Code Execution
Safeguard articles tagged "Code Execution" — guides, analysis, and best practices for software supply chain and application security.
5 articles
YAML Deserialization Attacks: The Config File That Runs Code
YAML's type system allows object instantiation during parsing. In many languages, this means a YAML file can execute arbitrary code.
PyYAML Loader arbitrary code execution (CVE-2017-18342)
PyYAML's default yaml.load() Loader lets attackers run arbitrary code via crafted YAML input. Here's how CVE-2017-18342 works and how to fix it.
Composer Arbitrary Code Execution via Platform Config Han...
CVE-2021-41116 let malicious composer.json platform config values inject PHP code into Composer autoload files, causing code execution on install.
Agentic Unexpected Code Execution Vulnerabilities
How AI agents with code-execution tools get hijacked by prompt injection—from the Vanna.ai RCE (CVE-2024-5565) to LangChain and MCP—and what to do about it.
Template Injection (SSTI) Prevention Guide
Server-Side Template Injection turns template engines into code execution engines. This guide covers SSTI in Jinja2, Twig, Freemarker, and other engines, with detection techniques and layered defenses.