Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Improper input validation (CWE-20) explained
CWE-20 explained: how improper input validation causes SQLi, RCE, and DoS, with real CVEs like Equifax's Struts breach and how to detect and fix it.
Sensitive data exposure in application logs explained
Passwords, tokens, and PII often end up readable in plaintext logs. Here's how CWE-532 exposures happen, real breaches they caused, and how to fix them.
node-ipc 'Protestware' Sabotage Code Shipped to Millions ...
How a rogue node-ipc update turned a trusted npm dependency into disk-wiping protestware, and what CVE-2022-23812 means for your supply chain.
Apache Ant 'Get' Task Certificate Validation Failure (CVE...
CVE-2020-1945 exposes insecure temp-file handling in Apache Ant, risking data leaks and build-tampering. Affected versions, CVSS/EPSS context, and fixes inside.
Git Argument Injection via Crafted SSH URL (CVE-2017-1000...
CVE-2017-1000117 let a malicious repo run code on anyone who cloned it via a crafted ssh:// URL. Impact, affected Git versions, CVSS, and fixes.
Git Remote Code Execution via Malicious .gitmodules Submo...
CVE-2018-11235 let a malicious .gitmodules file hijack Git submodule checkout, executing arbitrary code via post-checkout hooks on clone.
Git Clone RCE via Symlink Race on Case-Insensitive Filesy...
A patched Git flaw let attackers achieve remote code execution during clone via a symlink race on case-insensitive filesystems. Here's what teams need to know.
Git safe.directory Bypass Enabling Code Execution on Mult...
CVE-2022-24765 let local users on shared Windows systems bypass Git's ownership checks and trigger code execution via malicious repo configs. Here's the full breakdown.
Git Local Clone Information Disclosure via Hardlinks (CVE...
CVE-2022-39253 abuses Git's local clone hardlink optimization to leak files from outside a repository. Here's the impact, fix, and how to stay protected.
Git Heap Buffer Overflow via GIT_PUSH_OPTION_COUNT (CVE-2...
CVE-2022-39260 is a heap overflow in Git from an integer overflow in GIT_PUSH_OPTION_COUNT during git push. What changed, and how to remediate it.
Helm 2 Tiller's Default Unauthenticated gRPC Endpoint (CV...
CVE-2019-18658 shows how Helm 2's Tiller ran an unauthenticated gRPC endpoint by default, letting network-adjacent attackers seize cluster-admin control.
Helm Chart Repository Index Cache Confusion Vulnerability...
CVE-2021-32690 is a Helm chart repository index cache confusion flaw fixed in 3.6.1 that could push users toward an unintended chart. Here's what matters.