Vulnerabilities > NSA > Ghidra > 9.0.3

DATE CVE VULNERABILITY TITLE RISK
2023-01-06 CVE-2023-22671 Command Injection vulnerability in NSA Ghidra
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.
network
low complexity
nsa CWE-77
critical
 9.8
9.8
2019-10-16 CVE-2019-17664 Untrusted Search Path vulnerability in NSA Ghidra
NSA Ghidra through 9.0.4 uses a potentially untrusted search path.
local
nsa CWE-426
4.4
4.4
2019-09-28 CVE-2019-16941 XML Injection (aka Blind XPath Injection) vulnerability in NSA Ghidra
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document.
network
nsa CWE-91
6.8
6.8
2019-07-17 CVE-2019-13623 Path Traversal vulnerability in NSA Ghidra
In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename.
network
nsa CWE-22
6.8
6.8