Tag
cwe-88
Safeguard articles tagged "cwe-88" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Application Security
Argument injection in Git and Mercurial CLI wrappers
A branch name like --upload-pack=/bin/sh isn't a string to Git — it's a flag. CVE-2017-1000117 and CVE-2017-1000116 show why that distinction matters.
Jul 10, 20266 min read
Vulnerability Analysis
Argument injection vulnerabilities explained
How argument injection (CWE-88) vulnerabilities work, real CVEs like PHPMailer and Git ssh URLs, and how teams detect and prevent CWE-88 flaws.
Dec 1, 20257 min read