CVE-2024-39331

CWE-94Code InjectionCWE-959 documents8 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 36.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Emacs
Timeline
PublishedJun 23
Latest updateMar 27

Description

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDgnu/emacs< 29.4
Debianemacs< 1:27.1+1-3.1+deb11u5+3
Debianorg-mode< 9.4.0+dfsg-1+deb11u3+2

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-hp3p-7892-f222: In Emacs before 292024-06-24
CVEList
CVE-2024-39331: In Emacs before 292024-06-23
OSV
CVE-2024-39331: In Emacs before 292024-06-23

📋Vendor Advisories

5
Ubuntu
Org Mode vulnerabilities2025-03-27
Ubuntu
Emacs vulnerabilities2024-09-19
Red Hat
emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code2024-06-23
Microsoft
In Emacs before 29.4 org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function such as shell-command-to-string. This affects Org Mode before 9.7.5.2024-06-11
Debian
CVE-2024-39331: emacs - In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link...2024
CVE-2024-39331 (CRITICAL CVSS 9.8) | In Emacs before 29.4 | cvebase.io