HIGH🇵🇱 Wersja polska

CVE-2022-48339

CVSS 7.8v3.1pub. 2023-02-20upd. 2025-03-18

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Gnu Emacs

    APP
    Gnu
    ≤ 28.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-39331CRITICAL9.8PL ✓ten sam produkt

RCE w GNU Emacs poprzez niebezpieczne rozwinięcie skrótów linków Org Mode

CVE-2022-48337CRITICAL9.8ten sam produkt

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-c...

CVE-2024-53920HIGH7.8ten sam produkt

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code co...

CVE-2024-30205HIGH7.1ten sam produkt

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before ...

CVE-2024-30202HIGH7.8ten sam produkt

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode b...