Safeguard
Tag

cve-analysis

Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.

134 articles

Vulnerability Analysis

CVE-2022-0235: node-fetch forwards sensitive headers on r...

CVE-2022-0235: node-fetch forwarded cookie and authorization headers across cross-origin redirects. Affected versions, exploitability context, and remediation steps.

Oct 13, 20258 min read
Vulnerability Analysis

CVE-2022-0155: follow-redirects leaks Proxy-Authorization...

CVE-2022-0155: follow-redirects leaked Proxy-Authorization headers across hosts on redirect, exposing proxy credentials via axios and other widely used npm HTTP clients.

Oct 13, 20258 min read
Vulnerability Analysis

CVE-2023-26159: SSRF/credential exposure in follow-redire...

CVE-2023-26159 shows how flawed URL parsing in follow-redirects let attackers trigger SSRF and leak Authorization headers across unintended hosts.

Oct 12, 20257 min read
Vulnerability Analysis

CVE-2020-7676: XSS in vue-template-compiler

CVE-2020-7676 is an XSS flaw in vue-template-compiler (pre-2.6.12) that lets attacker-controlled templates bypass URI sanitization. Impact, fix, and remediation.

Oct 10, 20257 min read
Vulnerability Analysis

CVE-2023-32314: Sandbox escape in vm2

CVE-2023-32314 let attackers escape the vm2 Node.js sandbox for remote code execution. Here's the CVSS 10.0 flaw, affected versions, timeline, and fixes.

Oct 10, 20258 min read
Vulnerability Analysis

CVE-2023-30547: Sandbox escape via Node custom inspect in...

CVE-2023-30547 lets attackers escape the vm2 Node.js sandbox via a crafted custom inspect method, achieving host code execution. Here's the impact, timeline, and fix.

Oct 10, 20258 min read
Vulnerability Analysis

CVE-2022-3517: ReDoS in minimatch pattern matching

CVE-2022-3517 is a high-severity ReDoS flaw in minimatch's glob-to-regex conversion, impacting a huge share of the npm ecosystem's dependency graph.

Oct 9, 20257 min read
Vulnerability Analysis

CVE-2018-14574: Open redirect in Django CommonMiddleware

CVE-2018-14574 let attackers abuse Django CommonMiddleware's APPEND_SLASH redirect to send users to external, attacker-controlled domains.

Oct 9, 20257 min read
Vulnerability Analysis

CVE-2021-33503: ReDoS in urllib3 URL authority parsing

CVE-2021-33503 exposes urllib3 before 1.26.5 to a ReDoS in URL authority parsing, letting attacker URLs exhaust CPU. What to patch and why.

Oct 7, 20257 min read
Vulnerability Analysis

CVE-2020-26137: CRLF injection in urllib3 header handling

CVE-2020-26137 let attackers inject CRLF sequences into urllib3-built HTTP requests. Here's the impact, affected versions, and how to remediate it.

Oct 7, 20257 min read
Application Security

CVE-2021-25287: Buffer overflow in Pillow SGI decoder

A heap buffer overflow in Pillow's SGI image decoder (CVE-2021-25287) let crafted images corrupt memory. Here's the impact, fix, and remediation guidance.

Oct 5, 20258 min read
Application Security

CVE-2021-25288: Buffer overflow in Pillow FLI decoder

CVE-2021-25288 is a buffer overflow in Pillow's FLI decoder, fixed in Pillow 8.1.0. Here's what's affected, the risk profile, and how to remediate.

Oct 5, 20258 min read
cve-analysis (Page 9) — Safeguard Blog