Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

lodash prototype pollution via zipObjectDeep (CVE-2020-8203)

CVE-2020-8203 lets attackers pollute Object.prototype via lodash's zipObjectDeep. Learn affected versions, CVSS/EPSS context, and remediation steps.

Jan 12, 20267 min read
Vulnerability Analysis

lodash defaultsDeep prototype pollution (CVE-2019-10744)

A critical prototype pollution flaw in lodash's defaultsDeep (CVE-2019-10744) lets attackers corrupt Object.prototype. Here's the impact and how to fix it.

Jan 12, 20268 min read
Vulnerability Analysis

lodash template code injection (CVE-2021-23337)

CVE-2021-23337 lets attackers inject code via lodash's template function. Here's the impact, affected versions, CVSS/EPSS context, and how to remediate it.

Jan 12, 20268 min read
Vulnerability Analysis

Alibaba fastjson deserialization RCE (CVE-2022-25845)

A critical AutoType-bypass RCE in Alibaba fastjson (CVSS 9.8, EPSS ~99th pct) hits any app parsing untrusted JSON. Here's how to detect and fix it.

Jan 11, 20267 min read
Vulnerability Analysis

Struts2 REST plugin XStream deserialization RCE (CVE-2017-9805)

CVE-2017-9805 lets attackers RCE Struts2 REST APIs via unsafe XStream XML deserialization. Learn impact, affected versions, and remediation steps.

Jan 11, 20267 min read
Vulnerability Analysis

Apache Commons Collections deserialization gadget RCE (CVE-2015-7501)

A decade-old Apache Commons Collections deserialization gadget chain still enables unauthenticated RCE across legacy Java middleware. Here's how to find and fix it.

Jan 11, 20268 min read
Vulnerability Analysis

GitLab ExifTool RCE (CVE-2021-22205)

CVE-2021-22205 let attackers RCE self-managed GitLab via a malicious ExifTool-parsed upload — no auth required. Here's the timeline and fix.

Jan 11, 20268 min read
Vulnerability Analysis

OpenSSL BN_mod_sqrt infinite loop DoS (CVE-2022-0778)

CVE-2022-0778 lets attackers hang OpenSSL with a single malformed certificate. Here's the impact, affected versions, and how to remediate fast.

Jan 10, 20267 min read
Vulnerability Analysis

Dirty COW Linux kernel privilege escalation (CVE-2016-5195)

Dirty COW (CVE-2016-5195) let local attackers hijack a kernel race condition for root. Nine years old, still found in fleets — here's how to find and fix it.

Jan 10, 20268 min read
Vulnerability Analysis

Dirty Pipe Linux kernel arbitrary write (CVE-2022-0847)

Dirty Pipe (CVE-2022-0847) lets local attackers overwrite read-only files via a pipe buffer flaw, enabling fast, reliable root escalation on Linux and Android.

Jan 10, 20268 min read
Vulnerability Analysis

Log4Shell Five Years Later: What CVE-2021-44228 Taught Us About Transitive Risk

Five years after Log4Shell, the technical details still matter, but the lasting lessons are about transitive dependencies, SBOM accuracy, and the long tail of unpatched internal tooling.

Jan 9, 20265 min read
Vulnerability Analysis

Kubernetes API server privilege escalation via aggregated API (CVE-2018-1002105)

A critical flaw in Kubernetes' aggregated API let unauthenticated users gain full admin privileges. Here's how it worked and how to fix it.

Jan 9, 20267 min read
Vulnerability Analysis (Page 18) — Supply Chain Security Blog | Safeguard