Tag
trojan-source
Safeguard articles tagged "trojan-source" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Application Security
ESLint rules for detecting Trojan Source (bidi Unicode) attacks in JS/TS
A single invisible Unicode character can flip how code executes versus how it reads on screen. Here's how to configure ESLint to catch it.
Jul 16, 20266 min read
Application Security
Trojan Source: how Unicode bidi control characters hide malicious code in plain sight
CVE-2021-42574 scored 8.3 CVSS for a bug that isn't a parser flaw at all — it's Unicode's bidirectional text algorithm, weaponized against code review.
Jul 16, 20266 min read
Vulnerability Analysis
Trojan Source Unicode bidi-override attack (CVE-2021-42574)
CVE-2021-42574 (Trojan Source) lets Unicode bidi control characters hide malicious logic in plain sight during code review. Here's the full breakdown and fix.
Jan 13, 20267 min read