9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
55.9%
Xi Lu reports:
CVE-2022-48337
GNU Emacs through 28.2 allows attackers to execute
commands via shell metacharacters in the name of a
source-code file, because lib-src/etags.c uses the
system C library function in its implementation of the
etags program. For example, a victim may use the
"etags -u *" command (suggested in the etags
documentation) in a situation where the current working
directory has contents that depend on untrusted input.
CVE-2022-48338
An issue was discovered in GNU Emacs through 28.2. In
ruby-mode.el, the ruby-find-library-file function has a
local command injection vulnerability. The
ruby-find-library-file function is an interactive
function, and bound to C-c C-f. Inside the function, the
external command gem is called through
shell-command-to-string, but the feature-name parameters
are not escaped. Thus, malicious Ruby source files may
cause commands to be executed.
CVE-2022-48339
An issue was discovered in GNU Emacs through
28.2. htmlfontify.el has a command injection
vulnerability. In the hfy-istext-command function, the
parameter file and parameter srcdir come from external
input, and parameters are not escaped. If a file name or
directory name contains shell metacharacters, code may
be executed.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
55.9%