remote-code-execution
Safeguard articles tagged "remote-code-execution" — guides, analysis, and best practices for software supply chain and application security.
55 articles
CVE-2017-18342: Arbitrary code execution via PyYAML yaml....
CVE-2017-18342 lets attackers achieve remote code execution via PyYAML's yaml.load(), which deserialized untrusted YAML into live Python objects by default.
CVE-2018-11776: Remote code execution in Apache Struts2 v...
CVE-2018-11776 lets attackers achieve unauthenticated RCE in Apache Struts2 via crafted namespace/OGNL injection. Affected versions, timeline, and fixes.
CVE-2019-0230: OGNL remote code execution in Apache Struts2
CVE-2019-0230 lets attackers chain forced double OGNL evaluation in Struts2 tag attributes into remote code execution. Here's what's affected, the CVSS/EPSS context, and how to remediate it.
CVE-2020-17530: Forced OGNL evaluation RCE in Apache Struts2
CVE-2020-17530 lets attackers achieve unauthenticated RCE in Apache Struts2 via forced OGNL evaluation. Here's the scope, timeline, and how to remediate it.
CVE-2019-0232: Remote code execution in Apache Tomcat CGI...
CVE-2019-0232 lets attackers execute arbitrary commands on Windows-hosted Apache Tomcat via the CGI Servlet. Here's the CVSS 9.8 detail, affected versions, and fixes.
CVE-2022-1471: Remote code execution in SnakeYAML deseria...
CVE-2022-1471 exposes SnakeYAML deserialization to remote code execution. Here is what is affected, CVSS context, and how to remediate the flaw.
CVE-2016-1000027: Remote code execution via Spring HttpIn...
A decade-old flaw in Spring's HttpInvokerServiceExporter enables unauthenticated RCE via Java deserialization. Severity, timeline, and remediation for CVE-2016-1000027.
CVE-2018-1270: Remote code execution in Spring Messaging ...
CVE-2018-1270 is a critical, unauthenticated RCE in Spring Messaging's STOMP-over-WebSocket support. Here's what's affected, how severe it is, and how to remediate it.
CVE-2016-4977: Remote code execution in Spring Security O...
CVE-2016-4977 let attackers achieve remote code execution against Spring Security OAuth's whitelabel views via SpEL injection. Here's what shipped, why, and how to fix it.
CVE-2019-0815: Remote code execution in .NET Core
CVE-2019-0815 is a Microsoft-disclosed remote code execution flaw in .NET Core. Here's what we know about impact, remediation, and supply chain risk.
CVE-2019-0980: .NET Core remote code execution via crafte...
CVE-2019-0980 lets attackers run arbitrary code via a crafted document that abuses how .NET Framework and .NET Core process untrusted input.
CVE-2019-0981: .NET Core remote code execution (second va...
CVE-2019-0981, the second variant of the April 2019 .NET Core RCE pair, let attackers run arbitrary code via a malicious file. Here's what to patch and why.