Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
XXE Vulnerability in JnlpSupport of YAJSW affects Ghidra Server #943
Describe the bug
An insecure way to parse XML input was found in JnlpSupport class from Yet Another Java Service Wrapper used by Ghidra (up to latest version).
More PoC (Available after the fix is confirmed): https://github.com/purpleracc00n/Exploits-and-PoC/blob/master/XXE%20in%20YAJSW%E2%80%99s%20JnlpSupport%20affects%20Ghidra%20Server.md