Описание
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.
Отчет
To exploit this flaw, an attacker needs to trick a user into opening a crafted Org mode file or previewing a crafted email attachment. For this reason, this flaw has been rated with a Moderate security impact.
Меры по смягчению последствий
Do not open Org mode files or preview email attachments from untrusted sources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | emacs | Out of support scope | ||
| Red Hat Enterprise Linux 7 | emacs | Out of support scope | ||
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2024:6987 | 24.09.2024 |
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2024:6987 | 24.09.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | emacs | Fixed | RHSA-2024:4971 | 01.08.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | emacs | Fixed | RHSA-2024:4971 | 01.08.2024 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | emacs | Fixed | RHSA-2024:4971 | 01.08.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | emacs | Fixed | RHSA-2024:6203 | 03.09.2024 |
| Red Hat Enterprise Linux 9 | emacs | Fixed | RHSA-2024:6510 | 09.09.2024 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a % ...
7.8 High
CVSS3