Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

CVE-2024-21626: runc process.cwd Container Breakout Deep ...

A technical breakdown of CVE-2024-21626, the runc process.cwd() flaw enabling container breakout to host access, with detection and remediation guidance.

Oct 28, 20257 min read
Vulnerability Analysis

Log4Shell (CVE-2021-44228) Deep Dive: JNDI Injection in L...

Log4Shell (CVE-2021-44228) let attackers achieve remote code execution via a single logged string. A deep dive into the JNDI flaw, its impact, and remediation.

Oct 28, 20258 min read
Vulnerability Analysis

Spring4Shell (CVE-2022-22965) Deep Dive: RCE via Data Bin...

A technical breakdown of Spring4Shell (CVE-2022-22965): the data-binding RCE, affected Spring/Tomcat configurations, severity, timeline, and how to remediate and detect exposure.

Oct 27, 20257 min read
Concepts

What Is OSV (Open Source Vulnerabilities)?

OSV is an open, ecosystem-native vulnerability database that expresses affected versions in precise, machine-matchable ranges. Here is how it works and why scanners rely on it.

Oct 21, 20256 min read
Industry Analysis

Secure Random Number Generation in PHP with random_bytes

PHP's mt_rand() has a 32-bit seed space attackers can crack in seconds. Here's why random_bytes() and random_int() replaced it in PHP 7.0, and how weak randomness still causes breaches.

Oct 19, 20257 min read
Vulnerability Analysis

CVE-2018-16487: Prototype pollution in lodash via merge/m...

CVE-2018-16487 let attackers pollute Object.prototype through lodash's merge, mergeWith, and defaultsDeep — a bypass of an earlier fix, patched in 4.17.11.

Oct 17, 20257 min read
Vulnerability Analysis

CVE-2019-11358: Prototype pollution in jQuery $.extend

CVE-2019-11358 lets attackers pollute Object.prototype via jQuery's $.extend() deep merge. Here's the impact, affected versions, and how to fix it.

Oct 15, 20257 min read
Vulnerability Analysis

CVE-2020-11022: XSS in jQuery via htmlPrefilter

CVE-2020-11022 lets attacker-controlled HTML bypass sanitization via jQuery's htmlPrefilter, enabling XSS in versions before 3.5.0. Impact, timeline, and fixes.

Oct 15, 20257 min read
Vulnerability Analysis

CVE-2020-11023: XSS in jQuery option/script tag handling

CVE-2020-11023 let untrusted HTML with option tags bypass sanitization in jQuery's DOM methods, enabling XSS. Here's the fix, timeline, and remediation.

Oct 15, 20258 min read
Vulnerability Analysis

CVE-2015-9251: jQuery cross-domain AJAX XSS

CVE-2015-9251 lets attackers exploit jQuery's cross-domain AJAX handling to run arbitrary script. Learn affected versions, risk context, and fixes.

Oct 15, 20257 min read
Vulnerability Analysis

CVE-2020-7729: Command injection in node-notifier

CVE-2020-7729 lets attacker-influenced input reach node-notifier's OS notifier calls, enabling command injection. Here's the impact, timeline, and fix.

Oct 14, 20257 min read
Vulnerability Analysis

CVE-2021-23343: ReDoS in path-parse

CVE-2021-23343 is a ReDoS vulnerability in path-parse before 1.0.7 that lets crafted path strings stall Node.js apps. Here's how it works and how to fix it.

Oct 14, 20257 min read
vulnerability-analysis (Page 25) — Safeguard Blog