cwe-78
Safeguard articles tagged "cwe-78" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Root cause: CVE-2022-40764, the Snyk CLI command injection
A crafted vendor.json field let attackers run shell commands from inside a security scanner — CVE-2022-40764 shows why CLI tools must never build shell strings.
Command injection in Go: os/exec, exec.Command, and how it still goes wrong
Go's exec.Command never invokes a shell — yet CWE-78 command injection keeps shipping in Go services. Here's exactly how, and how gosec's G204 rule catches it.
Preventing Command Injection in Go: Allowlists, Argument Safety, and Sandboxing
os/exec keeps the shell out of your way — but user-controlled binaries, flag injection, and PATH tricks still get Go services popped. Here's the prevention playbook, not just the theory.
Command injection in Python: examples and prevention
Python command injection lets attackers run arbitrary OS commands via os.system() or subprocess. Learn how it works, a real CVE, and how to prevent it.
What is Command Injection
Command injection lets attackers run OS commands through unsanitized input. Learn how it works, real CVEs like Shellshock and PAN-OS, and how to prevent it.
OS command injection explained
OS command injection lets attackers run arbitrary shell commands via unsanitized input. See how it works, real CVEs like PAN-OS 2024, and fixes.