Allele Security Alert
Uncontrolled Search Path Element when executing CMD
National Security Agency (NSA)
NSA Ghidra versions up to and including 9.1
Proof of concept
When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the “Ghidra Codebrowser > Window > Python” option, Ghidra will try to execute the cmd.exe program from this working directory.
Uncontrolled Search Path Element when executing CMD. #107
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 21, 2019