Safeguard
Tag

command-injection

Safeguard articles tagged "command-injection" — guides, analysis, and best practices for software supply chain and application security.

23 articles

Vulnerability Analysis

What is Command Injection

Command injection lets attackers run OS commands through unsanitized input. Learn how it works, real CVEs like Shellshock and PAN-OS, and how to prevent it.

Mar 30, 20267 min read
Vulnerability Analysis

systeminformation npm package command injection (CVE-2021-21315)

A critical command injection flaw in the systeminformation npm package (CVE-2021-21315) let attackers run OS commands via unsanitized shell calls. Here's the full breakdown.

Jan 12, 20268 min read
Vulnerability Analysis

Python mailcap insecure shell command construction (CVE-2015-20107)

Python mailcap shell injection (CVE-2015-20107) lets attackers run arbitrary commands via unescaped filenames. Here is how to detect and fix it.

Dec 29, 20258 min read
Vulnerability Analysis

OS command injection explained

OS command injection lets attackers run arbitrary shell commands via unsanitized input. See how it works, real CVEs like PAN-OS 2024, and fixes.

Dec 13, 20256 min read
Open Source Security

Go's 'go get' Remote Code Execution via Crafted Import Pa...

A deep dive into CVE-2018-16873, the Go 'go get' remote code execution vulnerability caused by crafted import paths and command injection in DVCS fetches.

Nov 30, 20258 min read
Vulnerability Analysis

Git Argument Injection via Crafted SSH URL (CVE-2017-1000...

CVE-2017-1000117 let a malicious repo run code on anyone who cloned it via a crafted ssh:// URL. Impact, affected Git versions, CVSS, and fixes.

Nov 28, 20258 min read
Vulnerability Analysis

CVE-2021-23337: Command injection in lodash template func...

CVE-2021-23337 enables command injection via lodash's template function in versions before 4.17.21. Here's the CVSS context, timeline, and how to remediate it.

Oct 16, 20257 min read
Vulnerability Analysis

Zyxel Router Command Injection: CVE-2024-40891 Exploited in the Wild

Threat actors began mass-exploiting a Telnet-based command injection flaw in Zyxel CPE routers, with over 1,500 devices compromised in botnet campaigns. Zyxel initially refused to patch.

Feb 4, 20255 min read
Vulnerability Analysis

Palo Alto Expedition CVE-2024-9463: Command Injection in Migration Tool

Critical command injection vulnerabilities in Palo Alto Networks Expedition tool exposed firewall credentials and configurations, with CISA confirming active exploitation in November 2024.

Nov 7, 20246 min read
AppSec

Modern Command Injection Prevention: Beyond the Basics

Command injection remains in the OWASP Top 10 because developers keep making the same mistakes with new tools. Here is a modern prevention guide covering containers, serverless, and CI/CD.

Apr 5, 20236 min read
Vulnerability Analysis

Zyxel Firewall CVE-2022-30525: Unauthenticated Command Injection in Your Perimeter Defense

CVE-2022-30525 gave attackers unauthenticated OS command injection on Zyxel firewalls. The irony of a firewall being the weakest point in your network security.

May 12, 20226 min read
command-injection (Page 2) — Safeguard Blog