Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

path-parse regular expression denial of service (CVE-2021-23343)

A ReDoS flaw in path-parse (CVE-2021-23343) lurks deep in webpack and resolve dependency trees. Here's the impact, timeline, and how to fix it.

Jan 3, 20267 min read
Vulnerability Analysis

browserslist ReDoS vulnerability (CVE-2021-23364)

A ReDoS flaw in browserslist (CVE-2021-23364) let crafted query strings stall builds across the JS ecosystem. Here's the full breakdown and fix.

Jan 3, 20267 min read
Vulnerability Analysis

minimatch regular expression denial of service (CVE-2022-3517)

A ReDoS flaw in minimatch (CVE-2022-3517) lets a single crafted string hang Node.js processes. Here's what's affected, the risk context, and how to fix it.

Jan 3, 20267 min read
Vulnerability Analysis

ansi-regex ReDoS vulnerability (CVE-2021-3807)

CVE-2021-3807 is a ReDoS flaw in the widely-used ansi-regex npm package. Here's the impact, affected versions, CVSS/EPSS context, and how to fix it.

Jan 3, 20268 min read
Vulnerability Analysis

nth-check ReDoS vulnerability (CVE-2021-3803)

CVE-2021-3803 turned a niche CSS selector parser into an ecosystem-wide audit headache. Here's the real exploitability picture and how to fix it.

Jan 2, 20268 min read
Vulnerability Analysis

tough-cookie prototype pollution (CVE-2023-26136)

CVE-2023-26136: a prototype pollution flaw in tough-cookie hides deep in transitive Node.js dependencies. Impact, timeline, and remediation steps.

Jan 2, 20268 min read
Vulnerability Analysis

cross-spawn ReDoS vulnerability (CVE-2024-21538)

CVE-2024-21538 is a ReDoS flaw in the widely-used cross-spawn npm package. Learn the impact, CVSS/EPSS context, and how to remediate it.

Jan 1, 20267 min read
Vulnerability Analysis

Express.js open redirect vulnerability (CVE-2024-29041)

CVE-2024-29041 lets attackers weaponize Express.js redirects for phishing. See affected versions, CVSS/EPSS data, and how to remediate fast.

Jan 1, 20267 min read
Vulnerability Analysis

http-cache-semantics ReDoS vulnerability (CVE-2022-25881)

CVE-2022-25881 lets attacker-influenced HTTP responses trigger catastrophic regex backtracking in http-cache-semantics, hanging Node.js services. Here's how to detect and fix it.

Jan 1, 20267 min read
Vulnerability Analysis

Python setuptools package_index ReDoS (CVE-2022-40897)

CVE-2022-40897 is a ReDoS flaw in setuptools' package_index.py that can hang CI pipelines when parsing crafted index pages. Here's how to detect and fix it.

Dec 31, 20257 min read
Vulnerability Analysis

Python requests library proxy-auth credential leak (CVE-2023-32681)

CVE-2023-32681 lets Python's requests library leak Proxy-Authorization credentials to destination servers on HTTPS redirects. Here's the impact, timeline, and fix.

Dec 31, 20258 min read
Vulnerability Analysis

urllib3 CA certificate verification bypass (CVE-2019-11324)

CVE-2019-11324 let urllib3 silently trust unintended CAs during custom certificate validation, undermining pinned-trust and mTLS setups.

Dec 31, 20257 min read
Vulnerability Analysis (Page 21) — Supply Chain Security Blog | Safeguard