@blamejs/exceptd-skills 0.13.93 → 0.13.94

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +385 -0
  6. package/data/atlas-ttps.json +1 -0
  7. package/data/attack-techniques.json +2 -0
  8. package/data/cve-catalog.json +103 -0
  9. package/data/cwe-catalog.json +1 -0
  10. package/data/framework-control-gaps.json +8 -0
  11. package/data/zeroday-lessons.json +50 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.13.94 — 2026-05-25
4
+
5
+ CVE catalog — AnythingLLM upload path traversal to RCE. Adds **CVE-2024-13059** (CWE-22, NIST CVSS 7.2): AnythingLLM's multer-based upload handler mishandles non-ASCII filenames so they decode into `../` traversal sequences, letting a manager/admin user write attacker content to an arbitrary path (e.g. a startup script) and achieve remote code execution on the host; fixed in 1.3.1. Maps ATLAS AML.T0049 and ATT&CK T1190 / T1059, and reuses the runtime-API path-traversal control (NEW-CTRL-094) shared with the Ollama entries — AI-app file/path inputs must be canonicalized and validated, including non-ASCII transforms, before touching the filesystem. CVE count 368 → 369.
6
+
3
7
  ## 0.13.93 — 2026-05-25
4
8
 
5
9
  CVE catalog — LangChain experimental-chain code execution (prompt injection to RCE). Adds the canonical class where an LLM chain turns prompt-influenced input into executed Python. **CVE-2024-21513** (langchain-experimental, CWE-94, NIST CVSS 8.5) — VectorSQLDatabaseChain evaluates database values as code, so an attacker controlling the input prompt achieves arbitrary code execution; fixed in 0.0.21. **CVE-2023-44467** (langchain_experimental PALChain, CWE-94, NIST CVSS 9.8) — PALChain executes prompt-generated Python and did not block the dunder-import builtin, bypassing the earlier CVE-2023-36258 fix; fixed in 0.0.306. Both map ATLAS AML.T0051 (LLM prompt injection) + AML.T0011 and ATT&CK T1059 / T1059.006, and their shared zero-day lesson (NEW-CTRL-099) requires chains that execute generated code to sandbox or disable it — builtin denylists are an incomplete fix. Distinct from the existing LangChain entries (LangGrinch serialization, Chatchat MCP). CVE count 366 → 368.
package/data/_indexes/_meta.json CHANGED
@@ -1,21 +1,21 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-26T02:33:31.075Z",
3
+ "generated_at": "2026-05-26T03:02:24.224Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 54,
6
6
  "source_hashes": {
7
- "manifest.json": "cb92f7a7f61228eb5632fbaeaa386b953c90bc2016eb9f84a7f2bb9f8f3013b1",
8
- "data/atlas-ttps.json": "e3d139160b51eac0360f4bee92be52e77e0e441f8596b32f04e8bd6f29c1acd9",
9
- "data/attack-techniques.json": "4f269298532ae7ef304b2f5e52dbb72e8d363e0f1d29dca7c691a7f15d23b7e5",
10
- "data/cve-catalog.json": "0fae8ec235920068e1ea3bed6f3280e920feb2aa82bcb185a8dee42f419c3242",
11
- "data/cwe-catalog.json": "1f2d77ee7d83e6aa113055f620a1c56d9287392c8c0a3fb8336abc52ce53d8fd",
7
+ "manifest.json": "bb5e222b0112772eb40d9405fd2ce83f83498fc7982da9af4663c0948e9494f9",
8
+ "data/atlas-ttps.json": "00c4cd73790a452917a61423c12ecdaf4a7dd27544a9239665fbef4779ba0c6a",
9
+ "data/attack-techniques.json": "2aba4de35c01b53b9aaf9c423e44c77e13341ee7926462aaf68b20513beba27d",
10
+ "data/cve-catalog.json": "9a85adc3a0e9a3c519b3918dcc294f0d25e447b6330fdd4a1db036a7f3e04b8a",
11
+ "data/cwe-catalog.json": "a28c9b060634d683761c21550a5a65d95d1b2f7179b1ad26aec9a215d05633b2",
12
12
  "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
13
13
  "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
14
14
  "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
15
- "data/framework-control-gaps.json": "818c34517b1612cf391379898ae3da6fba16523af1d15df61f7c82823ce5f338",
15
+ "data/framework-control-gaps.json": "b371c89e5ae339bb34e37623f93372422d87f37fd6b6d6c7e964a7bc10df5581",
16
16
  "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
17
17
  "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
18
- "data/zeroday-lessons.json": "20a009550c9f4b9d4cbb79aaec1883cc2db4cc0353238f4c8583aa1f1a622e9b",
18
+ "data/zeroday-lessons.json": "aa6b9bf315c26bffabb33bef609b12f64c1ab5c72c662ecd8ad60314c255fc98",
19
19
  "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
20
20
  "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
21
21
  "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
72
72
  "dlp_refs": 0
73
73
  },
74
74
  "trigger_table_entries": 538,
75
- "chains_cve_entries": 357,
75
+ "chains_cve_entries": 358,
76
76
  "chains_cwe_entries": 171,
77
77
  "jurisdictions_indexed": 29,
78
78
  "handoff_dag_nodes": 42,
package/data/_indexes/activity-feed.json CHANGED
@@ -149,7 +149,7 @@
149
149
  "artifact": "data/cve-catalog.json",
150
150
  "path": "data/cve-catalog.json",
151
151
  "schema_version": "1.0.0",
152
- "entry_count": 368
152
+ "entry_count": 369
153
153
  },
154
154
  {
155
155
  "date": "2026-05-18",
@@ -165,7 +165,7 @@
165
165
  "artifact": "data/zeroday-lessons.json",
166
166
  "path": "data/zeroday-lessons.json",
167
167
  "schema_version": "1.1.0",
168
- "entry_count": 363
168
+ "entry_count": 364
169
169
  },
170
170
  {
171
171
  "date": "2026-05-17",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 368,
65
+ "entry_count": 369,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 363,
241
+ "entry_count": 364,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",
package/data/_indexes/chains.json CHANGED
@@ -33915,6 +33915,368 @@
33915
33915
  ]
33916
33916
  }
33917
33917
  },
33918
+ "CVE-2024-13059": {
33919
+ "name": "AnythingLLM Non-ASCII Filename Path Traversal Arbitrary File Write to RCE",
33920
+ "rwep": 25,
33921
+ "cvss": 7.2,
33922
+ "cisa_kev": false,
33923
+ "epss_score": null,
33924
+ "referencing_skills": [
33925
+ "kernel-lpe-triage",
33926
+ "ai-attack-surface",
33927
+ "compliance-theater",
33928
+ "attack-surface-pentest",
33929
+ "ot-ics-security",
33930
+ "coordinated-vuln-disclosure",
33931
+ "sector-energy"
33932
+ ],
33933
+ "chain": {
33934
+ "cwes": [
33935
+ {
33936
+ "id": "CWE-1037",
33937
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
33938
+ "category": "Hardware / Side Channel"
33939
+ },
33940
+ {
33941
+ "id": "CWE-1039",
33942
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
33943
+ "category": "AI/ML"
33944
+ },
33945
+ {
33946
+ "id": "CWE-125",
33947
+ "name": "Out-of-bounds Read",
33948
+ "category": "Memory Safety"
33949
+ },
33950
+ {
33951
+ "id": "CWE-1357",
33952
+ "name": "Reliance on Insufficiently Trustworthy Component",
33953
+ "category": "Supply Chain"
33954
+ },
33955
+ {
33956
+ "id": "CWE-1395",
33957
+ "name": "Dependency on Vulnerable Third-Party Component",
33958
+ "category": "Supply Chain"
33959
+ },
33960
+ {
33961
+ "id": "CWE-1426",
33962
+ "name": "Improper Validation of Generative AI Output",
33963
+ "category": "AI/ML"
33964
+ },
33965
+ {
33966
+ "id": "CWE-22",
33967
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
33968
+ "category": "Path/Resource"
33969
+ },
33970
+ {
33971
+ "id": "CWE-269",
33972
+ "name": "Improper Privilege Management",
33973
+ "category": "Authorization"
33974
+ },
33975
+ {
33976
+ "id": "CWE-287",
33977
+ "name": "Improper Authentication",
33978
+ "category": "Authentication"
33979
+ },
33980
+ {
33981
+ "id": "CWE-306",
33982
+ "name": "Missing Authentication for Critical Function",
33983
+ "category": "Authentication"
33984
+ },
33985
+ {
33986
+ "id": "CWE-352",
33987
+ "name": "Cross-Site Request Forgery (CSRF)",
33988
+ "category": "Session"
33989
+ },
33990
+ {
33991
+ "id": "CWE-362",
33992
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
33993
+ "category": "Concurrency"
33994
+ },
33995
+ {
33996
+ "id": "CWE-416",
33997
+ "name": "Use After Free",
33998
+ "category": "Memory Safety"
33999
+ },
34000
+ {
34001
+ "id": "CWE-434",
34002
+ "name": "Unrestricted Upload of File with Dangerous Type",
34003
+ "category": "File Handling"
34004
+ },
34005
+ {
34006
+ "id": "CWE-672",
34007
+ "name": "Operation on a Resource after Expiration or Release",
34008
+ "category": "Memory Safety"
34009
+ },
34010
+ {
34011
+ "id": "CWE-732",
34012
+ "name": "Incorrect Permission Assignment for Critical Resource",
34013
+ "category": "Authorization"
34014
+ },
34015
+ {
34016
+ "id": "CWE-78",
34017
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
34018
+ "category": "Injection"
34019
+ },
34020
+ {
34021
+ "id": "CWE-787",
34022
+ "name": "Out-of-bounds Write",
34023
+ "category": "Memory Safety"
34024
+ },
34025
+ {
34026
+ "id": "CWE-79",
34027
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
34028
+ "category": "Injection"
34029
+ },
34030
+ {
34031
+ "id": "CWE-798",
34032
+ "name": "Use of Hard-coded Credentials",
34033
+ "category": "Credentials"
34034
+ },
34035
+ {
34036
+ "id": "CWE-89",
34037
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
34038
+ "category": "Injection"
34039
+ },
34040
+ {
34041
+ "id": "CWE-918",
34042
+ "name": "Server-Side Request Forgery (SSRF)",
34043
+ "category": "Network"
34044
+ },
34045
+ {
34046
+ "id": "CWE-94",
34047
+ "name": "Improper Control of Generation of Code (Code Injection)",
34048
+ "category": "Injection"
34049
+ }
34050
+ ],
34051
+ "atlas": [
34052
+ {
34053
+ "id": "AML.T0010",
34054
+ "name": "ML Supply Chain Compromise",
34055
+ "tactic": "Initial Access"
34056
+ },
34057
+ {
34058
+ "id": "AML.T0016",
34059
+ "name": "Obtain Capabilities: Develop Capabilities",
34060
+ "tactic": "Resource Development"
34061
+ },
34062
+ {
34063
+ "id": "AML.T0017",
34064
+ "name": "Discover ML Model Ontology",
34065
+ "tactic": "Discovery"
34066
+ },
34067
+ {
34068
+ "id": "AML.T0018",
34069
+ "name": "Backdoor ML Model",
34070
+ "tactic": "Persistence"
34071
+ },
34072
+ {
34073
+ "id": "AML.T0020",
34074
+ "name": "Poison Training Data",
34075
+ "tactic": "ML Attack Staging"
34076
+ },
34077
+ {
34078
+ "id": "AML.T0043",
34079
+ "name": "Craft Adversarial Data",
34080
+ "tactic": "ML Attack Staging"
34081
+ },
34082
+ {
34083
+ "id": "AML.T0051",
34084
+ "name": "LLM Prompt Injection",
34085
+ "tactic": "Execution"
34086
+ },
34087
+ {
34088
+ "id": "AML.T0054",
34089
+ "name": "LLM Jailbreak",
34090
+ "tactic": "Defense Evasion"
34091
+ },
34092
+ {
34093
+ "id": "AML.T0096",
34094
+ "name": "AI API as Covert C2 Channel",
34095
+ "tactic": "Command and Control"
34096
+ }
34097
+ ],
34098
+ "d3fend": [
34099
+ {
34100
+ "id": "D3-ASLR",
34101
+ "name": "Address Space Layout Randomization",
34102
+ "tactic": "Harden"
34103
+ },
34104
+ {
34105
+ "id": "D3-CSPP",
34106
+ "name": "Client-server Payload Profiling",
34107
+ "tactic": "Detect"
34108
+ },
34109
+ {
34110
+ "id": "D3-EAL",
34111
+ "name": "Executable Allowlisting",
34112
+ "tactic": "Harden"
34113
+ },
34114
+ {
34115
+ "id": "D3-IOPR",
34116
+ "name": "Input/Output Profiling Resource",
34117
+ "tactic": "Detect"
34118
+ },
34119
+ {
34120
+ "id": "D3-NTA",
34121
+ "name": "Network Traffic Analysis",
34122
+ "tactic": "Detect"
34123
+ },
34124
+ {
34125
+ "id": "D3-PHRA",
34126
+ "name": "Process Hardware Resource Access",
34127
+ "tactic": "Isolate"
34128
+ },
34129
+ {
34130
+ "id": "D3-PSEP",
34131
+ "name": "Process Segment Execution Prevention",
34132
+ "tactic": "Harden"
34133
+ }
34134
+ ],
34135
+ "framework_gaps": [
34136
+ {
34137
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
34138
+ "framework": "ALL",
34139
+ "control_name": "AI Pipeline Integrity"
34140
+ },
34141
+ {
34142
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
34143
+ "framework": "ALL",
34144
+ "control_name": "Prompt Injection as Access Control Failure"
34145
+ },
34146
+ {
34147
+ "id": "CIS-Controls-v8-Control7",
34148
+ "framework": "CIS Controls v8",
34149
+ "control_name": "Continuous Vulnerability Management"
34150
+ },
34151
+ {
34152
+ "id": "CMMC-2.0-Level-2",
34153
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
34154
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
34155
+ },
34156
+ {
34157
+ "id": "FedRAMP-Rev5-Moderate",
34158
+ "framework": "FedRAMP Rev 5 Moderate",
34159
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
34160
+ },
34161
+ {
34162
+ "id": "IEC-62443-3-3",
34163
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
34164
+ "control_name": "System security requirements and security levels"
34165
+ },
34166
+ {
34167
+ "id": "ISO-27001-2022-A.8.28",
34168
+ "framework": "ISO/IEC 27001:2022",
34169
+ "control_name": "Secure coding"
34170
+ },
34171
+ {
34172
+ "id": "ISO-27001-2022-A.8.8",
34173
+ "framework": "ISO/IEC 27001:2022",
34174
+ "control_name": "Management of technical vulnerabilities"
34175
+ },
34176
+ {
34177
+ "id": "ISO-IEC-23894-2023-clause-7",
34178
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
34179
+ "control_name": "AI risk management process"
34180
+ },
34181
+ {
34182
+ "id": "NERC-CIP-007-6-R4",
34183
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
34184
+ "control_name": "Security event monitoring"
34185
+ },
34186
+ {
34187
+ "id": "NIS2-Art21-patch-management",
34188
+ "framework": "EU NIS2 Directive",
34189
+ "control_name": "Vulnerability handling and disclosure"
34190
+ },
34191
+ {
34192
+ "id": "NIST-800-115",
34193
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
34194
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
34195
+ },
34196
+ {
34197
+ "id": "NIST-800-218-SSDF",
34198
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
34199
+ "control_name": "Secure Software Development Framework"
34200
+ },
34201
+ {
34202
+ "id": "NIST-800-53-AC-2",
34203
+ "framework": "NIST SP 800-53 Rev 5",
34204
+ "control_name": "Account Management"
34205
+ },
34206
+ {
34207
+ "id": "NIST-800-53-SC-8",
34208
+ "framework": "NIST SP 800-53 Rev 5",
34209
+ "control_name": "Transmission Confidentiality and Integrity"
34210
+ },
34211
+ {
34212
+ "id": "NIST-800-53-SI-2",
34213
+ "framework": "NIST SP 800-53 Rev 5",
34214
+ "control_name": "Flaw Remediation"
34215
+ },
34216
+ {
34217
+ "id": "NIST-800-53-SI-3",
34218
+ "framework": "NIST SP 800-53 Rev 5",
34219
+ "control_name": "Malicious Code Protection"
34220
+ },
34221
+ {
34222
+ "id": "NIST-800-82r3",
34223
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
34224
+ "control_name": "Guide to Operational Technology (OT) Security"
34225
+ },
34226
+ {
34227
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
34228
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34229
+ "control_name": "Prompt Injection"
34230
+ },
34231
+ {
34232
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
34233
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34234
+ "control_name": "Sensitive Information Disclosure"
34235
+ },
34236
+ {
34237
+ "id": "OWASP-Pen-Testing-Guide-v5",
34238
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
34239
+ "control_name": "Web application penetration testing methodology"
34240
+ },
34241
+ {
34242
+ "id": "PCI-DSS-4.0-6.3.3",
34243
+ "framework": "PCI DSS 4.0",
34244
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
34245
+ },
34246
+ {
34247
+ "id": "PTES-Pre-engagement",
34248
+ "framework": "Penetration Testing Execution Standard (PTES)",
34249
+ "control_name": "Pre-engagement Interactions"
34250
+ },
34251
+ {
34252
+ "id": "SOC2-CC6-logical-access",
34253
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34254
+ "control_name": "Logical and Physical Access Controls"
34255
+ },
34256
+ {
34257
+ "id": "SOC2-CC9-vendor-management",
34258
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34259
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
34260
+ }
34261
+ ],
34262
+ "attack_refs": [
34263
+ "T0855",
34264
+ "T0883",
34265
+ "T1059",
34266
+ "T1068",
34267
+ "T1078",
34268
+ "T1133",
34269
+ "T1190",
34270
+ "T1548.001",
34271
+ "T1566"
34272
+ ],
34273
+ "rfc_refs": [
34274
+ "RFC-4301",
34275
+ "RFC-4303",
34276
+ "RFC-7296"
34277
+ ]
34278
+ }
34279
+ },
33918
34280
  "CVE-2026-41091": {
33919
34281
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
33920
34282
  "rwep": 45,
@@ -60300,6 +60662,7 @@
60300
60662
  "CVE-2024-11392",
60301
60663
  "CVE-2024-11393",
60302
60664
  "CVE-2024-11394",
60665
+ "CVE-2024-13059",
60303
60666
  "CVE-2024-1561",
60304
60667
  "CVE-2024-21513",
60305
60668
  "CVE-2024-21575",
@@ -60695,6 +61058,7 @@
60695
61058
  "CVE-2024-11392",
60696
61059
  "CVE-2024-11393",
60697
61060
  "CVE-2024-11394",
61061
+ "CVE-2024-13059",
60698
61062
  "CVE-2024-1561",
60699
61063
  "CVE-2024-21513",
60700
61064
  "CVE-2024-21575",
@@ -60881,6 +61245,7 @@
60881
61245
  "CVE-2024-11392",
60882
61246
  "CVE-2024-11393",
60883
61247
  "CVE-2024-11394",
61248
+ "CVE-2024-13059",
60884
61249
  "CVE-2024-1561",
60885
61250
  "CVE-2024-21513",
60886
61251
  "CVE-2024-21575",
@@ -61081,6 +61446,7 @@
61081
61446
  "CVE-2024-11392",
61082
61447
  "CVE-2024-11393",
61083
61448
  "CVE-2024-11394",
61449
+ "CVE-2024-13059",
61084
61450
  "CVE-2024-1561",
61085
61451
  "CVE-2024-21513",
61086
61452
  "CVE-2024-21575",
@@ -61385,6 +61751,7 @@
61385
61751
  "CVE-2024-11392",
61386
61752
  "CVE-2024-11393",
61387
61753
  "CVE-2024-11394",
61754
+ "CVE-2024-13059",
61388
61755
  "CVE-2024-1561",
61389
61756
  "CVE-2024-21513",
61390
61757
  "CVE-2024-21575",
@@ -61648,6 +62015,7 @@
61648
62015
  "CVE-2024-11393",
61649
62016
  "CVE-2024-11394",
61650
62017
  "CVE-2024-12987",
62018
+ "CVE-2024-13059",
61651
62019
  "CVE-2024-1561",
61652
62020
  "CVE-2024-1708",
61653
62021
  "CVE-2024-21513",
@@ -62493,6 +62861,7 @@
62493
62861
  "CVE-2024-11392",
62494
62862
  "CVE-2024-11393",
62495
62863
  "CVE-2024-11394",
62864
+ "CVE-2024-13059",
62496
62865
  "CVE-2024-1561",
62497
62866
  "CVE-2024-21513",
62498
62867
  "CVE-2024-21575",
@@ -63118,6 +63487,7 @@
63118
63487
  "CVE-2024-11392",
63119
63488
  "CVE-2024-11393",
63120
63489
  "CVE-2024-11394",
63490
+ "CVE-2024-13059",
63121
63491
  "CVE-2024-1561",
63122
63492
  "CVE-2024-21513",
63123
63493
  "CVE-2024-21575",
@@ -63381,6 +63751,7 @@
63381
63751
  "CVE-2024-11392",
63382
63752
  "CVE-2024-11393",
63383
63753
  "CVE-2024-11394",
63754
+ "CVE-2024-13059",
63384
63755
  "CVE-2024-1561",
63385
63756
  "CVE-2024-21513",
63386
63757
  "CVE-2024-21575",
@@ -64070,6 +64441,7 @@
64070
64441
  "CVE-2024-11392",
64071
64442
  "CVE-2024-11393",
64072
64443
  "CVE-2024-11394",
64444
+ "CVE-2024-13059",
64073
64445
  "CVE-2024-1561",
64074
64446
  "CVE-2024-21513",
64075
64447
  "CVE-2024-21575",
@@ -64340,6 +64712,7 @@
64340
64712
  "CVE-2024-11393",
64341
64713
  "CVE-2024-11394",
64342
64714
  "CVE-2024-12987",
64715
+ "CVE-2024-13059",
64343
64716
  "CVE-2024-1561",
64344
64717
  "CVE-2024-1708",
64345
64718
  "CVE-2024-21513",
@@ -64786,6 +65159,7 @@
64786
65159
  "CVE-2024-11393",
64787
65160
  "CVE-2024-11394",
64788
65161
  "CVE-2024-12987",
65162
+ "CVE-2024-13059",
64789
65163
  "CVE-2024-1561",
64790
65164
  "CVE-2024-1708",
64791
65165
  "CVE-2024-21513",
@@ -65260,6 +65634,7 @@
65260
65634
  "CVE-2024-11392",
65261
65635
  "CVE-2024-11393",
65262
65636
  "CVE-2024-11394",
65637
+ "CVE-2024-13059",
65263
65638
  "CVE-2024-1561",
65264
65639
  "CVE-2024-21513",
65265
65640
  "CVE-2024-21575",
@@ -66082,6 +66457,7 @@
66082
66457
  "CVE-2024-11393",
66083
66458
  "CVE-2024-11394",
66084
66459
  "CVE-2024-12987",
66460
+ "CVE-2024-13059",
66085
66461
  "CVE-2024-1561",
66086
66462
  "CVE-2024-1708",
66087
66463
  "CVE-2024-21513",
@@ -66620,6 +66996,7 @@
66620
66996
  "CVE-2024-11392",
66621
66997
  "CVE-2024-11393",
66622
66998
  "CVE-2024-11394",
66999
+ "CVE-2024-13059",
66623
67000
  "CVE-2024-1561",
66624
67001
  "CVE-2024-21513",
66625
67002
  "CVE-2024-21575",
@@ -66968,6 +67345,7 @@
66968
67345
  "CVE-2024-11393",
66969
67346
  "CVE-2024-11394",
66970
67347
  "CVE-2024-12987",
67348
+ "CVE-2024-13059",
66971
67349
  "CVE-2024-1561",
66972
67350
  "CVE-2024-1708",
66973
67351
  "CVE-2024-21513",
@@ -67525,6 +67903,7 @@
67525
67903
  "CVE-2024-11392",
67526
67904
  "CVE-2024-11393",
67527
67905
  "CVE-2024-11394",
67906
+ "CVE-2024-13059",
67528
67907
  "CVE-2024-1561",
67529
67908
  "CVE-2024-21513",
67530
67909
  "CVE-2024-21575",
@@ -68485,6 +68864,7 @@
68485
68864
  "CVE-2024-11392",
68486
68865
  "CVE-2024-11393",
68487
68866
  "CVE-2024-11394",
68867
+ "CVE-2024-13059",
68488
68868
  "CVE-2024-1561",
68489
68869
  "CVE-2024-21513",
68490
68870
  "CVE-2024-21575",
@@ -68609,6 +68989,7 @@
68609
68989
  "CVE-2024-11392",
68610
68990
  "CVE-2024-11393",
68611
68991
  "CVE-2024-11394",
68992
+ "CVE-2024-13059",
68612
68993
  "CVE-2024-1561",
68613
68994
  "CVE-2024-21513",
68614
68995
  "CVE-2024-21575",
@@ -68803,6 +69184,7 @@
68803
69184
  "CVE-2024-11392",
68804
69185
  "CVE-2024-11393",
68805
69186
  "CVE-2024-11394",
69187
+ "CVE-2024-13059",
68806
69188
  "CVE-2024-1561",
68807
69189
  "CVE-2024-21513",
68808
69190
  "CVE-2024-21575",
@@ -69249,6 +69631,7 @@
69249
69631
  "CVE-2024-11393",
69250
69632
  "CVE-2024-11394",
69251
69633
  "CVE-2024-12987",
69634
+ "CVE-2024-13059",
69252
69635
  "CVE-2024-1561",
69253
69636
  "CVE-2024-1708",
69254
69637
  "CVE-2024-21513",
@@ -69713,6 +70096,7 @@
69713
70096
  "CVE-2024-11392",
69714
70097
  "CVE-2024-11393",
69715
70098
  "CVE-2024-11394",
70099
+ "CVE-2024-13059",
69716
70100
  "CVE-2024-1561",
69717
70101
  "CVE-2024-21513",
69718
70102
  "CVE-2024-21575",
@@ -70030,6 +70414,7 @@
70030
70414
  "CVE-2024-11392",
70031
70415
  "CVE-2024-11393",
70032
70416
  "CVE-2024-11394",
70417
+ "CVE-2024-13059",
70033
70418
  "CVE-2024-1561",
70034
70419
  "CVE-2024-21513",
70035
70420
  "CVE-2024-21575",
package/data/atlas-ttps.json CHANGED
@@ -1718,6 +1718,7 @@
1718
1718
  "CVE-2023-43654",
1719
1719
  "CVE-2023-48022",
1720
1720
  "CVE-2023-51449",
1721
+ "CVE-2024-13059",
1721
1722
  "CVE-2024-1561",
1722
1723
  "CVE-2024-21575",
1723
1724
  "CVE-2024-21576",
package/data/attack-techniques.json CHANGED
@@ -279,6 +279,7 @@
279
279
  "CVE-2024-11392",
280
280
  "CVE-2024-11393",
281
281
  "CVE-2024-11394",
282
+ "CVE-2024-13059",
282
283
  "CVE-2024-21513",
283
284
  "CVE-2024-21575",
284
285
  "CVE-2024-21576",
@@ -857,6 +858,7 @@
857
858
  "CVE-2023-51449",
858
859
  "CVE-2023-52163",
859
860
  "CVE-2024-12987",
861
+ "CVE-2024-13059",
860
862
  "CVE-2024-1561",
861
863
  "CVE-2024-1709",
862
864
  "CVE-2024-21575",