An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function and bound to C-c C-f. Inside the function the external command gem is called through shell-command-to-string but the feature-name parameters are not escaped. Thus malicious Ruby source files may cause commands to be executed.

🗓️ 27 Feb 2023 08:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 1 Views

Vulnerability in GNU Emacs ruby-find-library-file allows command execution via unescaped feature-name.

Reporter	Title	Published	Views	Family All 90
FreeBSD	emacs -- multiple vulnerabilities	6 Dec 202200:00	–	freebsd
Tenable Nessus	Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2023-122)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : emacs (ALAS-2023-1981)	7 Mar 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0154: emacs (ALINUX3-SA-2023:0154)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : emacs (ALSA-2023:2626)	14 May 202300:00	–	nessus
Tenable Nessus	Debian DSA-5360-1 : emacs - security update	24 Feb 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : emacs (EulerOS-SA-2023-1950)	18 May 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : emacs (EulerOS-SA-2023-1972)	18 May 202300:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.1 : emacs (EulerOS-SA-2023-2068)	7 Jun 202300:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.0 : emacs (EulerOS-SA-2023-2120)	7 Jun 202300:00	–	nessus

Vulners

Node

microsoft cbl2_emacs_28.2-4Range<28.2-4

22 Mar 2023 07:00Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.3

EPSS0.00142

SSVC

gnu emacs ruby mode ruby-find-library-file command injection unescaped feature name