Lucene search
MitreCVELIST:CVE-2024-39331HistoryJun 23, 2024 - 12:00 a.m.
CVE-2024-39331
2024-06-2300:00:00
mitre
www.cve.org
6
emacs
org-link-expand-abbrev
vulnerability
unsafe function
org mode
EPSS
0
Percentile
10.4%
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(…) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
References
git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8
list.orgmode.org/87sex5gdqc.fsf%40localhost/
lists.debian.org/debian-lts-announce/2024/06/msg00023.html
lists.debian.org/debian-lts-announce/2024/06/msg00024.html
lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html
news.ycombinator.com/item?id=40768225
www.openwall.com/lists/oss-security/2024/06/23/1
www.openwall.com/lists/oss-security/2024/06/23/2
Related
nessus
nessus
Debian dla-3848 : elpa-org - security update
2024-06-29 00:00:00
Photon OS 4.0: Emacs PHSA-2024-4.0-0650
2024-07-24 00:00:00
AlmaLinux 9 : emacs (ALSA-2024:6510)
2024-09-11 00:00:00
almalinux
almalinux
Moderate: emacs security update
2024-09-09 00:00:00
Moderate: emacs security update
2024-09-24 00:00:00
redhat
redhat
(RHSA-2024:6510) Moderate: emacs security update
2024-09-09 18:02:20
(RHSA-2024:6203) Moderate: emacs security update
2024-09-03 07:15:05
(RHSA-2024:4971) Moderate: emacs security update
2024-08-01 07:42:32
osv
osv
emacs - security update
2024-06-29 00:00:00
CVE-2024-39331
2024-06-23 22:15:09
Security update for emacs
2024-07-03 15:04:01
openvas
openvas
Debian: Security Advisory (DLA-3848-1)
2024-07-01 00:00:00
Debian: Security Advisory (DSA-5719-1)
2024-07-01 00:00:00
Fedora: Security Advisory (FEDORA-2024-a3fecfab32)
2024-08-06 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: emacs-29.4-2.fc39
2024-07-02 01:24:00
[SECURITY] Fedora 40 Update: emacs-29.4-3.fc40
2024-06-28 01:59:29
cbl_mariner
cbl_mariner
CVE-2024-39331 affecting package emacs for versions less than 29.4-1
2024-07-22 23:01:50
CVE-2024-39331 affecting package emacs for versions less than 29.4-1
2024-08-05 03:22:58
redhatcve
redhatcve
CVE-2024-39331
2024-06-24 13:53:33
redos
redos
ROS-20240716-03
2024-07-16 00:00:00
cve
cve
CVE-2024-39331
2024-06-23 22:15:09
gentoo
gentoo
Emacs, org-mode: Command Execution Vulnerability
2024-09-22 00:00:00
oraclelinux
oraclelinux
emacs security update
2024-09-09 00:00:00
emacs security update
2024-09-24 00:00:00
vulnrichment
vulnrichment
CVE-2024-39331
2024-06-23 00:00:00
ubuntucve
ubuntucve
CVE-2024-39331
2024-06-23 00:00:00
mageia
mageia
Updated emacs packages improve Wayland support and fix a security vulnerability
2024-07-31 22:34:18
nvd
nvd
CVE-2024-39331
2024-06-23 22:15:09
debiancve
debiancve
CVE-2024-39331
2024-06-23 22:15:09
photon
photon
Critical Photon OS Security Update - PHSA-2024-4.0-0650
2024-07-11 00:00:00
Critical Photon OS Security Update - PHSA-2024-3.0-0771
2024-07-12 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0314
2024-07-11 00:00:00
amazon
amazon
Important: emacs
2024-08-01 03:01:00