Количество 10
Количество 10
CVE-2022-48338
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
CVE-2022-48338
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
CVE-2022-48338
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
CVE-2022-48338
CVE-2022-48338
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, th ...
GHSA-hm6m-2xg8-mc5q
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
BDU:2024-06035
Уязвимость функции ruby-find-library-file текстового редактора EMACS, связанная с неправильной нейтрализацией специальных элементов, используемых в команде, позволяющая нарушителю выполнить произвольный код
SUSE-SU-2023:0598-1
Security update for emacs
ELSA-2023-2626
ELSA-2023-2626: emacs security update (IMPORTANT)
ROS-20240806-06
Множественные уязвимости emacs
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-48338 An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | CVSS3: 7.3 | 0% Низкий | почти 3 года назад |
 | CVE-2022-48338 An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | CVSS3: 7.3 | 0% Низкий | почти 3 года назад |
 | CVE-2022-48338 An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | CVSS3: 7.3 | 0% Низкий | почти 3 года назад |
 | CVSS3: 7.3 | 0% Низкий | почти 3 года назад | |
| CVE-2022-48338 An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, th ... | CVSS3: 7.3 | 0% Низкий | почти 3 года назад |
| GHSA-hm6m-2xg8-mc5q An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | CVSS3: 9.8 | 0% Низкий | почти 3 года назад |
 | BDU:2024-06035 Уязвимость функции ruby-find-library-file текстового редактора EMACS, связанная с неправильной нейтрализацией специальных элементов, используемых в команде, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.3 | 0% Низкий | почти 3 года назад |
 | SUSE-SU-2023:0598-1 Security update for emacs | почти 3 года назад | ||
| ELSA-2023-2626 ELSA-2023-2626: emacs security update (IMPORTANT) | больше 2 лет назад | ||
 | ROS-20240806-06 Множественные уязвимости emacs | CVSS3: 9.8 | больше 1 года назад |
Уязвимостей на страницу