CVE-2024-39331

June 23, 2024, 10:15 p.m.

Tags

cve@mitre.org
2024-06-23
CVE-2024-39331

Product(s) Impacted

Emacs

  • before 29.4

Org Mode

  • before 9.7.5

Description

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

Weaknesses

Date

Published: June 23, 2024, 10:15 p.m.

Last Modified: June 23, 2024, 10:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
cve@mitre.org
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8
cve@mitre.org
https://list.orgmode.org/87sex5gdqc.fsf%40localhost/
cve@mitre.org
https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html
cve@mitre.org
https://news.ycombinator.com/item?id=40768225
cve@mitre.org
https://www.openwall.com/lists/oss-security/2024/06/23/1
cve@mitre.org
https://www.openwall.com/lists/oss-security/2024/06/23/2
cve@mitre.org