Lucene search

[email protected]NVD:CVE-2023-28617

HistoryMar 19, 2023 - 3:15 a.m.

CVE-2023-28617

2023-03-1903:15:11

CWE-78

[email protected]

web.nvd.nist.gov

org mode

gnu emacs

arbitrary command execution

file name

directory name

shell metacharacters

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

Affected configurations

NVD

Node

gnuorg_modeRange≤9.6.1gnu_emacs

References

git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485

git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741

list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e

lists.debian.org/debian-lts-announce/2023/05/msg00008.html

lists.debian.org/debian-lts-announce/2023/10/msg00019.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for NVD:CVE-2023-28617

redhat14 redhatcve2 nessus33 oraclelinux2 rocky2 cbl_mariner1 osv10 cvelist2 openvas12 veracode1 almalinux4 debian2 cve2 debiancve2 amazon1 mageia1 ubuntucve2 ubuntu1 prion2 nvd1 ibm1