Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
CVE-2017-18342: Arbitrary code execution via PyYAML yaml....
CVE-2017-18342 lets attackers achieve remote code execution via PyYAML's yaml.load(), which deserialized untrusted YAML into live Python objects by default.
CVE-2020-1747: PyYAML full_load still allows code execution
CVE-2020-1747 shows PyYAML's FullLoader and full_load() could still trigger arbitrary code execution on untrusted YAML before 5.3.1. Here's the full breakdown.
CVE-2020-14343: PyYAML arbitrary code execution via pytho...
CVE-2020-14343 lets attackers run arbitrary code via PyYAML's python/object/new tag, bypassing an earlier FullLoader fix. Versions, CVSS, and remediation inside.
CVE-2022-22817: Arbitrary code execution in Pillow via Im...
CVE-2022-22817 lets attackers achieve arbitrary code execution via Pillow's ImageMath.eval() when environment data is attacker-controlled. Patch to 9.0.1+.
CVE-2020-35654: Buffer over-read in Pillow PCX decoder
A buffer over-read in Pillow's PCX decoder (CVE-2020-35654) could crash image-processing services on crafted files. Here's the fix and detection guidance.
CVE-2020-35655: Decompression bomb DoS in Pillow
A crafted image file could force Pillow to over-allocate memory, causing denial of service. Here's what CVE-2020-35655 affects, its severity, and how to remediate it.
CVE-2023-50447: Arbitrary code execution via Pillow Image...
A patch bypass in Pillow's ImageMath.eval() reopens arbitrary code execution first flagged in CVE-2022-22817. Here's what changed and how to remediate it.
CVE-2023-49083: NULL pointer dereference in python-crypto...
A NULL pointer dereference in python-cryptography's PKCS7 loader (CVE-2023-49083) lets malformed input crash applications. Here's what to patch and why.
CVE-2023-50782: Bleichenbacher timing oracle in python-cr...
CVE-2023-50782 exposes a Bleichenbacher-style timing oracle in python-cryptography's RSA PKCS1v15 decryption, letting attackers recover plaintext.
CVE-2023-30861: Flask session cookie disclosure to templates
CVE-2023-30861 lets caching proxies leak Flask session cookies between users when responses aren't marked Vary: Cookie. Here's who's affected and how to fix it.
CVE-2019-1010083: Denial of service in Flask via large mu...
CVE-2019-1010083 let attackers crash Flask apps with crafted multipart requests. Here's the impact, affected versions, and how to remediate the DoS flaw.
CVE-2023-25577: Denial of service in Werkzeug multipart p...
CVE-2023-25577 lets attackers trigger denial of service in Werkzeug's multipart parser via crafted uploads. Here's the impact, timeline, and fix.