The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ROOT 5.18/00 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
6.7AI Score
0.0004EPSS
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution
8.8CVSS
9AI Score
0.002EPSS