cve-analysis
Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.
134 articles
Containers Not Dropping Default Linux Capabilities
Docker grants every container 14 Linux capabilities by default. Here's why NET_RAW, SYS_CHROOT, and friends turn contained compromises into breakouts—and how to drop them safely.
Containers Running in Privileged Mode: Risks and Fixes
Docker's --privileged flag strips seccomp, AppArmor, and capability limits in one line. Here's how attackers exploit it, real CVEs, and how to lock it down.
CVE-2020-8203: Prototype pollution in lodash zipObjectDeep
CVE-2020-8203 lets attackers pollute JavaScript's Object prototype via lodash's zipObjectDeep function, risking DoS or RCE in downstream apps.
CVE-2021-23337: Command injection in lodash template func...
CVE-2021-23337 enables command injection via lodash's template function in versions before 4.17.21. Here's the CVSS context, timeline, and how to remediate it.
CVE-2021-44906: Prototype pollution in minimist
CVE-2021-44906 exposed a prototype pollution flaw in minimist versions before 1.2.6, letting attackers pollute Object.prototype via crafted parser keys.
CVE-2017-16137: ReDoS in debug package
CVE-2017-16137 is a ReDoS flaw in the debug npm package that can hang Node.js apps on crafted input. Here's what's affected and how to fix it.
CVE-2018-3728: Prototype pollution in hoek
CVE-2018-3728 is a prototype pollution flaw in Hoek's merge functions, exposing hapi.js and Joi-based apps to __proto__ injection. Here's the impact, fix, and remediation path.
CVE-2019-11358: Prototype pollution in jQuery $.extend
CVE-2019-11358 lets attackers pollute Object.prototype via jQuery's $.extend() deep merge. Here's the impact, affected versions, and how to fix it.
CVE-2020-28469: ReDoS in glob-parent
CVE-2020-28469 is a ReDoS flaw in glob-parent before 5.1.2 that can hang processes parsing crafted glob strings. Here's the risk, timeline, and fix.
CVE-2018-1000620: ReDoS in marked markdown parser
A ReDoS flaw in the marked Markdown parser (CVE-2018-1000620) let crafted input stall Node.js services. Here's the impact, fix, and how to catch it in your dependency tree.
CVE-2022-21680: ReDoS in marked via block token regexes
CVE-2022-21680: how a ReDoS in marked's block-tokenizer regexes could let attackers freeze Markdown-rendering services, plus affected versions, fix, and mitigation steps.
CVE-2022-21681: Second ReDoS flaw in marked
CVE-2022-21681 is a ReDoS flaw in marked's inline tokenizer that lets crafted Markdown hang parsing. What's affected, severity, and how to remediate.