Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.
oryginał ENCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XNsa Ghidra
APPNsa< 12.1
Powiązane podatności
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eva...
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML F...
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrate...
Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunct...
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connecti...