Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

BuildKit Privileged Entitlement Check Bypass Enabling Hos...

CVE-2024-23653 lets malicious Dockerfiles bypass BuildKit's privileged entitlement check via the interactive containers API, escaping to the host.

Nov 20, 20258 min read
Vulnerability Analysis

BuildKit Build-Time Container Teardown Arbitrary File Del...

A malicious Dockerfile can exploit CVE-2024-23652 to make BuildKit delete arbitrary host files during build teardown. Here's what's affected and how to fix it.

Nov 20, 20257 min read
Vulnerability Analysis

BuildKit Mount Cache Race Condition Vulnerability (CVE-20...

CVE-2024-23651 is a high-severity BuildKit race condition that can expose host files to build containers via shared cache mounts. Here's the full breakdown.

Nov 20, 20258 min read
Vulnerability Analysis

CVE-2024-21626: runc process.cwd Container Breakout Deep ...

A technical breakdown of CVE-2024-21626, the runc process.cwd() flaw enabling container breakout to host access, with detection and remediation guidance.

Oct 28, 20257 min read
Vulnerability Analysis

Log4Shell (CVE-2021-44228) Deep Dive: JNDI Injection in L...

Log4Shell (CVE-2021-44228) let attackers achieve remote code execution via a single logged string. A deep dive into the JNDI flaw, its impact, and remediation.

Oct 28, 20258 min read
Vulnerability Analysis

Spring4Shell (CVE-2022-22965) Deep Dive: RCE via Data Bin...

A technical breakdown of Spring4Shell (CVE-2022-22965): the data-binding RCE, affected Spring/Tomcat configurations, severity, timeline, and how to remediate and detect exposure.

Oct 27, 20257 min read
Vulnerability Analysis

CVE-2018-16487: Prototype pollution in lodash via merge/m...

CVE-2018-16487 let attackers pollute Object.prototype through lodash's merge, mergeWith, and defaultsDeep — a bypass of an earlier fix, patched in 4.17.11.

Oct 17, 20257 min read
Vulnerability Analysis

CVE-2020-8203: Prototype pollution in lodash zipObjectDeep

CVE-2020-8203 lets attackers pollute JavaScript's Object prototype via lodash's zipObjectDeep function, risking DoS or RCE in downstream apps.

Oct 17, 20258 min read
Vulnerability Analysis

CVE-2021-23337: Command injection in lodash template func...

CVE-2021-23337 enables command injection via lodash's template function in versions before 4.17.21. Here's the CVSS context, timeline, and how to remediate it.

Oct 16, 20257 min read
Vulnerability Analysis

CVE-2021-44906: Prototype pollution in minimist

CVE-2021-44906 exposed a prototype pollution flaw in minimist versions before 1.2.6, letting attackers pollute Object.prototype via crafted parser keys.

Oct 16, 20257 min read
Vulnerability Analysis

CVE-2017-16137: ReDoS in debug package

CVE-2017-16137 is a ReDoS flaw in the debug npm package that can hang Node.js apps on crafted input. Here's what's affected and how to fix it.

Oct 16, 20258 min read
Vulnerability Analysis

CVE-2018-3728: Prototype pollution in hoek

CVE-2018-3728 is a prototype pollution flaw in Hoek's merge functions, exposing hapi.js and Joi-based apps to __proto__ injection. Here's the impact, fix, and remediation path.

Oct 16, 20257 min read
Vulnerability Analysis (Page 32) — Supply Chain Security Blog | Safeguard