Safeguard
Tag

remote-code-execution

Safeguard articles tagged "remote-code-execution" — guides, analysis, and best practices for software supply chain and application security.

55 articles

Vulnerability Analysis

Shellshock Bash environment variable RCE (CVE-2014-6271)

A 2014 parsing flaw in Bash's function-export handling let attackers run arbitrary commands via environment variables — and it's still exploited today.

Jan 15, 20268 min read
Vulnerability Analysis

Struts2 REST plugin XStream deserialization RCE (CVE-2017-9805)

CVE-2017-9805 lets attackers RCE Struts2 REST APIs via unsafe XStream XML deserialization. Learn impact, affected versions, and remediation steps.

Jan 11, 20267 min read
Vulnerability Analysis

Apache Commons Collections deserialization gadget RCE (CVE-2015-7501)

A decade-old Apache Commons Collections deserialization gadget chain still enables unauthenticated RCE across legacy Java middleware. Here's how to find and fix it.

Jan 11, 20268 min read
Vulnerability Analysis

H2 database console remote code execution (CVE-2021-42392)

CVE-2021-42392 lets attackers trigger RCE in H2's console and JDBC URL handling via a Log4Shell-style JNDI gadget. Here's what's affected and how to fix it.

Dec 24, 20257 min read
Vulnerability Analysis

Apache Solr XXE remote code execution (CVE-2017-12629)

CVE-2017-12629 chains XXE and Solr's RunExecutableListener into unauthenticated RCE. Affected versions, timeline, and concrete remediation steps.

Dec 22, 20257 min read
Vulnerability Analysis

Insecure deserialization vulnerabilities explained

Insecure deserialization vulnerabilities let attackers turn trusted classes into gadget chains for RCE. See real CVEs, affected languages, and fixes.

Dec 13, 20256 min read
Vulnerability Analysis

Server-side template injection (SSTI) explained

SSTI lets attackers turn template syntax into server-side RCE. See how it works, real CVEs like Confluence's, and how to prevent it.

Dec 10, 20257 min read
Open Source Security

CocoaPods Trunk Server Remote Code Execution (CVE-2024-38...

CVE-2024-38366 exposed a critical remote code execution flaw in the CocoaPods trunk server, threatening the iOS dependency supply chain for years undetected.

Nov 29, 20257 min read
Vulnerability Analysis

Git Remote Code Execution via Malicious .gitmodules Submo...

CVE-2018-11235 let a malicious .gitmodules file hijack Git submodule checkout, executing arbitrary code via post-checkout hooks on clone.

Nov 28, 20257 min read
DevSecOps

Jenkins Remote Code Execution via Groovy Metaclass (CVE-2...

CVE-2016-0792 let attackers bypass Jenkins' deserialization blacklist using Groovy's metaclass to achieve unauthenticated remote code execution via the CLI.

Nov 26, 20259 min read
Vulnerability Analysis

Nexus Repository Manager 3 Remote Code Execution (CVE-202...

CVE-2020-10199 is a critical Java EL injection flaw in Sonatype Nexus Repository Manager 3 letting authenticated users achieve remote code execution.

Nov 23, 20257 min read
Vulnerability Analysis

CVE-2023-37466: Remote code execution via vm2 sandbox escape

A critical vm2 sandbox escape (CVE-2023-37466) lets untrusted JavaScript break out to achieve remote code execution on the host Node.js process.

Oct 10, 20257 min read
remote-code-execution (Page 3) — Safeguard Blog