Tag
gadget-chain
Safeguard articles tagged "gadget-chain" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
Jackson-databind gadget chain RCE (CVE-2019-12384)
CVE-2019-12384 lets attacker-controlled JSON trigger a jackson-databind gadget chain via Logback, turning polymorphic deserialization into remote code execution.
Dec 25, 20258 min read
Vulnerability Analysis
Java deserialization gadget chains explained
Java deserialization gadget chains turn trusted classpath libraries into RCE. Learn how they work, key CVEs like CVE-2015-4852, and how to detect them.
Dec 2, 20256 min read