Описание
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
A flaw was found in the Emacs text editor. A crafted mailto URI, when opened with emacsclient-mail.desktop, can result in Emacs Lisp code injection.
Отчет
The emacsclient-mail.desktop file is not distributed in Red Hat Enterprise Linux 6, 7, 8 and 9. Therefore, Red Hat Enterprise Linux is not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | emacs | Not affected | ||
| Red Hat Enterprise Linux 7 | emacs | Not affected | ||
| Red Hat Enterprise Linux 8 | emacs | Not affected | ||
| Red Hat Enterprise Linux 9 | emacs | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to E ...
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.
EPSS
7.8 High
CVSS3