VYPR

Org Mode

by Emacs

CVEs (4)

  • CVE-2024-39331Jun 23, 2024
    risk 0.00cvss epss 0.01

    In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

  • CVE-2024-30205Mar 25, 2024
    risk 0.00cvss epss 0.00

    In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

  • CVE-2024-30202Mar 25, 2024
    risk 0.00cvss epss 0.01

    In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

  • CVE-2023-28617Mar 19, 2023
    risk 0.00cvss epss 0.00

    org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.