CVE-2022-48339
Summary
| CVE | CVE-2022-48339 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-02-20 23:15:00 UTC |
| Updated | 2023-11-07 03:56:00 UTC |
| Description | An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. |
Risk And Classification
Problem Types: CWE-116
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| emacs.git - Emacs source repository | MISC | git.savannah.gnu.org | |
| [SECURITY] Fedora 37 Update: emacs-28.3-0.rc1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 38 Update: emacs-28.3-0.rc1.fc38 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] [DLA 3416-1] emacs security update | MLIST | lists.debian.org | |
| [SECURITY] Fedora 38 Update: emacs-28.3-0.rc1.fc38 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Debian -- Security Information -- DSA-5360-1 emacs | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 37 Update: emacs-28.3-0.rc1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160625 Oracle Enterprise Linux Security Update for emacs (ELSA-2023-2626)
- 160720 Oracle Enterprise Linux Security Update for emacs (ELSA-2023-3481)
- 161144 Oracle Enterprise Linux Security Update for emacs (ELSA-2023-7083)
- 181683 Debian Security Update for emacs (DSA 5360-1)
- 181775 Debian Security Update for emacs (DLA 3416-1)
- 184136 Debian Security Update for emacs (CVE-2022-48339)
- 199532 Ubuntu Security Notification for Emacs Vulnerability (USN-5955-1)
- 241452 Red Hat Update for emacs (RHSA-2023:2626)
- 241589 Red Hat Update for emacs (RHSA-2023:3481)
- 242440 Red Hat Update for emacs (RHSA-2023:7083)
- 243011 Red Hat Update for emacs (RHSA-2024:1103)
- 243088 Red Hat Update for emacs (RHSA-2024:1408)
- 257244 CentOS Security Update for emacs (CESA-2023:3481)
- 284551 Fedora Security Update for emacs (FEDORA-2023-5763445abe)
- 284626 Fedora Security Update for emacs (FEDORA-2023-29df561f1d)
- 354790 Amazon Linux Security Advisory for emacs : ALAS2-2023-1981
- 354861 Amazon Linux Security Advisory for emacs : ALAS-2023-1712
- 355076 Amazon Linux Security Advisory for emacs : AL2012-2023-400
- 355223 Amazon Linux Security Advisory for emacs : ALAS2023-2023-122
- 672994 EulerOS Security Update for emacs (EulerOS-SA-2023-1840)
- 673002 EulerOS Security Update for emacs (EulerOS-SA-2023-1865)
- 673032 EulerOS Security Update for emacs (EulerOS-SA-2023-1950)
- 673038 EulerOS Security Update for emacs (EulerOS-SA-2023-1972)
- 673126 EulerOS Security Update for emacs (EulerOS-SA-2023-2288)
- 673165 EulerOS Security Update for emacs (EulerOS-SA-2023-2264)
- 673323 EulerOS Security Update for emacs (EulerOS-SA-2023-3124)
- 691076 Free Berkeley Software Distribution (FreeBSD) Security Update for emacs (a75929bd-b6a4-11ed-bad6-080027f5fec9)
- 753737 SUSE Enterprise Linux Security Update for emacs (SUSE-SU-2023:0597-1)
- 753754 SUSE Enterprise Linux Security Update for emacs (SUSE-SU-2023:0675-1)
- 905622 Common Base Linux Mariner (CBL-Mariner) Security Update for emacs (13682)
- 906669 Common Base Linux Mariner (CBL-Mariner) Security Update for emacs (13682-3)
- 941017 AlmaLinux Security Update for emacs (ALSA-2023:2626)
- 941440 AlmaLinux Security Update for emacs (ALSA-2023:7083)