@blamejs/exceptd-skills 0.13.121 → 0.13.122

package/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 0.13.122 — 2026-05-26
+
+CVE catalog — SGLang LLM-serving framework. Adds two RCEs in SGLang (lmsys), a widely used high-performance LLM serving / inference framework. **CVE-2025-10164** (VulDB CNA CVSS v3.1 7.3; GHSA describes it as RCE) — `update_weights_from_tensor` deserializes untrusted serialized-object tensor data, so a deployment that exposes the weight-update path to untrusted input executes arbitrary code (CWE-502 / CWE-20); reuses the untrusted-model-artifact loading control (NEW-CTRL-091). **CVE-2026-5760** (CNA CVSS v3.1 9.8 CRITICAL) — the `/v1/rerank` endpoint renders a model-supplied `tokenizer.chat_template` with a non-sandboxed `jinja2.Environment()`, so a malicious model file achieves remote code execution via server-side template injection (CWE-94); fix renders with `ImmutableSandboxedEnvironment`. Introduces NEW-CTRL-110: an LLM serving framework must render model-supplied templates in a sandboxed environment and treat third-party model files as untrusted. Both are malicious-model classes (ATLAS AML.T0010/AML.T0011). CVE count 412 → 414.
+
 ## 0.13.121 — 2026-05-26
 
 CVE catalog — ONNX model-interchange path traversal. Adds **CVE-2025-51480** in ONNX, the de-facto open model-interchange format used across the ML ecosystem. `onnx.external_data_helper.save_external_data` does not confine the model-supplied `external_data` `location`, so processing a crafted ONNX model writes external-data tensors to an arbitrary path (`../` traversal or absolute), overwriting arbitrary files (CWE-22; NVD CVSS v3.1 8.8) — which in a model-load pipeline can escalate to code execution. Requires the victim to process the malicious model (UI:R), so it is modelled as a malicious-model / supply-chain class (ATLAS AML.T0010/AML.T0011, ATT&CK T1195.002). Fixed in 1.18.0. Reuses the AI-runtime-API path-traversal validation control (NEW-CTRL-094). CVE count 411 → 412.

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-27T02:39:24.209Z",
+  "generated_at": "2026-05-27T03:06:01.395Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "4795b0961ddf17b28978fa9594db16f6717424d262b720e70fa6a07321072c02",
-    "data/atlas-ttps.json": "26d64a201c0e5461c70b7d0e6827775efb193c7654f465e5f0cf8237e0a37d80",
-    "data/attack-techniques.json": "958c8c8b85fa33464ea4c39fb612cfe69f26280b0c6d10c9e974dc2b423b99ef",
-    "data/cve-catalog.json": "c5bdd2ac0e911dede728ac24a771605fb38acd0f86775b21f34f840f3bbbbf2e",
-    "data/cwe-catalog.json": "13e85572dae38fe0ceda6b9c19190af2c5fd5637360632c7ed1633d117da0f3c",
+    "manifest.json": "fc30971ffe929e19b1d8a79ac7efd667c95594694552ed1c4c4676129de2ff7a",
+    "data/atlas-ttps.json": "033f1683eb0c15d4bf8a3e60e938b722eb7c5c1a480efdc4e7ec76c2bf41cd44",
+    "data/attack-techniques.json": "702fe53550d5f107b31f1c00ea5ba70b5e849a5a44adf0fcf60a9c02be91c5b5",
+    "data/cve-catalog.json": "5695cdd2c709ba018d1c0c684c6910d3c440806d71f86b453fbd883d29d0155f",
+    "data/cwe-catalog.json": "ca0db2e811453c41baf21edf542f62b628d1e174ef871d5898565fd8c7c1b16a",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "a7d49316f7b1ca7f67c3b2cabdd03781f54486a763c46ebf985f77ed823f8332",
+    "data/framework-control-gaps.json": "626a392aada4166f1c6d279ed1aa1288e4f75a7e9104364f1beebaba6840ca76",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
-    "data/zeroday-lessons.json": "1c5386d1d7b2f07bdf879f14351b5f30360d1fde31e97bf06245b5162e66b062",
+    "data/zeroday-lessons.json": "8e8f726813e9400e883c47a63df2a2ee64a59da0a3df36fbf1510f9e37ea2e35",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
     "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 401,
+    "chains_cve_entries": 403,
     "chains_cwe_entries": 172,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -149,7 +149,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 412
+      "entry_count": 414
     },
     {
       "date": "2026-05-18",
@@ -165,7 +165,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 407
+      "entry_count": 409
     },
     {
       "date": "2026-05-17",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 412,
+      "entry_count": 414,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 407,
+      "entry_count": 409,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",