Lucene search

K
cvelistMitreCVELIST:CVE-2022-48337
HistoryFeb 20, 2023 - 12:00 a.m.

CVE-2022-48337

2023-02-2000:00:00
mitre
www.cve.org
gnu emacs
vulnerability
shell metacharacters
etags program
cve-2022-48337

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the โ€œetags -u *โ€ command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.