CVE-2020-6958

Published January 14th, 2020

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

6.4

MEDIUM

Affected

PROJECT

Description

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

NationalSecurityAgency/ghidra

Ghidra is a software reverse engineering (SRE) framework

GitHub

69.6K