Org Mode
by Emacs
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39331 | 0.00 | — | 0.01 | Jun 23, 2024 | In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. | |||
| CVE-2024-30205 | 0.00 | — | 0.00 | Mar 25, 2024 | In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | |||
| CVE-2024-30202 | 0.00 | — | 0.01 | Mar 25, 2024 | In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. | |||
| CVE-2023-28617 | 0.00 | — | 0.00 | Mar 19, 2023 | org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. |
- CVE-2024-39331Jun 23, 2024risk 0.00cvss —epss 0.01
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
- CVE-2024-30205Mar 25, 2024risk 0.00cvss —epss 0.00
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
- CVE-2024-30202Mar 25, 2024risk 0.00cvss —epss 0.01
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
- CVE-2023-28617Mar 19, 2023risk 0.00cvss —epss 0.00
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.