Lucene search
MitreVULNRICHMENT:CVE-2024-39331HistoryJun 23, 2024 - 12:00 a.m.
CVE-2024-39331
2024-06-2300:00:00
mitre
github.com
1
emacs
org-link-expand-abbrev
lisp/ol.el
unsafe function
shell-command-to-string
org mode
6.7 Medium
AI Score
Confidence
Low
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(…) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
References
git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8
list.orgmode.org/87sex5gdqc.fsf%40localhost/
lists.debian.org/debian-lts-announce/2024/06/msg00023.html
lists.debian.org/debian-lts-announce/2024/06/msg00024.html
lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html
news.ycombinator.com/item?id=40768225
www.openwall.com/lists/oss-security/2024/06/23/1
www.openwall.com/lists/oss-security/2024/06/23/2
Related
cve
cve
CVE-2024-39331
2024-06-23 22:15:09
fedora
fedora
[SECURITY] Fedora 40 Update: emacs-29.4-3.fc40
2024-06-28 01:59:29
[SECURITY] Fedora 39 Update: emacs-29.4-2.fc39
2024-07-02 01:24:00
nessus
nessus
Fedora 39 : emacs (2024-3fedeba41f)
2024-07-02 00:00:00
SUSE SLES12 Security Update : emacs (SUSE-SU-2024:2293-1)
2024-07-04 00:00:00
Debian dla-3849 : emacs - security update
2024-06-29 00:00:00
redhatcve
redhatcve
CVE-2024-39331
2024-06-24 13:53:33
openvas
openvas
Debian: Security Advisory (DLA-3849-1)
2024-07-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:2293-1)
2024-07-04 00:00:00
Debian: Security Advisory (DSA-5718-1)
2024-07-01 00:00:00
debiancve
debiancve
CVE-2024-39331
2024-06-23 22:15:09
nvd
nvd
CVE-2024-39331
2024-06-23 22:15:09
ubuntucve
ubuntucve
CVE-2024-39331
2024-06-23 00:00:00
osv
osv
org-mode - security update
2024-06-25 00:00:00
emacs - security update
2024-06-25 00:00:00
org-mode - security update
2024-06-29 00:00:00
cvelist
cvelist
CVE-2024-39331
2024-06-23 00:00:00