CVE-2024-30202

CWE-94Code InjectionCWE-959 documents8 sources
Severity
7.8HIGH
EPSS
0.1%
top 83.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU EmacsGNU ORG Mode
Timeline
PublishedMar 25
Latest updateMar 27

Description

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDgnu/org_mode< 9.6.23
Debianorg-mode< 9.6.23+dfsg-1+1
NVDgnu/emacs< 29.3
Debianemacs< 1:28.2+1-15+deb12u1+2

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

4
OSV
org-mode vulnerabilities2025-03-27
GHSA
GHSA-8r8f-v2fj-h7cp: In Emacs before 292024-03-25
CVEList
CVE-2024-30202: In Emacs before 292024-03-25
OSV
CVE-2024-30202: In Emacs before 292024-03-25

📋Vendor Advisories

4
Ubuntu
Org Mode vulnerabilities2025-03-27
Red Hat
emacs: arbitrary Lisp code is evaluated as part of turning on Org mode2024-03-25
Microsoft
In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.2024-03-12
Debian
CVE-2024-30202: emacs - In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org...2024
CVE-2024-30202 (HIGH CVSS 7.8) | In Emacs before 29.3 | cvebase.io