Описание
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
A flaw was found in Emacs. Arbitrary Lisp code can be evaluated when an Org mode file is opened or when the Org mode is being enabled, resulting in arbitrary code execution.
Отчет
The Emacs package, as shipped in Red Hat Enterprise Linux 8 and 9, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of Emacs. To exploit this flaw, an attacker needs to trick a user into opening a crafted Org mode file. For this reason, this flaw has been rated with a Moderate security impact.
Меры по смягчению последствий
Do not open Org mode files from untrusted sources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | emacs | Affected | ||
| Red Hat Enterprise Linux 6 | emacs | Out of support scope | ||
| Red Hat Enterprise Linux 7 | emacs | Out of support scope | ||
| Red Hat Enterprise Linux 8 | emacs | Not affected | ||
| Red Hat Enterprise Linux 9 | emacs | Not affected |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turn ...
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
7.8 High
CVSS3