@blamejs/exceptd-skills 0.13.83 → 0.13.85

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.13.85 — 2026-05-25
+
+CVE catalog — ShellTorch (PyTorch TorchServe model-server takeover). Adds the Oligo-disclosed chain that took over thousands of exposed TorchServe instances, including at major organizations. **CVE-2023-43654** (CWE-918, NIST CVSS 9.8) — the TorchServe management API registers a model from any remote URL (SSRF), and because the management console binds to all interfaces by default with no authentication, this is unauthenticated remote code execution; fixed in 0.8.2. **CVE-2022-1471** (CWE-502/20, NIST CVSS 9.8, CNA 8.3) — the deserialization leg: SnakeYAML's default `Constructor` instantiates arbitrary types from untrusted YAML, so the model config TorchServe parses becomes code execution; fixed in SnakeYAML 2.0 (SafeConstructor default). Both map MITRE ATLAS (AML.T0049 / AML.T0010 / AML.T0011.000) and ATT&CK T1190 / T1059, and their shared zero-day lesson (NEW-CTRL-093) requires the model-server management API to authenticate, bind to loopback, allow-list model sources, and parse config with safe deserializers. CVE count 349 → 351.
+
+## 0.13.84 — 2026-05-25
+
+CVE catalog — llama.cpp RPC-backend memory-safety RCE. Adds the unauthenticated remote-memory-corruption family in the RPC backend of the most widely used local LLM runtime, all reachable over the RPC server's default port 50052 with no authentication. **CVE-2024-42479** (CWE-787/123, NIST CVSS 9.8) — a SET_TENSOR message with an unvalidated `rpc_tensor` data pointer yields a write-what-where primitive and RCE. **CVE-2024-42478** (CWE-125, NIST CVSS 9.8) — the companion GET_TENSOR arbitrary-address read for pointer leaks / ASLR bypass. Both fixed in build b3561. **CVE-2026-34159** (CWE-119, NIST CVSS 9.8) — `deserialize_tensor()` still skips bounds validation when a tensor's `buffer` field is 0 via the GRAPH_COMPUTE command path that the b3561 fix never covered, giving unauthenticated RCE; fixed in b8492. All three map ATLAS AML.T0049 and ATT&CK T1190 (+ T1059 for the code-execution variants); their shared zero-day lesson (NEW-CTRL-092) requires bounds validation inside `deserialize_tensor` across every command path and keeping the RPC server off untrusted networks. CVE count 346 → 349.
+
 ## 0.13.83 — 2026-05-25
 
 CVE catalog — Keras model-deserialization RCE (the canonical "untrusted model artifact is executable code" supply-chain risk). **CVE-2025-1550** (CWE-94, NIST CVSS 9.8) — Keras's `.keras` format parser runs arbitrary Python via `importlib` at load time, with no Lambda layer or custom object required and triggered simply by loading (not calling) the model; fixed in 3.8.0, which introduced `safe_mode`. **CVE-2025-8747** (CWE-502, NIST CVSS 7.8) — that `safe_mode` mitigation is bypassable through 3.10.0: `Model.load_model` still executes code from a crafted archive via arguments to built-in modules even with `safe_mode` enabled, i.e. the first fix was incomplete. Both map MITRE ATLAS AML.T0010 / AML.T0011 / AML.T0011.000 (ML supply chain compromise / unsafe AI artifacts) and ATT&CK T1204 / T1059 / T1195.002, and their shared zero-day lesson (NEW-CTRL-091) requires treating model artifacts as untrusted code — provenance, safe formats like safetensors, sandboxed loading — and not relying on `safe_mode` alone. CVE count 344 → 346.

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-25T18:32:17.643Z",
+  "generated_at": "2026-05-25T19:31:45.168Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "89e312a8097ece18dfb8c9c38e781cdbc9168f1a52e0192a0306883e2e1375de",
-    "data/atlas-ttps.json": "bd624da4fa5f87232e844b2e3a670c5d8a9d5a986b70b14c6d89607f3994437c",
-    "data/attack-techniques.json": "be457146623e755743af14a12c5aa0611820fc17191c0d39e38d5b87c7b2c546",
-    "data/cve-catalog.json": "15214dd74c7f833c06eb9585cf394b8b65ba74513e0c8c303aa7c295d8c91b19",
-    "data/cwe-catalog.json": "621a028a82f98e5e8763239e0a8ad56717c3597f82e4a1460b65f1ba7ca61aa8",
+    "manifest.json": "a749a97b394837ad068e664902920acade30392977ae06dec3d523d3b7f69f54",
+    "data/atlas-ttps.json": "095a2d70b41e0010d3997fc9f6f36c22fa0b508e6c398a247979bd855007e27b",
+    "data/attack-techniques.json": "5afbe16ba1126d5a9af6873b018446108e466828a64dc5e4f3c0234eb5da9184",
+    "data/cve-catalog.json": "5471860d403e0a96cae1022ba8aa1515932f20364efede9231ccbf6990a29783",
+    "data/cwe-catalog.json": "320acd6f332964646aa053742156942315f2167751c1c714afa452d5195ecc54",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "d506e0bd8ed17e7a8c5738a69ebb7f671539ff3515df96d6d612ffe4cb1292e7",
+    "data/framework-control-gaps.json": "f26a4b6dd58ee7e4f6040c1c8b24435a6d23ea031157dfa6df1611459cb76eb1",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
-    "data/zeroday-lessons.json": "de3bfcce815e52abcbf61eab95746496491a983d3f9d73248f5321c155ebd949",
+    "data/zeroday-lessons.json": "f84e5e332ebcdef7afb6fe3ebd9c665aaa21b84ddcdc67bbb2e909cdfd36227f",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
     "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 335,
+    "chains_cve_entries": 340,
     "chains_cwe_entries": 171,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -149,7 +149,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 346
+      "entry_count": 351
     },
     {
       "date": "2026-05-18",
@@ -165,7 +165,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 341
+      "entry_count": 346
     },
     {
       "date": "2026-05-17",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 346,
+      "entry_count": 351,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 341,
+      "entry_count": 346,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",