Описание
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.
Отчет
To exploit this flaw, an attacker needs to trick a user into opening a crafted Org mode file from a remote system. For this reason, this flaw has been rated with a Moderate security impact.
Меры по смягчению последствий
Do not open untrusted Org mode files from a remote system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | emacs | Affected | ||
| Red Hat Enterprise Linux 6 | emacs | Out of support scope | ||
| Red Hat Enterprise Linux 7 | emacs | Out of support scope | ||
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2024:6987 | 24.09.2024 |
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2024:6987 | 24.09.2024 |
| Red Hat Enterprise Linux 9 | emacs | Fixed | RHSA-2024:9302 | 12.11.2024 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
In Emacs before 29.3 Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
In Emacs before 29.3, Org mode considers contents of remote files to b ...
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
7.8 High
CVSS3