Lucene search

CVE-2023-27985

🗓️ 09 Mar 2023 06:32:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 76 Views

CVE-2023-27985 in Emacs 28.1-28.2 allows shell command injections via crafted mailto: URI. Fixed in 29.0.9

Reporter	Title	Published	Views	Family All 17
Prion	Command injection	9 Mar 202306:15	–	prion
UbuntuCve	CVE-2023-27985	9 Mar 202300:00	–	ubuntucve
Veracode	Shell Command Injection	12 Mar 202313:34	–	veracode
RedhatCVE	CVE-2023-27985	9 Mar 202312:40	–	redhatcve
Tenable Nessus	CBL Mariner 2.0 Security Update: emacs (CVE-2023-27985)	24 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2023-134)	23 Mar 202300:00	–	nessus
Tenable Nessus	Photon OS 5.0: Emacs PHSA-2023-5.0-0048	24 Jul 202400:00	–	nessus
OSV	CVE-2023-27985	9 Mar 202306:15	–	osv
OSV	OPENSUSE-SU-2024:12777-1 emacs-28.2-3.1 on GA media	15 Jun 202400:00	–	osv
Vulnrichment	CVE-2023-27985	9 Mar 202300:00	–	vulnrichment

Nvd

Node

gnu emacsRange28.1–28.2

Source	Link
gabriel	www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/
git	www.git.savannah.gnu.org/cgit/emacs.git/commit/
openwall	www.openwall.com/lists/oss-security/2023/03/08/2
debbugs	www.debbugs.gnu.org/cgi/bugreport.cgi
openwall	www.openwall.com/lists/oss-security/2023/03/09/1

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Mar 2023 06:15Current

7.3High risk

Vulners AI Score7.3

CVSS37.8

EPSS0.00089

SSVC

CWE-78