Jro-Calif

**Name of the Vulnerable Software and Affected Versions** Ghidra versions prior to 12.1 **Description** An unsafe deserialization issue exists in the client-side Shared-Project RMI connection code, enabling unauthenticated remote code execution. An attacker can create a malicious project file containing a `ghidra://` URL. When this file is opened through the File → Open Project menu, the application deserializes untrusted objects using a Jython 2.7.4 gadget chain—a sequence of executable code fragments—to run arbitrary commands. **Recommendations** Update to version 12.1.

**Name of the Vulnerable Software and Affected Versions** Ghidra versions prior to 12.1 **Description** An authentication bypass exists in the `PKIAuthenticationModule.authenticate()` function. This issue allows any user possessing a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Successful exploitation can lead to privilege escalation, modification of repository access controls, exfiltration of shared reverse engineering databases, and permanent compromise of server integrity. **Recommendations** Update to version 12.1 or later. As a temporary workaround, restrict the use of the `PKIAuthenticationModule.authenticate()` function until the update is applied.