Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

Kubernetes Python client aggregated API vulnerability (CVE-2022-3172)

CVE-2022-3172 lets a rogue aggregated API backend redirect authenticated Kubernetes API traffic, exposing Python client apps to credential theft.

Dec 28, 20257 min read
Vulnerability Analysis

Django str.format denial of service (CVE-2023-41164)

CVE-2023-41164 lets attackers DoS Django apps via a str.format() flaw in uri_to_iri(). Here's what's affected, severity context, and how to fix it.

Dec 28, 20256 min read
Vulnerability Analysis

Django admin ChangeList path traversal (CVE-2021-33203)

CVE-2021-33203 is a staff-only path traversal in Django's admindocs TemplateDetailView. Here's what's affected, its CVSS/EPSS profile, and how to remediate it.

Dec 28, 20257 min read
Vulnerability Analysis

Django QuerySet.explain SQL injection (CVE-2022-28346)

A Django ORM flaw let unvalidated input reach EXPLAIN and annotate() SQL generation. Here's the CVE-2022-28347 impact, fix, and defense playbook.

Dec 27, 20257 min read
Vulnerability Analysis

Django GIS SQL injection (CVE-2020-9402)

CVE-2020-9402 lets attackers inject SQL via Django GIS's tolerance parameter on Oracle. Versions, CVSS/EPSS data, timeline, and fixes inside.

Dec 27, 20257 min read
Vulnerability Analysis

Flask session cookie information disclosure (CVE-2023-30861)

A missing Vary: Cookie header in Flask session handling let shared caches leak one user's session cookie to another. Here's how to detect and fix it.

Dec 27, 20258 min read
Vulnerability Analysis

Werkzeug multipart form-data denial of service (CVE-2019-1010083)

CVE-2019-1010083 lets attackers crash Flask apps via crafted multipart form-data. Here's the CVSS score, timeline, and how to fix the Werkzeug DoS flaw.

Dec 27, 20258 min read
Vulnerability Analysis

Werkzeug multipart parser DoS (CVE-2023-46136)

A crafted multipart upload could pin Werkzeug workers at 100% CPU with no auth required. Here's what CVE-2023-46136 affects and how to fix it.

Dec 26, 20257 min read
Vulnerability Analysis

Jinja2 sandbox escape (CVE-2022-29361)

CVE-2022-29361 lets attackers bypass Jinja2's SandboxedEnvironment via str.format, reaching unsafe attributes and risking RCE in untrusted-template apps.

Dec 26, 20257 min read
Vulnerability Analysis

CVE analysis: nation-state supply chain attacks on defens...

CVE analysis of nation-state supply chain attacks on defense contractors: SolarWinds SUNBURST and Ivanti Connect Secure exploitation, CVSS, KEV, and fixes.

Dec 26, 20258 min read
Vulnerability Analysis

Jinja2 xmlattr filter XSS (CVE-2024-22195)

CVE-2024-22195 lets attacker-controlled dict keys bypass Jinja2's xmlattr escaping for XSS. Learn affected versions, CVSS/EPSS context, and fixes.

Dec 26, 20257 min read
Vulnerability Analysis

Sentry SDK sensitive data exposure (CVE-2021-23727)

CVE-2021-23727 let sentry-sdk for Python leak OS environment variables into Sentry events, exposing secrets. Here's the impact, timeline, and fix.

Dec 26, 20257 min read
vulnerability-analysis (Page 16) — Safeguard Blog