HIGH🇵🇱 Wersja polska

CVE-2024-53920

CVSS 7.8v3.1pub. 2024-11-27upd. 2025-11-03

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Gnu Emacs

    APP
    Gnu
    < 30.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-39331CRITICAL9.8PL ✓ten sam produkt

RCE w GNU Emacs poprzez niebezpieczne rozwinięcie skrótów linków Org Mode

CVE-2022-48337CRITICAL9.8ten sam produkt

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-c...

CVE-2024-30205HIGH7.1ten sam produkt

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before ...

CVE-2024-30202HIGH7.8ten sam produkt

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode b...

CVE-2023-2491HIGH7.8ten sam produkt

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-ex...

CVE-2024-53920 — Gnu — Emacs — HIGH — CVSS 7.8 | CVEbaza.pl