Improper Input Validation

2024-04-0522:35:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

input validation

emacs org mode

processing logic

trust assumptions

remote files

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

emacs is vulnerable to Improper Input Validation. The vulnerability is due to a flaw in the processing logic of Emacs Org mode, allows attackers to potentially exploit trust assumptions in Emacs Org mode, as it incorrectly treats the contents of remote files as trusted without appropriate validation.

CPENameOperatorVersion
emacs:sideq1:27.1+1-3
org-mode:sideq9.4.0+dfsg-1
emacs:sideq1:27.1+1-3
org-mode:sideq9.4.0+dfsg-1
emacs:bustereq1:26.1+1-3.2+deb10u1
emacs:bustereq1:26.1+1-3.2+deb10u2
emacs:bullseyeeq1:27.1+1-3
emacs:bookwormeq1:27.1+1-3.1

Name	Operator	Version
emacs:sid	eq	1:27.1+1-3
org-mode:sid	eq	9.4.0+dfsg-1
emacs:sid	eq	1:27.1+1-3
org-mode:sid	eq	9.4.0+dfsg-1
emacs:buster	eq	1:26.1+1-3.2+deb10u1
emacs:buster	eq	1:26.1+1-3.2+deb10u2
emacs:bullseye	eq	1:27.1+1-3
emacs:bookworm	eq	1:27.1+1-3.1