Unrated severityNVD Advisory· Published Mar 19, 2023· Updated Nov 3, 2025
CVE-2023-28617
CVE-2023-28617
Description
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- GNU Emacs/Org Modedescription
- osv-coords6 versionspkg:rpm/almalinux/emacspkg:rpm/almalinux/emacs-commonpkg:rpm/almalinux/emacs-filesystempkg:rpm/almalinux/emacs-lucidpkg:rpm/almalinux/emacs-noxpkg:rpm/almalinux/emacs-terminal
< 1:26.1-7.el8_7.1+ 5 more
- (no CPE)range: < 1:26.1-7.el8_7.1
- (no CPE)range: < 1:26.1-7.el8_7.1
- (no CPE)range: < 1:26.1-7.el8_7.1
- (no CPE)range: < 1:26.1-7.el8_7.1
- (no CPE)range: < 1:26.1-7.el8_7.1
- (no CPE)range: < 1:26.1-7.el8_7.1
Patches
Vulnerability mechanics
References
5- lists.debian.org/debian-lts-announce/2023/05/msg00008.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2023/10/msg00019.htmlmitremailing-list
- git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/mitre
- git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/mitre
- list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/mitre
News mentions
0No linked articles in our index yet.