CVE-2023-28617
Summary
| CVE | CVE-2023-28617 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-19 03:15:00 UTC |
| Updated | 2023-11-07 04:10:00 UTC |
| Description | org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [PATCH] Fix ob-latex.el command injection vulnerability. | MISC | list.orgmode.org | |
| [PATCH] Fix ob-latex.el command injection vulnerability. | list.orgmode.org | ||
| [SECURITY] [DLA 3616-1] org-mode security update | MLIST | lists.debian.org | |
| emacs/org-mode.git - Emacs Org mode | MISC | git.savannah.gnu.org | |
| [SECURITY] [DLA 3416-1] emacs security update | MLIST | lists.debian.org | |
| emacs/org-mode.git - Emacs Org mode | MISC | git.savannah.gnu.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160564 Oracle Enterprise Linux Security Update for emacs (ELSA-2023-1930)
- 160574 Oracle Enterprise Linux Security Update for emacs (ELSA-2023-2074)
- 181775 Debian Security Update for emacs (DLA 3416-1)
- 182281 Debian Security Update for emacsorg-mode (CVE-2023-28617)
- 199478 Ubuntu Security Notification for Emacs Vulnerability (USN-6003-1)
- 241375 Red Hat Update for emacs (RHSA-2023:1930)
- 241376 Red Hat Update for emacs (RHSA-2023:1931)
- 241380 Red Hat Update for emacs (RHSA-2023:1958)
- 241391 Red Hat Update for emacs (RHSA-2023:2010)
- 241403 Red Hat Update for emacs (RHSA-2023:2074)
- 241609 Red Hat Update for emacs (RHSA-2023:3189)
- 241649 Red Hat Update for emacs (RHSA-2023:1915)
- 354891 Amazon Linux Security Advisory for emacs : ALAS2-2023-2012
- 355280 Amazon Linux Security Advisory for emacs : ALAS2023-2023-147
- 6000266 Debian Security Update for org-mode (DLA 3616-1)
- 672942 EulerOS Security Update for emacs (EulerOS-SA-2023-1801)
- 672944 EulerOS Security Update for emacs (EulerOS-SA-2023-1819)
- 673580 EulerOS Security Update for emacs (EulerOS-SA-2023-2681)
- 673791 EulerOS Security Update for emacs (EulerOS-SA-2023-2639)
- 906694 Common Base Linux Mariner (CBL-Mariner) Security Update for emacs (25707-1)
- 940996 AlmaLinux Security Update for emacs (ALSA-2023:1930)
- 941001 AlmaLinux Security Update for emacs (ALSA-2023:2074)
- 960922 Rocky Linux Security Update for emacs (RLSA-2023:1930)
- 960923 Rocky Linux Security Update for emacs (RLSA-2023:2074)