Lucene search

K
cvelistMitreCVELIST:CVE-2022-48337
HistoryFeb 20, 2023 - 12:00 a.m.

CVE-2022-48337

2023-02-2000:00:00
mitre
www.cve.org
8
gnu emacs
vulnerability
shell metacharacters
etags program
cve-2022-48337

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

74.9%

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the โ€œetags -u *โ€ command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.