An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HGnu Emacs
APPGnu≤ 28.2
Related vulnerabilities
RCE w GNU Emacs poprzez niebezpieczne rozwinięcie skrótów linków Org Mode
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-c...
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code co...
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before ...
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode b...