CVE-2024-39331

Published: Jun 23, 2024

Modified: Aug 22, 2024

PUBLISHED

Description

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29

https://list.orgmode.org/87sex5gdqc.fsf%40localhost/

https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html

https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8

https://www.openwall.com/lists/oss-security/2024/06/23/1

https://www.openwall.com/lists/oss-security/2024/06/23/2

https://news.ycombinator.com/item?id=40768225

[debian-lts-announce] 20240629 [SECURITY] [DLA 3848-1] org-mode security update

mailing-list

[debian-lts-announce] 20240629 [SECURITY] [DLA 3849-1] org-mode security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-39331

Description

Affected Products

References