Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

CVE-2022-21680: ReDoS in marked via block token regexes

CVE-2022-21680: how a ReDoS in marked's block-tokenizer regexes could let attackers freeze Markdown-rendering services, plus affected versions, fix, and mitigation steps.

Oct 13, 20257 min read
Vulnerability Analysis

CVE-2022-0536: follow-redirects leaks Authorization heade...

CVE-2022-0536 let follow-redirects forward Authorization headers to third-party hosts on cross-domain redirects, exposing tokens and credentials.

Oct 12, 20258 min read
Vulnerability Analysis

CVE-2024-37890: Denial of service in ws WebSocket library

CVE-2024-37890 lets attackers crash Node.js servers running vulnerable ws WebSocket versions with a single crafted request. Here's what's affected and how to fix it.

Oct 12, 20257 min read
Vulnerability Analysis

CVE-2021-3807: ReDoS in ansi-regex

A ReDoS flaw in the widely-depended-on ansi-regex npm package could hang Node.js processes on crafted input. Here's what's affected and how to fix it.

Oct 11, 20257 min read
Vulnerability Analysis

CVE-2022-24999: Prototype pollution / DoS in qs querystri...

CVE-2022-24999 exposes a prototype pollution and denial-of-service flaw in the qs querystring library used across the Node.js ecosystem.

Oct 11, 20257 min read
Vulnerability Analysis

CVE-2021-23364: ReDoS in browserslist

A regex denial of service in browserslist (CVE-2021-23364) could stall Node.js builds via crafted version strings. Here's the fix and how Safeguard catches it.

Oct 11, 20257 min read
Vulnerability Analysis

CVE-2023-37466: Remote code execution via vm2 sandbox escape

A critical vm2 sandbox escape (CVE-2023-37466) lets untrusted JavaScript break out to achieve remote code execution on the host Node.js process.

Oct 10, 20257 min read
Vulnerability Analysis

CVE-2022-3517: ReDoS in minimatch pattern matching

CVE-2022-3517 is a high-severity ReDoS flaw in minimatch's glob-to-regex conversion, impacting a huge share of the npm ecosystem's dependency graph.

Oct 9, 20257 min read
Vulnerability Analysis

CVE-2021-43138: Code injection risk in async npm package

A prototype-pollution flaw in async's iterator functions (CVE-2021-43138) could escalate to code injection. Affected versions, severity, timeline, and remediation steps inside.

Oct 9, 20258 min read
Vulnerability Analysis

CVE-2019-19844: Django password reset token weakness

CVE-2019-19844 let attackers hijack Django accounts by exploiting how case-sensitive email matching broke the base36 password reset token flow.

Oct 9, 20257 min read
Vulnerability Analysis

CVE-2021-33203: Path traversal via Django admindocs

CVE-2021-33203 let authenticated Django staff users traverse outside admindocs' template directory. Here's what's affected, real severity context, and how to remediate.

Oct 8, 20257 min read
Vulnerability Analysis

CVE-2020-9402: SQL injection via Django GIS functions

CVE-2020-9402 let attackers inject SQL through GeoDjango's tolerance parameter on Oracle backends. Here's what's affected, severity context, and how to remediate.

Oct 8, 20259 min read
vulnerability-analysis (Page 26) — Safeguard Blog