Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Jackson-databind RCE via JDOM gadget (CVE-2020-36189)
CVE-2020-36189 lets attackers chain jackson-databind polymorphic deserialization with a JDOM gadget for RCE, SSRF, or XXE. Here's the mechanics and the fix.
dom4j XML external entity vulnerability (CVE-2018-1000632)
CVE-2018-1000632, the dom4j XXE vulnerability, let attackers inject and tamper with XML via unescaped addElement/addAttribute calls. Here's the fix.
CVE analysis: vulnerabilities in Open RAN and 5G core net...
An open RAN 5G core CVE analysis of the 5Ghoul modem flaws: affected components, CVSS/EPSS/KEV context, disclosure timeline, and practical remediation steps.
Apache Commons FileUpload RCE (CVE-2016-1000031)
CVE-2016-1000031 is a critical Apache Commons FileUpload deserialization RCE that still lurks in transitive Java dependencies years after its fix.
H2 database console remote code execution (CVE-2021-42392)
CVE-2021-42392 lets attackers trigger RCE in H2's console and JDBC URL handling via a Log4Shell-style JNDI gadget. Here's what's affected and how to fix it.
Spring Cloud Function SpEL injection RCE (CVE-2022-22963)
CVE-2022-22963 lets attackers RCE unpatched Spring Cloud Function apps via one SpEL header. CVSS 9.8. Here's the fix, fast.
Spring Cloud Gateway actuator RCE (CVE-2022-22947)
A critical SpEL injection flaw in Spring Cloud Gateway's actuator API let unauthenticated attackers run code. Here's the impact, timeline, and fixes.
Apache Shiro remember-me cookie deserialization RCE (CVE-2016-4437)
Apache Shiro's default rememberMe cipher key enables unauthenticated Java deserialization RCE. Here's how CVE-2016-4437 works and how to fix it.
Jetty SSL buffer bloat denial of service (CVE-2021-28165)
CVE-2021-28165 lets attackers exhaust Jetty server memory via SSL buffer bloat, causing denial of service. Affected versions, timeline, and fixes inside.
Spring Security authorization rule bypass (CVE-2023-34035)
CVE-2023-34035 lets Spring Security's requestMatchers() silently mis-evaluate authorization rules in multi-servlet apps. Here's the fix and how to detect exposure.
CVE analysis: Magecart and e-commerce JavaScript supply c...
A Magecart supply chain attack analysis of the CVEs and exploit chains behind skimmer campaigns on Adobe Commerce and Magento, plus how to defend checkout pages.
Spring Security OAuth2 client vulnerability (CVE-2022-31690)
CVE-2022-31690 in Spring Security's OAuth2 client can let one principal obtain another's token. Here's the impact, CVSS/EPSS context, and how to remediate.