CVE-2022-48338
Summary
| CVE | CVE-2022-48338 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-02-20 23:15:00 UTC |
| Updated | 2023-11-07 03:56:00 UTC |
| Description | An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 37 Update: emacs-28.3-0.rc1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 38 Update: emacs-28.3-0.rc1.fc38 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 38 Update: emacs-28.3-0.rc1.fc38 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| emacs.git - Emacs source repository | MISC | git.savannah.gnu.org | |
| Debian -- Security Information -- DSA-5360-1 emacs | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 37 Update: emacs-28.3-0.rc1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160625 Oracle Enterprise Linux Security Update for emacs (ELSA-2023-2626)
- 181683 Debian Security Update for emacs (DSA 5360-1)
- 182665 Debian Security Update for emacs (CVE-2022-48338)
- 241452 Red Hat Update for emacs (RHSA-2023:2626)
- 284551 Fedora Security Update for emacs (FEDORA-2023-5763445abe)
- 284626 Fedora Security Update for emacs (FEDORA-2023-29df561f1d)
- 354790 Amazon Linux Security Advisory for emacs : ALAS2-2023-1981
- 355223 Amazon Linux Security Advisory for emacs : ALAS2023-2023-122
- 673032 EulerOS Security Update for emacs (EulerOS-SA-2023-1950)
- 673038 EulerOS Security Update for emacs (EulerOS-SA-2023-1972)
- 673126 EulerOS Security Update for emacs (EulerOS-SA-2023-2288)
- 673165 EulerOS Security Update for emacs (EulerOS-SA-2023-2264)
- 691076 Free Berkeley Software Distribution (FreeBSD) Security Update for emacs (a75929bd-b6a4-11ed-bad6-080027f5fec9)
- 905619 Common Base Linux Mariner (CBL-Mariner) Security Update for emacs (13681)
- 906624 Common Base Linux Mariner (CBL-Mariner) Security Update for emacs (13681-3)
- 941017 AlmaLinux Security Update for emacs (ALSA-2023:2626)