposure control NEW-CTRL-106.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Label Studio's task-filter feature passes user input into a Django ORM query unrestricted, leaking sensitive fields (password hashes, tokens) from all accounts (CWE-200); fixed in 1.9.2post0."
+  },
+  "CVE-2023-43791": {
+    "name": "Label Studio Account Impersonation and Privilege Escalation",
+    "type": "Privilege Escalation",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NIST (NVD) CVSS v3.1 base 8.8 (HIGH, PR:L); the GitHub (CNA) advisory rates it 9.8 (CRITICAL, PR:N). Label Studio exposes information that lets an attacker impersonate any account and escalate from a low-privilege user to a Django super administrator - chained with the ORM sensitive-field leak (CVE-2023-47117), the exposed secrets/tokens are used to forge authenticated sessions (CWE-200).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the disclosing advisory (https://github.com/advisories/GHSA-f475-x83m-rx5m); chain the ORM leak to forge a session and impersonate / escalate to superadmin.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via the GitHub Security Advisory (https://github.com/advisories/GHSA-f475-x83m-rx5m). The abused surface is Label Studio, a widely used data-labeling / annotation platform in ML pipelines.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is broken object-level authorization / sensitive-field exposure in an ML data-platform API.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "Label Studio before 1.8.2.",
+    "affected_versions": [
+      "Label Studio < 1.8.2"
+    ],
+    "vector": "Label Studio exposes sensitive information that, chained with the ORM sensitive-field leak (CVE-2023-47117), lets an attacker impersonate any account and escalate from a low-privilege user to a Django super administrator. The leaked secrets/tokens are used to forge authenticated sessions and take over accounts (CWE-200 leading to broken object-level authorization).",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:L (GitHub CNA marks PR:N) - a low-privilege account suffices, and the chain reaches Django superadmin.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to 1.8.2 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade Label Studio to 1.8.2 or later. Enforce object-level authorization and serializer field allowlists on the API (never let user-controlled filters or responses expose secrets, tokens, or other users' fields), and rotate any exposed session-signing secrets / credentials."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-AC-3": "Access enforcement does not constrain which records/fields a user can read - leaked material is replayed to impersonate any account.",
+      "NIST-800-53-SC-28": "Protection of information at rest is insufficient: sensitive fields (password hashes, tokens) are readable through the API and directly usable once leaked.",
+      "ISO-27001-2022-A.5.15": "Access control does not enforce object-level authorization on the ML data-platform API.",
+      "NIS2-Art21-identity-management": "Identity/access measures do not prevent API-level sensitive-field exposure from enabling account impersonation.",
+      "DORA-Art-9": "ICT protection measures do not model API sensitive-field exposure / account takeover of an ML platform as an ICT-risk event.",
+      "UK-CAF-B2": "Identity and Access Control objective has no objective for object-level authorization on AI data-platform APIs.",
+      "UK-CAF-B4": "System Security objective has no objective for serializer field allowlisting / ORM-filter restriction in ML platforms.",
+      "AU-ISM-1546": "Patch-application control does not single out ML data-labeling platforms.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an ML data-platform API's object-level authorization and sensitive-field exposure as integrity controls whose failure yields account takeover."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1078",
+      "T1212"
+    ],
+    "rwep_score": 29,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 24,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Moderate (RWEP 29, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3): poc_available=20 + blast_radius=24, minus patch_available 15. This is the second half of a Label Studio privilege-escalation chain - the ORM sensitive-field leak (CVE-2023-47117) supplies the material the impersonation flaw (CVE-2023-43791) replays.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2023-43791",
+    "cwe_refs": [
+      "CWE-200"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Authenticated sessions in Label Studio minted/used for accounts the requester should not control, or sudden escalation to Django superadmin.",
+        "Use of leaked password hashes / tokens to forge or replay Label Studio sessions.",
+        "Label Studio < 1.8.2 reachable by a low-privilege user - the exposed precondition for the privesc chain."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the GitHub Security Advisory (https://github.com/advisories/GHSA-f475-x83m-rx5m) and NVD CVE-2023-43791 (CWE-200)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2023-43791",
+      "https://github.com/advisories/GHSA-f475-x83m-rx5m"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2023-43791",
+        "url": "https://github.com/advisories/GHSA-f475-x83m-rx5m",
+        "severity": "critical",
+        "published_date": "2023-11-09"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2023-43791",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43791",
+        "severity": "high",
+        "published_date": "2023-11-09"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from the GitHub Security Advisory (https://github.com/advisories/GHSA-f475-x83m-rx5m, CWE-200) + NVD (CVSS v3.1 8.8; GitHub CNA 9.8). Label Studio privilege-escalation chain (47117 ORM leak -> 43791 impersonation); introduces the AI-app API object-authorization / field-exposure control NEW-CTRL-106.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Label Studio exposes information enabling account impersonation and escalation to Django superadmin (chained with the ORM leak CVE-2023-47117); CWE-200, fixed in 1.8.2."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",

package/data/cwe-catalog.json

@@ -521,6 +521,8 @@
       "webapp-security"
     ],
     "evidence_cves": [
+      "CVE-2023-43791",
+      "CVE-2023-47117",
       "CVE-2024-40635",
       "CVE-2025-31125",
       "CVE-2026-20133",

package/data/framework-control-gaps.json

@@ -37,6 +37,8 @@
       "CVE-2022-1471",
       "CVE-2022-36551",
       "CVE-2023-43654",
+      "CVE-2023-43791",
+      "CVE-2023-47117",
       "CVE-2023-48022",
       "CVE-2023-51449",
       "CVE-2023-6016",
@@ -2198,6 +2200,8 @@
     "opened_date": "2026-04-01",
     "evidence_cves": [
       "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
+      "CVE-2023-43791",
+      "CVE-2023-47117",
       "CVE-2025-14847",
       "CVE-2025-22226",
       "CVE-2026-43284"
@@ -3839,6 +3843,8 @@
     "evidence_cves": [
       "CVE-2022-1471",
       "CVE-2023-43654",
+      "CVE-2023-43791",
+      "CVE-2023-47117",
       "CVE-2023-48022",
       "CVE-2023-6019",
       "CVE-2023-6021",
@@ -5062,7 +5068,9 @@
       "CVE-2022-1471",
       "CVE-2022-36551",
       "CVE-2023-43654",
+      "CVE-2023-43791",
       "CVE-2023-44467",
+      "CVE-2023-47117",
       "CVE-2023-48022",
       "CVE-2023-51449",
       "CVE-2023-6016",
@@ -5178,6 +5186,8 @@
     "opened_date": "2026-05-15",
     "evidence_cves": [
       "CVE-2022-36551",
+      "CVE-2023-43791",
+      "CVE-2023-47117",
       "CVE-2023-6038",
       "CVE-2024-1709",
       "CVE-2025-25297",
@@ -5474,6 +5484,8 @@
     "status": "open",
     "opened_date": "2026-05-15",
     "evidence_cves": [
+      "CVE-2023-43791",
+      "CVE-2023-47117",
       "CVE-2023-6016",
       "CVE-2023-6038",
       "CVE-2025-3248",
@@ -5638,7 +5650,9 @@
     "opened_date": "2026-05-17",
     "evidence_cves": [
       "CVE-2022-36551",
+      "CVE-2023-43791",
       "CVE-2023-44467",
+      "CVE-2023-47117",
       "CVE-2023-51449",
       "CVE-2023-6016",
       "CVE-2023-6038",
@@ -5741,7 +5755,9 @@
       "CVE-2022-1471",
       "CVE-2022-36551",
       "CVE-2023-43654",
+      "CVE-2023-43791",
       "CVE-2023-44467",
+      "CVE-2023-47117",
       "CVE-2023-48022",
       "CVE-2023-51449",
       "CVE-2023-6016",
@@ -6025,6 +6041,8 @@
     "opened_date": "2026-05-18",
     "evidence_cves": [
       "CVE-2020-10148",
+      "CVE-2023-43791",
+      "CVE-2023-47117",
       "CVE-2023-48022",
       "CVE-2023-6038",
       "CVE-2025-3248",

package/data/zeroday-lessons.json

@@ -4611,6 +4611,106 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation"
   },
+  "CVE-2023-47117": {
+    "name": "Label Studio ORM Filter Manipulation Sensitive-Field Disclosure",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "Label Studio passes user-controlled task filters into a Django ORM query without restricting referenced fields, so an attacker reads sensitive fields (password hashes, tokens) from all user accounts.",
+      "privileges_required": "none (unauthenticated field disclosure)",
+      "complexity": "low",
+      "ai_factor": "The abused surface is Label Studio, a data-labeling / annotation platform central to ML data pipelines. The lesson: an ML data-platform API must enforce object-level authorization and never expose sensitive fields - this CVE supplies the leaked credentials in a privilege-escalation chain that ends in full account takeover."
+    },
+    "framework_coverage": {
+      "NIST-800-53-AC-3": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Access enforcement does not constrain which records/fields a user can read through the API."
+      },
+      "NIST-800-53-SC-28": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Sensitive fields (password hashes, tokens) are readable through the API and directly usable once leaked."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats an ML data-platform API's object-level authorization and sensitive-field exposure as integrity controls whose failure yields account takeover."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 80,
+      "basis": "ML data-labeling platforms expose rich APIs over collaborative datasets; object-level authorization and serializer field allowlisting are frequently missing, and audits rarely test cross-account field reads.",
+      "theater_pattern": "ai_app_broken_object_authorization"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-106",
+        "name": "AI-APP-API-OBJECT-AUTHORIZATION-AND-FIELD-EXPOSURE",
+        "description": "An AI data-platform API (data-labeling, annotation, dataset/registry services) must enforce object-level authorization on every read and must never expose sensitive fields - secrets, session-signing keys, auth tokens, password hashes - through API responses, serializers, or user-controlled query/filter expressions. Use serializer field allowlists (never blanket model serialization), reject ORM/filter inputs that reference fields the caller is not authorized to read, scope every query to the caller's own objects, and store credentials so a read leak is not directly replayable (and rotate exposed secrets). The distinguishing test: as a low-privilege user, craft a filter/query that references another account's password hash or token, and confirm the API refuses it - a platform whose filter/serializer leaks sensitive fields lets an attacker chain disclosure into account impersonation and privilege escalation.",
+        "evidence": "https://github.com/advisories/GHSA-6hjj-gq77-j4qw",
+        "gap_closes": [
+          "NIST-800-53-AC-3",
+          "NIST-800-53-SC-28",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2023-43791": {
+    "name": "Label Studio Account Impersonation and Privilege Escalation",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "Label Studio exposes information that, chained with the ORM sensitive-field leak (CVE-2023-47117), lets an attacker impersonate any account and escalate from a low-privilege user to a Django super administrator.",
+      "privileges_required": "low (a low-privilege account; the chain reaches Django superadmin)",
+      "complexity": "low",
+      "ai_factor": "The abused surface is Label Studio, a data-labeling / annotation platform central to ML data pipelines. The lesson: an ML data-platform API must enforce object-level authorization and never expose sensitive fields - this CVE replays the leaked credentials to impersonate and escalate in a privilege-escalation chain that ends in full account takeover."
+    },
+    "framework_coverage": {
+      "NIST-800-53-AC-3": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Access enforcement does not constrain which records/fields a user can read through the API."
+      },
+      "NIST-800-53-SC-28": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Sensitive fields (password hashes, tokens) are readable through the API and directly usable once leaked."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats an ML data-platform API's object-level authorization and sensitive-field exposure as integrity controls whose failure yields account takeover."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 82,
+      "basis": "ML data-labeling platforms expose rich APIs over collaborative datasets; object-level authorization and serializer field allowlisting are frequently missing, and audits rarely test cross-account field reads.",
+      "theater_pattern": "ai_app_broken_object_authorization"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-106",
+        "name": "AI-APP-API-OBJECT-AUTHORIZATION-AND-FIELD-EXPOSURE",
+        "description": "An AI data-platform API (data-labeling, annotation, dataset/registry services) must enforce object-level authorization on every read and must never expose sensitive fields - secrets, session-signing keys, auth tokens, password hashes - through API responses, serializers, or user-controlled query/filter expressions. Use serializer field allowlists (never blanket model serialization), reject ORM/filter inputs that reference fields the caller is not authorized to read, scope every query to the caller's own objects, and store credentials so a read leak is not directly replayable (and rotate exposed secrets). The distinguishing test: as a low-privilege user, craft a filter/query that references another account's password hash or token, and confirm the API refuses it - a platform whose filter/serializer leaks sensitive fields lets an attacker chain disclosure into account impersonation and privilege escalation.",
+        "evidence": "https://github.com/advisories/GHSA-f475-x83m-rx5m",
+        "gap_closes": [
+          "NIST-800-53-AC-3",
+          "NIST-800-53-SC-28",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
   "CVE-2022-36551": {
     "name": "Label Studio Data Import Server-Side Request Forgery",
     "lesson_date": "2026-05-25",