Attilaszia

**Name of the Vulnerable Software and Affected Versions** NSA Ghidra versions 10.2.2 and earlier **Description** The issue arises from the Ghidra/RuntimeScripts/Linux/support/launch.sh script in NSA Ghidra, which passes user-provided input into `eval`, leading to command injection when `analyzeHeadless` is called with untrusted input. **Recommendations** For NSA Ghidra versions 10.2.2 and earlier, consider disabling the `analyzeHeadless` function when dealing with untrusted input until a patch is available. Restrict access to the `launch.sh` script to minimize the risk of exploitation. Avoid using untrusted input when calling `analyzeHeadless` to prevent command injection.