VYPR
Unrated severityNVD Advisory· Published Feb 20, 2023· Updated Mar 18, 2025

CVE-2022-48339

CVE-2022-48339

Description

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

35

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.