Dalvarezperez

**Name of the Vulnerable Software and Affected Versions** NSA Ghidra versions prior to 9.0.5 **Description** The issue arises when NSA Ghidra is executed from a specific path, causing the Java process working directory to be set to that path. Upon launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra attempts to execute the cmd.exe program from this working directory, potentially using an untrusted search path. **Recommendations** For NSA Ghidra versions prior to 9.0.5, consider updating to version 9.0.5 or later to resolve the issue. As a temporary workaround, avoid launching Ghidra from untrusted paths to minimize the risk of exploitation. Restrict access to the Python interpreter option in Ghidra until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ghidra versions prior to 9.0.2 **Description** The issue arises due to the loading of `jansi.dll` from the current working directory, making it susceptible to DLL hijacking. **Recommendations** For versions prior to 9.0.2, update to version 9.0.2 or later to resolve the issue.