Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

cross-spawn ReDoS vulnerability (CVE-2024-21538)

CVE-2024-21538 is a ReDoS flaw in the widely-used cross-spawn npm package. Learn the impact, CVSS/EPSS context, and how to remediate it.

Jan 1, 20267 min read
Vulnerability Analysis

Express.js open redirect vulnerability (CVE-2024-29041)

CVE-2024-29041 lets attackers weaponize Express.js redirects for phishing. See affected versions, CVSS/EPSS data, and how to remediate fast.

Jan 1, 20267 min read
Vulnerability Analysis

http-cache-semantics ReDoS vulnerability (CVE-2022-25881)

CVE-2022-25881 lets attacker-influenced HTTP responses trigger catastrophic regex backtracking in http-cache-semantics, hanging Node.js services. Here's how to detect and fix it.

Jan 1, 20267 min read
Vulnerability Analysis

Python requests library proxy-auth credential leak (CVE-2023-32681)

CVE-2023-32681 lets Python's requests library leak Proxy-Authorization credentials to destination servers on HTTPS redirects. Here's the impact, timeline, and fix.

Dec 31, 20258 min read
Vulnerability Analysis

urllib3 regular expression denial of service (CVE-2021-33503)

A deep dive into CVE-2021-33503, the urllib3 ReDoS flaw in Python's core HTTP library, its real-world exposure, and how to remediate it.

Dec 31, 20257 min read
Vulnerability Analysis

urllib3 cookie/auth header leak on cross-origin redirect (CVE-2023-43804)

CVE-2023-43804 lets urllib3 leak Cookie headers on cross-origin redirects. See affected versions, severity context, and how to remediate fast.

Dec 30, 20257 min read
Vulnerability Analysis

PyYAML full_load unsafe deserialization arbitrary code execution (CVE-2020-14343)

CVE-2020-14343 shows PyYAML's full_load/FullLoader "safe" fix was incomplete, enabling arbitrary code execution. Here's the fix and how to detect exposure.

Dec 30, 20257 min read
Vulnerability Analysis

IPython crafted directory code execution (CVE-2022-21699)

CVE-2022-21699 lets attackers plant crafted profile files in shared directories, triggering silent code execution when victims launch IPython or Jupyter sessions.

Dec 30, 20258 min read
Vulnerability Analysis

Python urllib.parse NFKC normalization blocklist bypass (CVE-2023-24329)

CVE-2023-24329 let attackers bypass URL blocklists via leading blank characters in Python's urllib.parse, enabling SSRF and filter evasion.

Dec 29, 20257 min read
Vulnerability Analysis

Python mailcap insecure shell command construction (CVE-2015-20107)

Python mailcap shell injection (CVE-2015-20107) lets attackers run arbitrary commands via unescaped filenames. Here is how to detect and fix it.

Dec 29, 20258 min read
Vulnerability Analysis

Python tarfile extraction path traversal, the 15-year-old flaw (CVE-2007-4559)

CVE-2007-4559, a path traversal flaw in Python's tarfile module, still lurks in hundreds of thousands of repos. Here's the impact, timeline, and fix.

Dec 29, 20258 min read
Vulnerability Analysis

Python email module address-parsing confusion (CVE-2023-27043)

CVE-2023-27043 shows how a Python email-parsing quirk lets attackers spoof trusted domains and bypass allowlist-based access controls silently.

Dec 28, 20259 min read
vulnerability-analysis (Page 15) — Safeguard Blog