Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-48339

Опубликовано: 21 фев. 2023
Источник: redhat
CVSS3: 7.8

Описание

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed.

Отчет

This vulnerability is only triggered when a local user introduces untrusted input, via a file or directory with a crafted name. For this reason, this flaw has been rated with a Moderate security impact.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6emacsOut of support scope
Red Hat Enterprise Linux 7emacsFixedRHSA-2023:348106.06.2023
Red Hat Enterprise Linux 8emacsFixedRHSA-2023:708314.11.2023
Red Hat Enterprise Linux 8emacsFixedRHSA-2023:708314.11.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportemacsFixedRHSA-2024:110305.03.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportemacsFixedRHSA-2024:140819.03.2024
Red Hat Enterprise Linux 9emacsFixedRHSA-2023:262609.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-77
https://bugzilla.redhat.com/show_bug.cgi?id=2171989emacs: command injection vulnerability in htmlfontify.el

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-48339

CVSS3: 7.8
ubuntu
больше 2 лет назад

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

nvd логотип

CVE-2022-48339

CVSS3: 7.8
nvd
больше 2 лет назад

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

msrc логотип

CVE-2022-48339

CVSS3: 7.8
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2022-48339

CVSS3: 7.8
debian
больше 2 лет назад

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has ...

github логотип

GHSA-jwxq-f9vm-725g

CVSS3: 9.8
github
больше 2 лет назад

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

7.8 High

CVSS3