In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
oryginał ENCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HGnu Emacs
APPGnu< 30.1
Powiązane podatności
RCE w GNU Emacs poprzez niebezpieczne rozwinięcie skrótów linków Org Mode
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-c...
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before ...
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode b...
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-ex...