Safeguard
Tag

cwe-78

Safeguard articles tagged "cwe-78" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Vulnerability Management

Root cause: CVE-2022-40764, the Snyk CLI command injection

A crafted vendor.json field let attackers run shell commands from inside a security scanner — CVE-2022-40764 shows why CLI tools must never build shell strings.

Jul 12, 20266 min read
Application Security

Command injection in Go: os/exec, exec.Command, and how it still goes wrong

Go's exec.Command never invokes a shell — yet CWE-78 command injection keeps shipping in Go services. Here's exactly how, and how gosec's G204 rule catches it.

Jul 8, 20266 min read
Security Guides

Preventing Command Injection in Go: Allowlists, Argument Safety, and Sandboxing

os/exec keeps the shell out of your way — but user-controlled binaries, flag injection, and PATH tricks still get Go services popped. Here's the prevention playbook, not just the theory.

Jul 2, 20266 min read
Application Security

Command injection in Python: examples and prevention

Python command injection lets attackers run arbitrary OS commands via os.system() or subprocess. Learn how it works, a real CVE, and how to prevent it.

May 22, 20266 min read
Vulnerability Analysis

What is Command Injection

Command injection lets attackers run OS commands through unsanitized input. Learn how it works, real CVEs like Shellshock and PAN-OS, and how to prevent it.

Mar 30, 20267 min read
Vulnerability Analysis

OS command injection explained

OS command injection lets attackers run arbitrary shell commands via unsanitized input. See how it works, real CVEs like PAN-OS 2024, and fixes.

Dec 13, 20256 min read
cwe-78 — Safeguard Blog