9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
65.0%
software: emacs 28.1
WASP: ROSA-CHROME
package_evr_string: emacs-28.1-5
CVE-ID: CVE-2022-48339
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: A problem was discovered in GNU Emacs. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir parameter come from external input, and the parameters are not escaped. If the file or directory name contains shell metacharacters, code can be executed
CVE-STATUS: Eliminated
CVE-REV: To close, run the command: sudo dnf update emacs
CVE-ID: CVE-2022-48338
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: The problem was found in GNU Emacs. In Ruby-mode.el, the Ruby-find-library-file function has a local command injection vulnerability. The Ruby-find-library-file function is an interactive function and is bound to C-c C-f. Within the function, the external command gem is invoked via the shell command line, but the function name parameters are not escaped. Thus, malicious Ruby source files can cause commands to be executed.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update emacs
CVE-ID: CVE-2022-45939
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: GNU Emacs allows attackers to execute commands via shell metacharacters in the source file name because lib-src/etags.c uses a C system library function in its implementation of the ctags program. For example, a victim might use the “ctags *” command (suggested in the ctags documentation) in a situation where the contents of the current working directory depend on unreliable input.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update emacs
CVE-ID: CVE-2022-48337
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: GNU Emacs allows attackers to execute commands using shell metacharacters in the source file name, because lib-src
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update emacs
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
65.0%