Tag
argument-injection
Safeguard articles tagged "argument-injection" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Application Security
Argument injection in Git and Mercurial CLI wrappers
A branch name like --upload-pack=/bin/sh isn't a string to Git — it's a flag. CVE-2017-1000117 and CVE-2017-1000116 show why that distinction matters.
Jul 10, 20266 min read
Vulnerability Analysis
PHP-CGI Argument Injection RCE on Windows (CVE-2024-4577) Explained
CVE-2024-4577 revived a decade-old PHP-CGI flaw through a Windows Unicode 'best-fit' quirk, yielding unauthenticated RCE. Here's the mechanism and the patched versions.
Jul 8, 20265 min read
Vulnerability Analysis
Argument injection vulnerabilities explained
How argument injection (CWE-88) vulnerabilities work, real CVEs like PHPMailer and Git ssh URLs, and how teams detect and prevent CWE-88 flaws.
Dec 1, 20257 min read