CVE-2024-30205

CWE-494 CWE-3499 documents8 sources

Severity

7.1HIGH

EPSS

0.0%

top 91.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Emacs GNU ORG Mode Debian Debian Linux

Timeline

PublishedMar 25

Latest updateMar 27

Description

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

▶NVDgnu/org_mode< 9.6.23

▶Debianorg-mode< 9.4.0+dfsg-1+deb11u2+2

▶NVDgnu/emacs< 29.3

▶Debianemacs< 1:27.1+1-3.1+deb11u3+3

Also affects: Debian Linux 10.0

Patches

Patch: git.savannah.gnu.org ↗Patch: git.savannah.gnu.org ↗Patch: git.savannah.gnu.org ↗

🔴Vulnerability Details

OSV

CVE-2024-30205: In Emacs before 29↗2024-03-25

▶

CVEList

CVE-2024-30205: In Emacs before 29↗2024-03-25

▶

GHSA

GHSA-vxx9-qwhq-hgf4: In Emacs before 29↗2024-03-25

▶

📋Vendor Advisories

Ubuntu

Org Mode vulnerabilities↗2025-03-27

▶

Ubuntu

Emacs vulnerabilities↗2024-09-19

▶

Red Hat

emacs: Org mode considers contents of remote files to be trusted↗2024-03-25

▶

Microsoft

In Emacs before 29.3 Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.↗2024-03-12

▶

Debian

CVE-2024-30205: emacs - In Emacs before 29.3, Org mode considers contents of remote files to be trusted....↗2024

▶