First published: Wed Oct 16 2019(Updated: )
NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to execute the cmd.exe program from this working directory.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
NSA Ghidra | <=9.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.