First published: Sun Jun 23 2024(Updated: )
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/emacs | <29.4 | 29.4 |
debian/emacs | 1:27.1+1-3.1+deb11u5 1:28.2+1-15+deb12u3 1:29.4+1-3 | |
debian/org-mode | <=9.5.2+dfsh-5 | 9.4.0+dfsg-1+deb11u3 9.7.16+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.