Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

CVE-2022-1471: Remote code execution in SnakeYAML deseria...

CVE-2022-1471 exposes SnakeYAML deserialization to remote code execution. Here is what is affected, CVSS context, and how to remediate the flaw.

Sep 23, 20257 min read
Vulnerability Analysis

CVE-2017-18640: Denial of service via SnakeYAML alias ent...

CVE-2017-18640 lets attackers crash Java services by abusing SnakeYAML's YAML alias/anchor expansion. Here's what's affected and how to fix it.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2016-1000027: Remote code execution via Spring HttpIn...

A decade-old flaw in Spring's HttpInvokerServiceExporter enables unauthenticated RCE via Java deserialization. Severity, timeline, and remediation for CVE-2016-1000027.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2018-1270: Remote code execution in Spring Messaging ...

CVE-2018-1270 is a critical, unauthenticated RCE in Spring Messaging's STOMP-over-WebSocket support. Here's what's affected, how severe it is, and how to remediate it.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2018-1271: Path traversal in Spring MVC static resour...

A path traversal flaw in Spring MVC's static resource handling let attackers on Windows deployments escape the web root and read arbitrary files.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2020-5398: Content-type bypass in Spring Framework

CVE-2020-5398 lets attackers bypass Spring Framework RFD protections via Content-Disposition, tricking browsers into downloading malicious files.

Sep 21, 20257 min read
Vulnerability Analysis

CVE-2016-4977: Remote code execution in Spring Security O...

CVE-2016-4977 let attackers achieve remote code execution against Spring Security OAuth's whitelabel views via SpEL injection. Here's what shipped, why, and how to fix it.

Sep 21, 20258 min read
Vulnerability Analysis

CVE-2018-1199: Authorization bypass in Spring Security CO...

CVE-2018-1199 let CORS pre-flight requests slip past Spring Security's authorization checks. What it affected, its real severity, and how to remediate it.

Sep 21, 20257 min read
Vulnerability Analysis

CVE-2021-22112: Improper authorization in Spring Security...

CVE-2021-22112 let Spring Security lose SecurityContext changes mid-request, an improper authorization flaw exposing OAuth2-secured apps to privilege escalation.

Sep 21, 20258 min read
Vulnerability Analysis

CVE-2019-0815: Remote code execution in .NET Core

CVE-2019-0815 is a Microsoft-disclosed remote code execution flaw in .NET Core. Here's what we know about impact, remediation, and supply chain risk.

Sep 20, 20258 min read
Vulnerability Analysis

CVE-2019-0980: .NET Core remote code execution via crafte...

CVE-2019-0980 lets attackers run arbitrary code via a crafted document that abuses how .NET Framework and .NET Core process untrusted input.

Sep 20, 20258 min read
Vulnerability Analysis

CVE-2019-0981: .NET Core remote code execution (second va...

CVE-2019-0981, the second variant of the April 2019 .NET Core RCE pair, let attackers run arbitrary code via a malicious file. Here's what to patch and why.

Sep 20, 20257 min read
Vulnerability Analysis (Page 39) — Supply Chain Security Blog | Safeguard