An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has ...

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

ELSA-2023-3481: emacs security update (MODERATE)

Уязвимость функции hfy-istext-command текстового редактора EMACS, позволяющая нарушителю выполнить произвольный код

Security update for emacs

Security update for emacs

ELSA-2023-7083: emacs security update (MODERATE)

Security update for emacs

Множественные уязвимости emacs

ELSA-2023-2626: emacs security update (IMPORTANT)