CVE-2024-39331

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-39331
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 Release Notes
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8 Mailing List Patch
https://list.orgmode.org/87sex5gdqc.fsf%40localhost/ Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html Mailing List
https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html Mailing List
https://news.ycombinator.com/item?id=40768225 Mailing List
https://www.openwall.com/lists/oss-security/2024/06/23/1 Mailing List
https://www.openwall.com/lists/oss-security/2024/06/23/2 Mailing List
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 Release Notes
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8 Mailing List Patch
https://list.orgmode.org/87sex5gdqc.fsf%40localhost/ Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html Mailing List
https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html Mailing List
https://news.ycombinator.com/item?id=40768225 Mailing List
https://www.openwall.com/lists/oss-security/2024/06/23/1 Mailing List
https://www.openwall.com/lists/oss-security/2024/06/23/2 Mailing List
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
History

30 Apr 2025, 16:44

Type Values Removed Values Added
References () https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 - () https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 - Release Notes
References () https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8 - () https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8 - Mailing List, Patch
References () https://list.orgmode.org/87sex5gdqc.fsf%40localhost/ - () https://list.orgmode.org/87sex5gdqc.fsf%40localhost/ - Mailing List
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html - Mailing List
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html - Mailing List
References () https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html - () https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html - Mailing List
References () https://news.ycombinator.com/item?id=40768225 - () https://news.ycombinator.com/item?id=40768225 - Mailing List
References () https://www.openwall.com/lists/oss-security/2024/06/23/1 - () https://www.openwall.com/lists/oss-security/2024/06/23/1 - Mailing List
References () https://www.openwall.com/lists/oss-security/2024/06/23/2 - () https://www.openwall.com/lists/oss-security/2024/06/23/2 - Mailing List
CPE cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
First Time Gnu
Gnu emacs

21 Nov 2024, 09:27

Type Values Removed Values Added
References () https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 - () https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 -
References () https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8 - () https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8 -
References () https://list.orgmode.org/87sex5gdqc.fsf%40localhost/ - () https://list.orgmode.org/87sex5gdqc.fsf%40localhost/ -
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html -
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html -
References () https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html - () https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html -
References () https://news.ycombinator.com/item?id=40768225 - () https://news.ycombinator.com/item?id=40768225 -
References () https://www.openwall.com/lists/oss-security/2024/06/23/1 - () https://www.openwall.com/lists/oss-security/2024/06/23/1 -
References () https://www.openwall.com/lists/oss-security/2024/06/23/2 - () https://www.openwall.com/lists/oss-security/2024/06/23/2 -

03 Jul 2024, 02:05

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-94

29 Jun 2024, 07:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html -
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html -

24 Jun 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) En Emacs anterior a 29.4, org-link-expand-abbrev en lisp/ol.el expande una abreviatura de enlace %(...) incluso cuando especifica una función no segura, como shell-command-to-string. Esto afecta al modo de organización anterior a 9.7.5.

23 Jun 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-23 22:15

Updated : 2025-04-30 16:44

NVD link : CVE-2024-39331

Mitre link : CVE-2024-39331

CVE.ORG link : CVE-2024-39331

JSON object : View

Products Affected

gnu

  • emacs
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')