First published: Fri Jan 06 2023(Updated: )
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
NSA Ghidra | <=10.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.