Safeguard
Tag

java-security

Safeguard articles tagged "java-security" — guides, analysis, and best practices for software supply chain and application security.

83 articles

Vulnerability Analysis

Jackson-databind Polymorphic Deserialization Gadget (CVE-2019-12384) Explained

CVE-2019-12384 chained a logback gadget with H2's RUNSCRIPT to turn default typing into code execution. Here's the mechanism, the classpath caveat, and how to fix it for good.

Jul 3, 20265 min read
Application Security

10 Java security best practices

10 Java security best practices security teams should enforce across dependency management, deserialization, injection, secrets, and build pipelines.

May 27, 20267 min read
Application Security

10 Spring Boot security best practices

Ten concrete Spring Boot security practices, with real CVEs, config flags, and file paths, to close the gaps attackers actually exploit.

May 25, 20267 min read
Application Security

A guide to input validation with Spring Boot

Spring Boot doesn't validate input by default. Here's how Bean Validation actually works, where teams get it wrong, and how missing validation leads to injection and mass assignment.

May 25, 20266 min read
Application Security

Fixing vulnerabilities in Maven projects

Maven vulnerability remediation isn't just running mvn versions:use-latest — here's how to triage, patch, and verify fixes without breaking builds.

May 22, 20266 min read
Application Security

Fixing vulnerabilities in Gradle projects

Gradle's resolved dependency graph rarely matches build.gradle. Here's how to find, force-fix, and lock vulnerable transitive dependencies for good.

May 22, 20266 min read
Vulnerability Analysis

Spring4Shell RCE vulnerability explained CVE-2022-22965

CVE-2022-22965 (Spring4Shell) lets attackers achieve unauthenticated RCE on Spring MVC/Tomcat apps. Here's the CVSS/EPSS/KEV data, timeline, and fixes.

May 7, 20267 min read
Vulnerability Analysis

Text4Shell RCE in Apache Commons Text CVE-2022-42889

CVE-2022-42889 (Text4Shell) is a 9.8-severity RCE in Apache Commons Text 1.5-1.9. Learn affected versions, timeline, and remediation steps.

May 6, 20267 min read
Vulnerability Analysis

Log4Shell remediation cheat sheet

A practical, no-fluff Log4Shell remediation cheat sheet: affected versions, CVSS/EPSS/KEV context, timeline, and the exact steps to close CVE-2021-44228.

May 6, 20267 min read
Vulnerability Analysis

Unsafe deserialization in SnakeYAML CVE-2022-1471

CVE-2022-1471 lets attackers achieve RCE via SnakeYAML's unsafe Constructor. Learn affected versions, CVSS/EPSS context, and remediation steps.

May 6, 20267 min read
Application Security

How to prevent log injection vulnerabilities in Java

Log injection let attackers turn Log4j logging calls into remote code execution in 2021. Here's how CWE-117 works in Java and how to stop it.

May 2, 20266 min read
Industry Analysis

162 vulnerabilities disclosed in Java's top 10 libraries

Safeguard's H1 2026 analysis found 162 CVEs across Java's ten most-downloaded libraries, with critical RCE risk concentrated in Tomcat and Spring.

Apr 24, 20267 min read
java-security (Page 2) — Safeguard Blog