Tag
dependency-vulnerability
Safeguard articles tagged "dependency-vulnerability" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
socket.io-parser denial of service (CVE-2020-28477)
A remote, unauthenticated attacker could crash Socket.IO servers with one malformed packet. Here's the CVE-2020-28477 breakdown and how to fix it.
Jan 4, 20267 min read
Vulnerability Analysis
ansi-regex ReDoS vulnerability (CVE-2021-3807)
CVE-2021-3807 is a ReDoS flaw in the widely-used ansi-regex npm package. Here's the impact, affected versions, CVSS/EPSS context, and how to fix it.
Jan 3, 20268 min read