Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Vulnerability Analysis

CVE-2020-11022: XSS in jQuery via htmlPrefilter

CVE-2020-11022 lets attacker-controlled HTML bypass sanitization via jQuery's htmlPrefilter, enabling XSS in versions before 3.5.0. Impact, timeline, and fixes.

Oct 15, 20257 min read
Vulnerability Analysis

CVE-2020-11023: XSS in jQuery option/script tag handling

CVE-2020-11023 let untrusted HTML with option tags bypass sanitization in jQuery's DOM methods, enabling XSS. Here's the fix, timeline, and remediation.

Oct 15, 20258 min read
Vulnerability Analysis

CVE-2015-9251: jQuery cross-domain AJAX XSS

CVE-2015-9251 lets attackers exploit jQuery's cross-domain AJAX handling to run arbitrary script. Learn affected versions, risk context, and fixes.

Oct 15, 20257 min read
Vulnerability Analysis

CVE-2022-21681: Second ReDoS flaw in marked

CVE-2022-21681 is a ReDoS flaw in marked's inline tokenizer that lets crafted Markdown hang parsing. What's affected, severity, and how to remediate.

Oct 13, 20256 min read
Vulnerability Analysis

CVE-2024-37890: Denial of service in ws WebSocket library

CVE-2024-37890 lets attackers crash Node.js servers running vulnerable ws WebSocket versions with a single crafted request. Here's what's affected and how to fix it.

Oct 12, 20257 min read
Vulnerability Analysis

CVE-2021-3807: ReDoS in ansi-regex

A ReDoS flaw in the widely-depended-on ansi-regex npm package could hang Node.js processes on crafted input. Here's what's affected and how to fix it.

Oct 11, 20257 min read
Vulnerability Analysis

CVE-2022-24999: Prototype pollution / DoS in qs querystri...

CVE-2022-24999 exposes a prototype pollution and denial-of-service flaw in the qs querystring library used across the Node.js ecosystem.

Oct 11, 20257 min read
Vulnerability Analysis

CVE-2023-37466: Remote code execution via vm2 sandbox escape

A critical vm2 sandbox escape (CVE-2023-37466) lets untrusted JavaScript break out to achieve remote code execution on the host Node.js process.

Oct 10, 20257 min read
Vulnerability Analysis

CVE-2019-19844: Django password reset token weakness

CVE-2019-19844 let attackers hijack Django accounts by exploiting how case-sensitive email matching broke the base36 password reset token flow.

Oct 9, 20257 min read
Vulnerability Analysis

CVE-2021-33203: Path traversal via Django admindocs

CVE-2021-33203 let authenticated Django staff users traverse outside admindocs' template directory. Here's what's affected, real severity context, and how to remediate.

Oct 8, 20257 min read
Vulnerability Analysis

CVE-2018-6188: User enumeration in Django password reset

A timing difference in Django password resets let attackers confirm valid emails via response latency. CVE-2018-6188 impact, fix versions, and remediation.

Oct 8, 20258 min read
Vulnerability Analysis

CVE-2023-32681: requests leaks Proxy-Authorization on red...

A malicious proxy could capture Proxy-Authorization credentials from Python's requests library when redirects crossed to HTTPS, before v2.31.0.

Oct 7, 20258 min read
software-supply-chain (Page 32) — Safeguard Blog