Описание
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
Ссылки
- Release Notes
- Mailing ListPatch
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Release Notes
- Mailing ListPatch
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
Уязвимые конфигурации
Конфигурация 1Версия до 29.4 (исключая)
cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00903
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.8
ubuntu
12 месяцев назад
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
CVSS3: 7.8
redhat
12 месяцев назад
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
CVSS3: 9.8
debian
12 месяцев назад
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a % ...
EPSS
Процентиль: 75%
0.00903
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94