CVE-2023-28617
CVSS V2 None
CVSS V3 None
Description
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
Overview
- CVE ID
- CVE-2023-28617
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-19T03:15:11
- Last Modified Date
- 2023-03-27T18:37:31
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:gnu:org_mode:*:*:*:*:*:gnu_emacs:*:* | 1 | OR | 9.6.1 |
References
Reference URL | Reference Tags |
---|---|
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 | Mailing List Patch |
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741 | Mailing List Patch |
https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A@qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e | Mailing List Patch Vendor Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-28617 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28617 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-17 02:57:18 | Added to TrackCVE | |||
2023-04-17 02:57:21 | Weakness Enumeration | new |