Impact
When the Ghidra Python Interpreter is first launched on Windows, the underlying Jython library runs cmd.exe /c ver to try to get the current version of Windows. Because cmd.exe is not specified with an absolute path, it is possible to drop a malicious cmd.exe into Ghidra's working directory which will get launched instead.
This Jython issue has been fixed in Jython 2.7.3, which Ghidra 10.2 and later uses.
Upgrading Existing Installation
References
The details of the vulnerability can be found here:
For more information
If you have any additional questions, comments, or concerns about this advisory and how it impacts Ghidra, please do not hesitate to open an issue in the Ghidra project's discussions or issues.
dalvarezperez Analyst
Impact
When the Ghidra Python Interpreter is first launched on Windows, the underlying Jython library runs
cmd.exe /c verto try to get the current version of Windows. Becausecmd.exeis not specified with an absolute path, it is possible to drop a maliciouscmd.exeinto Ghidra's working directory which will get launched instead.This Jython issue has been fixed in Jython 2.7.3, which Ghidra 10.2 and later uses.
Upgrading Existing Installation
References
The details of the vulnerability can be found here:
For more information
If you have any additional questions, comments, or concerns about this advisory and how it impacts Ghidra, please do not hesitate to open an issue in the Ghidra project's discussions or issues.