@blamejs/exceptd-skills 0.13.108 → 0.13.110

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.13.110 — 2026-05-26
+
+CVE catalog — Adversarial Robustness Toolbox (ART) code execution. Adds two flaws in ART, the Trusted-AI library used to *defend* ML models against adversarial attacks, both in its Kubeflow component (CISA-ADP CVSS 9.8 CRITICAL; NVD assessment pending). **CVE-2026-31229** (CWE-502) — the model loader calls `torch.load()` without `weights_only=True`, so loading a maliciously crafted model file runs arbitrary code (the same safe-load gap as CVE-2025-32434, here in the defensive library). **CVE-2026-31230** (CWE-88) — the `--clip_values` and `--input_shape` command-line arguments are parsed through an unsafe dynamic-evaluation call, so attacker-controlled values execute arbitrary Python. Both affect ART through 1.20.1 with no published fix, so both are scored without patch credit; CVE-2026-31229 reuses the untrusted-model-artifact control (NEW-CTRL-091) — a model file is executable code — and CVE-2026-31230 reuses the AI-framework CLI input-neutralization control (NEW-CTRL-100), parse argument values with a safe literal parser. CVE count 396 → 398.
+
+## 0.13.109 — 2026-05-26
+
+CVE catalog — Label Studio privilege-escalation chain. Adds the two flaws that chain into full account takeover of Label Studio, the data-labeling platform used in ML pipelines, both sensitive-information exposure (CWE-200). **CVE-2023-47117** (NVD/GitHub CNA CVSS 7.5 HIGH) — the task-filter feature passes user input into a Django ORM query without restricting referenced fields, leaking password hashes and tokens from all accounts; fixed in 1.9.2post0. **CVE-2023-43791** (NVD CVSS 8.8 HIGH; GitHub CNA 9.8 CRITICAL) — exposed information, chained with that ORM leak, lets an attacker impersonate any account and escalate from a low-privilege user to a Django super administrator; fixed in 1.8.2. Both are patched and introduce NEW-CTRL-106: an ML data-platform API must enforce object-level authorization on every read and never expose secrets, tokens, or password hashes through serializers or user-controlled filters — use field allowlists, scope queries to the caller, and store credentials so a read leak is not directly replayable. CVE count 394 → 396.
+
 ## 0.13.108 — 2026-05-26
 
 CVE catalog — Label Studio data-pipeline SSRF. Adds two server-side request forgery flaws in Label Studio, the data-labeling / annotation platform used in ML pipelines, where the server fetches caller-supplied URLs without validating the destination. **CVE-2025-25297** (CWE-918, NVD CVSS 7.7 HIGH; GitHub CNA 8.6) — the S3 storage feature accepts a custom endpoint URL without validation, so an attacker reaches internal services or cloud metadata via the server; fixed in 1.16.0. **CVE-2022-36551** (CWE-918, NIST CVSS 6.5 MEDIUM) — the Data Import module fetches a user-supplied URL with no restriction and self-registration is on by default, so any remote attacker reads arbitrary files or reaches internal services; fixed in 1.6.0. Both are patched and introduce NEW-CTRL-105: an ML data-pipeline platform's import/storage URL fetches must validate and allowlist destinations (block private, link-local, and cloud-metadata addresses and `file://` schemes) and restrict who can configure them. CVE count 392 → 394.

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-26T09:35:30.755Z",
+  "generated_at": "2026-05-26T10:14:46.164Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "6dfd4491ceb5206ae8f4910fc430b29932a4bebdb791fee7a503d6eb8aeb8191",
-    "data/atlas-ttps.json": "18a8977c143ee341aee864ded68de2a032d684527d61ed67c8377a24f7dd71ef",
-    "data/attack-techniques.json": "0e09b9da23995c300532ee24052ef54f006a0057ea9b5b7b764541cfe6ada49f",
-    "data/cve-catalog.json": "dc02816b7b1a6ebc6986f2bd30dcc618d89985bd9291a10df2376354ba899002",
-    "data/cwe-catalog.json": "f1f776d2d3fa1436aa3556b72c891b9404186e43ebd5bf0463c89d3d4c5b4490",
+    "manifest.json": "8e67e0413e4d53e309d656f76df137c607605dd76540173e4525cd89609b8b8c",
+    "data/atlas-ttps.json": "1d61ae4a16d09612334c866c447b528cfd5b88359372cea3671ce9ef82429a76",
+    "data/attack-techniques.json": "6a20d09951c87d26c3f0212d54f13a7167a9be20902b2fc55f9757e76b6f40e4",
+    "data/cve-catalog.json": "396a5e264c1886259cc5bb8e7d08ed773b49d9947cf006f97b54eb36b8ea923d",
+    "data/cwe-catalog.json": "310b4460a22c1292a52a10e98435aef8ea97c770f1767cd4966804aa62716acd",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "a96e6241cc95dffaf4f39768164a4929e3f4c806897d091093114b1262d8811a",
+    "data/framework-control-gaps.json": "d2e60889dab692934572789e3c95c2b6499fd1d6250b0d5e257d3d50a0ce4281",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
-    "data/zeroday-lessons.json": "3008d0cfa84f53f0015e61fca8e876f6f81928916ea3c2e230661ec4683cbb76",
+    "data/zeroday-lessons.json": "d120df17940a2ec2d0e28e35871b8c5e9f0d018629b1f8d4bf69fb6dda7be59f",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
     "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 383,
+    "chains_cve_entries": 387,
     "chains_cwe_entries": 171,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -149,7 +149,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 394
+      "entry_count": 398
     },
     {
       "date": "2026-05-18",
@@ -165,7 +165,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 389
+      "entry_count": 393
     },
     {
       "date": "2026-05-17",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 394,
+      "entry_count": 398,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 389,
+      "entry_count": 393,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",