CVE-2024-39331

June 23, 2024, 10:15 p.m.

Product(s) Impacted

Emacs

  • before 29.4

Org Mode

  • before 9.7.5

Description

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

Weaknesses

Date

Published: June 23, 2024, 10:15 p.m.

Last Modified: June 23, 2024, 10:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References