Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra up to and including 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nsa ghidra |