@blamejs/exceptd-skills 0.13.80 → 0.13.82
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1648 -0
- package/data/atlas-ttps.json +5 -2
- package/data/attack-techniques.json +10 -0
- package/data/cve-catalog.json +413 -0
- package/data/cwe-catalog.json +10 -3
- package/data/framework-control-gaps.json +33 -1
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.13.82 — 2026-05-25
|
|
4
|
+
|
|
5
|
+
CVE catalog — NVIDIA Container Toolkit GPU container escape. Adds the two Wiz-disclosed escapes in the container runtime that underpins essentially all containerized GPU/AI workloads. **CVE-2024-0132** (CWE-367, NIST CVSS 8.3 / NVIDIA 9.0) — a time-of-check/time-of-use race lets a crafted container image escape to the host; fixed in Container Toolkit 1.16.2. **CVE-2025-23266** (NVIDIAScape, CWE-426, CVSS 9.0) — an untrusted search path in container-initialization hooks lets a crafted container load attacker code with elevated host permissions; patch per NVIDIA advisory a_id/5659. Both map ATT&CK T1610/T1611 (deploy container / escape to host) and carry maximal blast radius because a single escape on a shared GPU host crosses the tenant boundary and exposes co-tenant models, data, and credentials. Their shared zero-day lesson (NEW-CTRL-090) treats the GPU container runtime as a patch-prioritized AI-pipeline isolation boundary, not an assumed-safe layer. CVE count 342 → 344.
|
|
6
|
+
|
|
7
|
+
## 0.13.81 — 2026-05-25
|
|
8
|
+
|
|
9
|
+
CVE catalog — Open WebUI code-injection RCEs. Adds two remote code execution flaws in Open WebUI, a widely deployed self-hosted AI chat front end. **CVE-2026-0766** (CWE-94, ZDI CVSS 8.8) — the `load_tool_module_by_id` function runs an unvalidated user-supplied string as Python, so an authenticated user achieves RCE on the host. **CVE-2025-64496** (CWE-95/501/829, NIST CVSS 8.0, fixed 0.6.35) — with the Direct Connections feature enabled and a user lured to a malicious external model server, that server injects JavaScript via server-sent events, leading to token theft, account takeover, and with extended permissions RCE. Both carry CWE + ATT&CK T1190/T1059 mappings, global-first framework gaps, and behavioral IoCs; their shared zero-day lesson (NEW-CTRL-089) requires an AI application never to turn user-supplied strings or external-model-server content into executable code. CVE count 340 → 342.
|
|
10
|
+
|
|
3
11
|
## 0.13.80 — 2026-05-25
|
|
4
12
|
|
|
5
13
|
CVE catalog — ShadowRay (CVE-2023-48022). Adds Anyscale Ray's unauthenticated Job Submission / Dashboard API remote code execution, the landmark case for prioritizing on real-world exploitation rather than CVSS or KEV alone. NVD marks the CVE disputed — the vendor frames the open Job API as intended for trusted networks — so it carries no code patch and is not on the CISA KEV catalog. Yet it is exploited at scale: Oligo's ShadowRay 2.0 campaign turned roughly 230,000 internet-exposed Ray clusters into crypto-mining botnets and exfiltrated model weights and cloud credentials. It therefore scores RWEP 68 (high) on confirmed active exploitation plus broad blast radius with no patch credit. The entry maps real MITRE ATLAS techniques (AML.T0049 / T0034 / T0035 / T0025) and ATT&CK T1190 / T1059 / T1496, and its zero-day lesson names the "controlled network is a security control" theater pattern, with a control requiring the AI compute control plane to authenticate every caller (Ray token auth, no untrusted-network exposure). Mitigation is configuration, not a patch. CVE count 339 → 340.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-25T18:04:28.022Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
8
|
-
"data/atlas-ttps.json": "
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
11
|
-
"data/cwe-catalog.json": "
|
|
7
|
+
"manifest.json": "ef7819a7db25a911f0f106e531428f47d84e6658ef9764638877bb3161f1a77f",
|
|
8
|
+
"data/atlas-ttps.json": "b1f6dd6a53b7f08e6eca7291618860aa91782affbc68c9e2d451a9e7f7eda122",
|
|
9
|
+
"data/attack-techniques.json": "86b78e5d42de21ab68d18c46884fead3a76ae860fadb9f472b08eddc31fa6d9f",
|
|
10
|
+
"data/cve-catalog.json": "af8f4a9bbf6295120ca4b237daba5eb256596c9650d7808fead64a95cf11f064",
|
|
11
|
+
"data/cwe-catalog.json": "f62f16d90bf7723b7a1e583980712db4f873b429110c169a495bb97f6a084143",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
14
14
|
"data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
|
|
15
|
-
"data/framework-control-gaps.json": "
|
|
15
|
+
"data/framework-control-gaps.json": "681c0c62eb79b8486b4cf53af6ff877d89b806314ffbab0131da6acd49767b50",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "b97d3498812e32932785bbc48cfa25f20037f713aa1bf020962aef81c7f6677b",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
|
|
@@ -72,7 +72,7 @@
|
|
|
72
72
|
"dlp_refs": 0
|
|
73
73
|
},
|
|
74
74
|
"trigger_table_entries": 538,
|
|
75
|
-
"chains_cve_entries":
|
|
75
|
+
"chains_cve_entries": 333,
|
|
76
76
|
"chains_cwe_entries": 171,
|
|
77
77
|
"jurisdictions_indexed": 29,
|
|
78
78
|
"handoff_dag_nodes": 42,
|
|
@@ -149,7 +149,7 @@
|
|
|
149
149
|
"artifact": "data/cve-catalog.json",
|
|
150
150
|
"path": "data/cve-catalog.json",
|
|
151
151
|
"schema_version": "1.0.0",
|
|
152
|
-
"entry_count":
|
|
152
|
+
"entry_count": 344
|
|
153
153
|
},
|
|
154
154
|
{
|
|
155
155
|
"date": "2026-05-18",
|
|
@@ -165,7 +165,7 @@
|
|
|
165
165
|
"artifact": "data/zeroday-lessons.json",
|
|
166
166
|
"path": "data/zeroday-lessons.json",
|
|
167
167
|
"schema_version": "1.1.0",
|
|
168
|
-
"entry_count":
|
|
168
|
+
"entry_count": 339
|
|
169
169
|
},
|
|
170
170
|
{
|
|
171
171
|
"date": "2026-05-17",
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
"rebuild_after_days": 365,
|
|
63
63
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
64
64
|
},
|
|
65
|
-
"entry_count":
|
|
65
|
+
"entry_count": 344,
|
|
66
66
|
"sample_keys": [
|
|
67
67
|
"CVE-2025-53773",
|
|
68
68
|
"CVE-2026-30615",
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
"rebuild_after_days": 365,
|
|
239
239
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
240
240
|
},
|
|
241
|
-
"entry_count":
|
|
241
|
+
"entry_count": 339,
|
|
242
242
|
"sample_keys": [
|
|
243
243
|
"CVE-2026-31431",
|
|
244
244
|
"CVE-2025-53773",
|