npm - @blamejs/exceptd-skills - Versions diffs - 0.16.31 → 0.18.0 - Mend

@blamejs/exceptd-skills 0.16.31 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/ARCHITECTURE.md +1 -1
package/CHANGELOG.md +12 -0
package/CONTEXT.md +3 -3
package/data/_indexes/_meta.json +10 -10
package/data/_indexes/activity-feed.json +3 -3
package/data/_indexes/catalog-summaries.json +3 -3
package/data/_indexes/chains.json +12587 -2
package/data/_indexes/frequency.json +4 -0
package/data/atlas-ttps.json +4 -1
package/data/attack-techniques.json +64 -8
package/data/cve-catalog.json +2207 -2
package/data/cwe-catalog.json +110 -4
package/data/framework-control-gaps.json +183 -11
package/data/zeroday-lessons.json +1015 -1
package/manifest.json +53 -53
package/package.json +3 -3
package/sbom.cdx.json +29 -29

package/ARCHITECTURE.md CHANGED Viewed

@@ -176,7 +176,7 @@ Tracks PoC status, weaponization stage, and AI-assist factor per CVE. Updated wh
 ### `data/cwe-catalog.json`
-177 CWE entries pinned to **CWE v4.20**. Covers the Top 25 Most Dangerous Software Weaknesses (2024 release) plus AI- and supply-chain-relevant weakness classes (prompt-injection-as-trust-boundary failure, training data integrity, dependency confusion, untrusted artifact ingestion). Each entry records root-cause description, common consequences, mitigation patterns, and the CVEs in `cve-catalog.json` that instantiate the weakness. Skills cite CWE IDs in `cwe_refs` to anchor a finding to a stable weakness taxonomy rather than to a single CVE; the CWE provides the durable root-cause lens that survives across exploit generations.
+181 CWE entries pinned to **CWE v4.20**. Covers the Top 25 Most Dangerous Software Weaknesses (2024 release) plus AI- and supply-chain-relevant weakness classes (prompt-injection-as-trust-boundary failure, training data integrity, dependency confusion, untrusted artifact ingestion). Each entry records root-cause description, common consequences, mitigation patterns, and the CVEs in `cve-catalog.json` that instantiate the weakness. Skills cite CWE IDs in `cwe_refs` to anchor a finding to a stable weakness taxonomy rather than to a single CVE; the CWE provides the durable root-cause lens that survives across exploit generations.
 `_meta.cwe_version` pins the version; on a CWE release, audit IDs for renames or deprecations, bump `last_threat_review` on affected skills, and update `_meta`.

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 0.18.0 — 2026-06-13
+The minimum supported Node.js is raised to 24.16.0 (`engines.node` is now `>=24.16.0`), the current Node 24 LTS patch. This makes the runtime's accumulated security fixes across the 24.x line — V8 and OpenSSL patches — the supported baseline rather than an older floor. CI, the release workflow, the daily-refresh and currency workflows, and the Docker reproduction harness are all pinned to 24.16.0 (the Docker base image is re-pinned by digest), and a `.nvmrc` is added so `nvm use` selects the supported version automatically. Installs on Node 22 will surface an `engines` warning; upgrade to Node 24 LTS.
+## 0.17.0 — 2026-06-13
+Twenty newly-listed CISA KEV vulnerabilities are now curated into the catalog (439 → 459 CVEs). Each carries verified CVSS and vector, CWE classification, confirmed active-exploitation status, affected versions, framework-control-gap mapping, ATT&CK (and where applicable ATLAS) references, RWEP scoring, behavioral indicators of compromise, and a matching zero-day lesson — every fact sourced from NVD, the CISA KEV catalog, and the vendor advisory.
+Coverage spans the AI/LLM surface and broad infrastructure: BerriAI LiteLLM's MCP test-endpoint command injection (authenticated host RCE on the LLM gateway), Ivanti Sentry unauthenticated root RCE, Palo Alto PAN-OS and Check Point gateway authentication bypasses, Oracle PeopleSoft and WebLogic, Cisco Catalyst SD-WAN Manager, Chromium V8, the Linux kernel cgroups container escape, Android, FreeType, two EOL GeoVision command-injection flaws recruited into a Mirai botnet, and a trojanized DAEMON Tools Lite supply-chain compromise.
+Four CWE classes new to the catalog are added with their AI-gap framing: improper output encoding (CWE-116), improper privilege management (CWE-266), hidden functionality / backdoor (CWE-912), and incomplete comparison with missing factors (CWE-1023).
 ## 0.16.31 — 2026-06-13
 The data refresh no longer overwrites a curator-pinned CVSS score or vector with NVD's same-version re-score. A curated catalog entry — the hand-verified norm — keeps its maintainer-set CVSS; the NVD delta is surfaced in the refresh report for a maintainer to accept deliberately, instead of silently lowering a curated 10.0 to NVD's 9.8. Raw auto-imported drafts, which are not yet curated, still take NVD's score directly. This extends the existing curated-data protections — the CVSS version-downgrade guard and the CISA-KEV de-listing guard — to same-version CVSS re-scores: an upstream that disagrees with curated intel is surfaced, never silently applied.

package/CONTEXT.md CHANGED Viewed

@@ -113,14 +113,14 @@ Skills and playbooks read from `data/`. Authoritative catalog inventory:
 | File | Entries | Purpose |
 |------|---------|---------|
-| `cve-catalog.json` | 439 | CVEs with CVSS, RWEP score, EPSS estimates, CISA KEV flags, PoC and live-patch availability |
+| `cve-catalog.json` | 459 | CVEs with CVSS, RWEP score, EPSS estimates, CISA KEV flags, PoC and live-patch availability |
 | `atlas-ttps.json` | 170 | MITRE ATLAS v2026.05 (May 2026) techniques with framework gap flags |
 | `attack-techniques.json` | 805 | MITRE ATT&CK techniques with framework coverage mappings |
 | `framework-control-gaps.json` | 194 | Framework control gap entries: designed-for vs. what each control misses |
 | `exploit-availability.json` | 28 | Per-CVE PoC locations, weaponization stage, AI-acceleration factor, live-patch status |
 | `global-frameworks.json` | 35 jurisdictions | Patch SLAs and notification windows across global regulatory regimes |
-| `zeroday-lessons.json` | 439 | Learning-loop entries: zero-day → attack vector → control gap → framework gap → new control |
-| `cwe-catalog.json` | 177 | CWE v4.20 entries (Top 25 2024 plus AI- and supply-chain-relevant weaknesses) |
+| `zeroday-lessons.json` | 459 | Learning-loop entries: zero-day → attack vector → control gap → framework gap → new control |
+| `cwe-catalog.json` | 181 | CWE v4.20 entries (Top 25 2024 plus AI- and supply-chain-relevant weaknesses) |
 | `d3fend-catalog.json` | 468 | MITRE D3FEND v1.3.0 defensive techniques for offensive → defensive mapping |
 | `rfc-references.json` | 8888 | IETF RFC / Internet-Draft references with status, errata count, replaces / replaced-by, `last_verified` dates |
 | `dlp-controls.json` | 22 | DLP control entries indexed by channel, classifier, surface, enforcement mode, evidence type |

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-06-13T14:42:56.398Z",
+  "generated_at": "2026-06-13T18:01:31.934Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 64,
   "source_hashes": {
-    "manifest.json": "c11cdd490e2de2c62ce2d25caa613abdf8d425419efe1e9e7b3ab356686c664f",
+    "manifest.json": "4cb67bb81f2d48f953d625ee22e7747a08285e9381fe13f5a46135dc641b4db6",
     "README.md": "e7b854e7db9a364a1b368b5084b4f0c2a8282f0459ce39800ac1d1dabdc06074",
-    "data/atlas-ttps.json": "29f3447ac5c45f42f50b3ed8a46010c2b8ecbcc8094bb19b5db57ba4707b396c",
-    "data/attack-techniques.json": "6506db66fdd69bb3564e12aef8f727edddc55d0e6e99f60833a200a57e8ee65e",
-    "data/cve-catalog.json": "51d8425a49e5cc0375d0a154a83a16816e99c3141a5bbafe6383607ca11be240",
-    "data/cwe-catalog.json": "b398003b68b0d9539d13a5536e933005149fd05f3d33978297c870987542cd86",
+    "data/atlas-ttps.json": "5bc59e23d6c2defa54168de161a0825299b9cc4a49c6b26df2dae70b4f42eedf",
+    "data/attack-techniques.json": "53c6f248760eecb11a0354f74ab467a5814e95075a686b9b3bf18c34e2f7435e",
+    "data/cve-catalog.json": "eedd129c657e535d53df5d4d44fa54009b69cde85673cf7c9d426054eddc43d2",
+    "data/cwe-catalog.json": "359263361fa52069e2856cc352d8f1c757d614ea840db6ef3ff5e696185ca220",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "b0ad6a39648322df7f5c596238acdc791631eb1d047171be53576808c64b03ce",
+    "data/framework-control-gaps.json": "760c2275803c6da3665ce538c5176bde6f041b68cc3d4808b8de961dfcdee6b8",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
-    "data/zeroday-lessons.json": "b6403d31f06e8f081217c338d2d5c515f8352295fbf58395f3c571cd95a05de0",
+    "data/zeroday-lessons.json": "8c69eec9103eeea236ceb1a157d62b35bafcf8a5de86502e25e4587cc5931247",
     "skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
     "skills/ai-attack-surface/skill.md": "6eefa7772f1faf9c8ed971f2a827cd48398a12ab3b691b258c7c8364a5deb39c",
     "skills/mcp-agent-trust/skill.md": "bda6842bfa3b8bfd5edb3ef37751c493ff32a3ca80f771c3d988ede4176f0803",
@@ -82,8 +82,8 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 688,
-    "chains_cve_entries": 426,
-    "chains_cwe_entries": 177,
+    "chains_cve_entries": 446,
+    "chains_cwe_entries": 181,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 51,
     "summary_cards": 51,

package/data/_indexes/activity-feed.json CHANGED Viewed

@@ -314,7 +314,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 439
+      "entry_count": 459
     },
     {
       "date": "2026-06-01",
@@ -322,7 +322,7 @@
       "artifact": "data/cwe-catalog.json",
       "path": "data/cwe-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 177
+      "entry_count": 181
     },
     {
       "date": "2026-06-01",
@@ -330,7 +330,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 439
+      "entry_count": 459
     },
     {
       "date": "2026-05-27",

package/data/_indexes/catalog-summaries.json CHANGED Viewed

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 439,
+      "entry_count": 459,
       "sample_keys": [
         "CVE-2022-23812",
         "MAL-2026-TRAPDOOR-CROSS-ECOSYSTEM",
@@ -84,7 +84,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 177,
+      "entry_count": 181,
       "sample_keys": [
         "CWE-20",
         "CWE-22",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 439,
+      "entry_count": 459,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",