In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HGnu Emacs
APPGnu< 29.3Gnu Org Mode
APPGnu< 9.6.23
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
Related vulnerabilities
CVE-2024-39331CRITICAL9.8PL ✓ten sam produkt
RCE w GNU Emacs poprzez niebezpieczne rozwinięcie skrótów linków Org Mode
CVE-2022-48337CRITICAL9.8ten sam produkt
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-c...
CVE-2024-53920HIGH7.8ten sam produkt
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code co...
CVE-2024-30205HIGH7.1ten sam produkt
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before ...
CVE-2023-2491HIGH7.8ten sam produkt
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-ex...