Описание
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 1:28.2+1-12ubuntu1 |
| esm-apps/focal | released | 1:26.3+1-1ubuntu2+esm1 |
| esm-apps/jammy | released | 1:27.1+1-3ubuntu5.2 |
| esm-apps/noble | not-affected | 1:28.2+1-12ubuntu1 |
| focal | ignored | end of standard support, was needed |
| jammy | released | 1:27.1+1-3ubuntu5.2 |
| kinetic | ignored | end of life, was needed |
| lunar | not-affected | 1:28.2+1-12ubuntu1 |
| mantic | not-affected | 1:28.2+1-12ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 24.5+1-6ubuntu1.1+esm2 |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| esm-infra/bionic | released | 25.2+1-6ubuntu0.1~esm2 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
Показывать по
EPSS
7.8 High
CVSS3
Связанные уязвимости
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has ...
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
EPSS
7.8 High
CVSS3