supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1045 articles
CVE-2022-29117: Regular expression denial of service in .NET
CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.
CVE-2023-33170: Denial of service in .NET SocketsHttpHandler
A memory-allocation flaw in .NET's SocketsHttpHandler (CVE-2022-23267) let malicious HTTP responses trigger denial of service in HttpClient-based apps.
CVE-2023-36799: Denial of service in .NET Core
CVE-2023-36799 is a denial-of-service flaw in the .NET runtime powering .NET Core-descended apps. Here's what's affected and how to remediate it.
CVE-2024-0056: Security bypass in Microsoft.Data.SqlClient
CVE-2024-0056 lets attackers bypass TLS protections in Microsoft.Data.SqlClient/System.Data.SqlClient. Affected versions, remediation, and masking as defense in depth.
CVE-2024-0057: Certificate validation bypass in .NET X.50...
CVE-2024-0057 lets attackers forge X.509 certificates that bypass .NET's chain validation, risking spoofing in TLS and code-signing flows.
CVE-2018-1285: XXE in Apache log4net
CVE-2018-1285: Apache log4net before 2.0.10 fails to disable external XML entities, enabling XXE attacks via config files. Impact, fix, and detection.
CVE-2020-29652: Denial of service in golang.org/x/crypto/...
A pre-auth nil pointer dereference in golang.org/x/crypto/ssh let a single crafted request crash Go SSH servers. Here's the impact, fix, and remediation path.
What Is a Software Ingredient Label?
Food gets an ingredient panel; software gets an SBOM. What a software ingredient label contains, who is demanding one, and how to generate yours automatically.
How Snyk Container recommends minor, major, and alternati...
A mechanical look at how Snyk Container ranks minor, major, and alternative base image upgrades using vulnerability counts and registry metadata.
How Snyk Container's Base Image filter isolates OS-level ...
How Snyk Container's Base Image filter separates OS-level vulnerabilities from application dependencies, how it identifies base images, and where attribution breaks down.
How Snyk Container scans distroless and minimal (Wolfi-st...
Distroless and Wolfi-style images strip out package managers, breaking traditional scanners. Here's how Snyk Container identifies vulnerable packages anyway.
How Snyk Container integrates with Kubernetes workloads f...
How Snyk Container's Kubernetes integration uses a read-only controller to continuously re-check running workload images as new CVEs are disclosed.