@blamejs/exceptd-skills 0.13.82 → 0.13.84
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +2138 -0
- package/data/atlas-ttps.json +13 -2
- package/data/attack-techniques.json +14 -1
- package/data/cve-catalog.json +527 -1
- package/data/cwe-catalog.json +6 -0
- package/data/framework-control-gaps.json +40 -0
- package/data/zeroday-lessons.json +250 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.13.84 — 2026-05-25
|
|
4
|
+
|
|
5
|
+
CVE catalog — llama.cpp RPC-backend memory-safety RCE. Adds the unauthenticated remote-memory-corruption family in the RPC backend of the most widely used local LLM runtime, all reachable over the RPC server's default port 50052 with no authentication. **CVE-2024-42479** (CWE-787/123, NIST CVSS 9.8) — a SET_TENSOR message with an unvalidated `rpc_tensor` data pointer yields a write-what-where primitive and RCE. **CVE-2024-42478** (CWE-125, NIST CVSS 9.8) — the companion GET_TENSOR arbitrary-address read for pointer leaks / ASLR bypass. Both fixed in build b3561. **CVE-2026-34159** (CWE-119, NIST CVSS 9.8) — `deserialize_tensor()` still skips bounds validation when a tensor's `buffer` field is 0 via the GRAPH_COMPUTE command path that the b3561 fix never covered, giving unauthenticated RCE; fixed in b8492. All three map ATLAS AML.T0049 and ATT&CK T1190 (+ T1059 for the code-execution variants); their shared zero-day lesson (NEW-CTRL-092) requires bounds validation inside `deserialize_tensor` across every command path and keeping the RPC server off untrusted networks. CVE count 346 → 349.
|
|
6
|
+
|
|
7
|
+
## 0.13.83 — 2026-05-25
|
|
8
|
+
|
|
9
|
+
CVE catalog — Keras model-deserialization RCE (the canonical "untrusted model artifact is executable code" supply-chain risk). **CVE-2025-1550** (CWE-94, NIST CVSS 9.8) — Keras's `.keras` format parser runs arbitrary Python via `importlib` at load time, with no Lambda layer or custom object required and triggered simply by loading (not calling) the model; fixed in 3.8.0, which introduced `safe_mode`. **CVE-2025-8747** (CWE-502, NIST CVSS 7.8) — that `safe_mode` mitigation is bypassable through 3.10.0: `Model.load_model` still executes code from a crafted archive via arguments to built-in modules even with `safe_mode` enabled, i.e. the first fix was incomplete. Both map MITRE ATLAS AML.T0010 / AML.T0011 / AML.T0011.000 (ML supply chain compromise / unsafe AI artifacts) and ATT&CK T1204 / T1059 / T1195.002, and their shared zero-day lesson (NEW-CTRL-091) requires treating model artifacts as untrusted code — provenance, safe formats like safetensors, sandboxed loading — and not relying on `safe_mode` alone. CVE count 344 → 346.
|
|
10
|
+
|
|
3
11
|
## 0.13.82 — 2026-05-25
|
|
4
12
|
|
|
5
13
|
CVE catalog — NVIDIA Container Toolkit GPU container escape. Adds the two Wiz-disclosed escapes in the container runtime that underpins essentially all containerized GPU/AI workloads. **CVE-2024-0132** (CWE-367, NIST CVSS 8.3 / NVIDIA 9.0) — a time-of-check/time-of-use race lets a crafted container image escape to the host; fixed in Container Toolkit 1.16.2. **CVE-2025-23266** (NVIDIAScape, CWE-426, CVSS 9.0) — an untrusted search path in container-initialization hooks lets a crafted container load attacker code with elevated host permissions; patch per NVIDIA advisory a_id/5659. Both map ATT&CK T1610/T1611 (deploy container / escape to host) and carry maximal blast radius because a single escape on a shared GPU host crosses the tenant boundary and exposes co-tenant models, data, and credentials. Their shared zero-day lesson (NEW-CTRL-090) treats the GPU container runtime as a patch-prioritized AI-pipeline isolation boundary, not an assumed-safe layer. CVE count 342 → 344.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-25T19:00:03.604Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
8
|
-
"data/atlas-ttps.json": "
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
11
|
-
"data/cwe-catalog.json": "
|
|
7
|
+
"manifest.json": "aaea826bb1b12d07976474ba4fa1e02e65e3fff747b1246824d3381d6b4e4333",
|
|
8
|
+
"data/atlas-ttps.json": "b55fc88ba0af73c4589095d3932b8c03ac54faf798c2cd7bbe743a84e5dcb9c1",
|
|
9
|
+
"data/attack-techniques.json": "efd58ed339504b05fe2959f0697df54551c00113050d9517c712c6efcd9da3b4",
|
|
10
|
+
"data/cve-catalog.json": "2c65e808ea6539745983d367164651a4ce3dae8d436dba36525a3f9adfbfe317",
|
|
11
|
+
"data/cwe-catalog.json": "58fec5b8055d99aa02b8571ef4f7e9669a1aa18ec58872867a22294f37e05d41",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
14
14
|
"data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
|
|
15
|
-
"data/framework-control-gaps.json": "
|
|
15
|
+
"data/framework-control-gaps.json": "9eb46357c6d9e0447e2ebf204a13a73d12ab41f7c36518ea660826929f69cdbc",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "1ecd962b9cbb45e79fa5360ac81269b4a63e7a7ee634ed08ad1e0dba8368328c",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
|
|
@@ -72,7 +72,7 @@
|
|
|
72
72
|
"dlp_refs": 0
|
|
73
73
|
},
|
|
74
74
|
"trigger_table_entries": 538,
|
|
75
|
-
"chains_cve_entries":
|
|
75
|
+
"chains_cve_entries": 338,
|
|
76
76
|
"chains_cwe_entries": 171,
|
|
77
77
|
"jurisdictions_indexed": 29,
|
|
78
78
|
"handoff_dag_nodes": 42,
|
|
@@ -149,7 +149,7 @@
|
|
|
149
149
|
"artifact": "data/cve-catalog.json",
|
|
150
150
|
"path": "data/cve-catalog.json",
|
|
151
151
|
"schema_version": "1.0.0",
|
|
152
|
-
"entry_count":
|
|
152
|
+
"entry_count": 349
|
|
153
153
|
},
|
|
154
154
|
{
|
|
155
155
|
"date": "2026-05-18",
|
|
@@ -165,7 +165,7 @@
|
|
|
165
165
|
"artifact": "data/zeroday-lessons.json",
|
|
166
166
|
"path": "data/zeroday-lessons.json",
|
|
167
167
|
"schema_version": "1.1.0",
|
|
168
|
-
"entry_count":
|
|
168
|
+
"entry_count": 344
|
|
169
169
|
},
|
|
170
170
|
{
|
|
171
171
|
"date": "2026-05-17",
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
"rebuild_after_days": 365,
|
|
63
63
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
64
64
|
},
|
|
65
|
-
"entry_count":
|
|
65
|
+
"entry_count": 349,
|
|
66
66
|
"sample_keys": [
|
|
67
67
|
"CVE-2025-53773",
|
|
68
68
|
"CVE-2026-30615",
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
"rebuild_after_days": 365,
|
|
239
239
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
240
240
|
},
|
|
241
|
-
"entry_count":
|
|
241
|
+
"entry_count": 344,
|
|
242
242
|
"sample_keys": [
|
|
243
243
|
"CVE-2026-31431",
|
|
244
244
|
"CVE-2025-53773",
|