CRITICAL🇵🇱 Wersja polska

CVE-2024-39331

CVSS 9.8v3.1pub. 2024-06-23upd. 2025-04-30

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

🤖 AI Analysis
How it works

The link abbreviation mechanism in Org Mode supports expansions in the %(...) format, which can contain Emacs Lisp function calls. The org-link-expand-abbrev function in lisp/ol.el did not verify whether the called function was safe, allowing embedding functions such as shell-command-to-string in the abbreviation. When a user opens an Org Mode document containing a crafted link, it automatically executes the embedded system command with the Emacs process privileges.

Impact

An attacker can execute arbitrary system commands on the victim's machine, resulting in complete takeover of their session, data theft, and potential privilege escalation.

Mitigation & patch

Update GNU Emacs to version 29.4 or later and Org Mode to version 9.7.5 or later. Debian distribution users should apply updates published in debian-lts-announce in June 2024.

Who is affected

GNU Emacs before version 29.4 and Org Mode before version 9.7.5

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gnu Emacs

    APP
    Gnu
    < 29.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-48337CRITICAL9.8ten sam produkt

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-c...

CVE-2024-53920HIGH7.8ten sam produkt

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code co...

CVE-2024-30205HIGH7.1ten sam produkt

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before ...

CVE-2024-30202HIGH7.8ten sam produkt

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode b...

CVE-2023-2491HIGH7.8ten sam produkt

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-ex...