vulnerability
Amazon Linux 2023: CVE-2024-39331: Important priority package update for emacs
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Jun 23, 2024 | Feb 17, 2025 | Jul 4, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Jun 23, 2024
Added
Feb 17, 2025
Modified
Jul 4, 2025
Description
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.
A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.
Solutions
amazon-linux-2023-upgrade-emacsamazon-linux-2023-upgrade-emacs-commonamazon-linux-2023-upgrade-emacs-common-debuginfoamazon-linux-2023-upgrade-emacs-debuginfoamazon-linux-2023-upgrade-emacs-debugsourceamazon-linux-2023-upgrade-emacs-develamazon-linux-2023-upgrade-emacs-filesystemamazon-linux-2023-upgrade-emacs-lucidamazon-linux-2023-upgrade-emacs-lucid-debuginfoamazon-linux-2023-upgrade-emacs-noxamazon-linux-2023-upgrade-emacs-nox-debuginfoamazon-linux-2023-upgrade-emacs-terminal
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.