Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

CVE-2019-11358: Prototype pollution in jQuery $.extend

CVE-2019-11358 lets attackers pollute Object.prototype via jQuery's $.extend() deep merge. Here's the impact, affected versions, and how to fix it.

Oct 15, 20257 min read
Vulnerability Analysis

CVE-2020-11022: XSS in jQuery via htmlPrefilter

CVE-2020-11022 lets attacker-controlled HTML bypass sanitization via jQuery's htmlPrefilter, enabling XSS in versions before 3.5.0. Impact, timeline, and fixes.

Oct 15, 20257 min read
Vulnerability Analysis

CVE-2020-11023: XSS in jQuery option/script tag handling

CVE-2020-11023 let untrusted HTML with option tags bypass sanitization in jQuery's DOM methods, enabling XSS. Here's the fix, timeline, and remediation.

Oct 15, 20258 min read
Vulnerability Analysis

CVE-2015-9251: jQuery cross-domain AJAX XSS

CVE-2015-9251 lets attackers exploit jQuery's cross-domain AJAX handling to run arbitrary script. Learn affected versions, risk context, and fixes.

Oct 15, 20257 min read
Vulnerability Analysis

CVE-2020-7729: Command injection in node-notifier

CVE-2020-7729 lets attacker-influenced input reach node-notifier's OS notifier calls, enabling command injection. Here's the impact, timeline, and fix.

Oct 14, 20257 min read
Vulnerability Analysis

CVE-2020-28469: ReDoS in glob-parent

CVE-2020-28469 is a ReDoS flaw in glob-parent before 5.1.2 that can hang processes parsing crafted glob strings. Here's the risk, timeline, and fix.

Oct 14, 20257 min read
Vulnerability Analysis

CVE-2021-23343: ReDoS in path-parse

CVE-2021-23343 is a ReDoS vulnerability in path-parse before 1.0.7 that lets crafted path strings stall Node.js apps. Here's how it works and how to fix it.

Oct 14, 20257 min read
Vulnerability Analysis

CVE-2018-1000620: ReDoS in marked markdown parser

A ReDoS flaw in the marked Markdown parser (CVE-2018-1000620) let crafted input stall Node.js services. Here's the impact, fix, and how to catch it in your dependency tree.

Oct 14, 20258 min read
Vulnerability Analysis

CVE-2022-21680: ReDoS in marked via block token regexes

CVE-2022-21680: how a ReDoS in marked's block-tokenizer regexes could let attackers freeze Markdown-rendering services, plus affected versions, fix, and mitigation steps.

Oct 13, 20257 min read
Vulnerability Analysis

CVE-2022-21681: Second ReDoS flaw in marked

CVE-2022-21681 is a ReDoS flaw in marked's inline tokenizer that lets crafted Markdown hang parsing. What's affected, severity, and how to remediate.

Oct 13, 20256 min read
Vulnerability Analysis

CVE-2022-0235: node-fetch forwards sensitive headers on r...

CVE-2022-0235: node-fetch forwarded cookie and authorization headers across cross-origin redirects. Affected versions, exploitability context, and remediation steps.

Oct 13, 20258 min read
Vulnerability Analysis

CVE-2022-0155: follow-redirects leaks Proxy-Authorization...

CVE-2022-0155: follow-redirects leaked Proxy-Authorization headers across hosts on redirect, exposing proxy credentials via axios and other widely used npm HTTP clients.

Oct 13, 20258 min read
Vulnerability Analysis (Page 33) — Supply Chain Security Blog | Safeguard