Websec Cybersecurity Blog

Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.

Topic: CodeQL

Search Articles

Get the latest cybersecurity insights on LinkedIn or via RSS.

Search Articles

Filter by Topic

Filtering by: Topic: CodeQL

Blog October 3, 2023

A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalation

In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.

# CVE-2015-5198 # Checkmarx # CodeQL # UNIX

Blog May 19, 2022

CVE-2022-21404: Another story of developers fixing vulnerabilities unknowingly because of CodeQL

How CodeQL may help reduce false negatives within Open-Source projects. Taking a look into a deserialization vulnerability within Oracle Helidon (CVE-2022-21404).

# CVE-2022-21404 # CodeQL # Deserialization # Java # Oracle # SnakeYAML # YAML

Websec Cybersecurity Blog

Search Articles

Popular Topics

Follow Us

A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalation

CVE-2022-21404: Another story of developers fixing vulnerabilities unknowingly because of CodeQL