Org Mode
CVE-2023-28617
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
AnalysisAI
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Affected products include: Gnu Org Mode. Version information: through 9.6.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. Rated high severity (CVSS 7.8), t
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. Rated high severity (CVSS 7.1), this vu
In Emacs before 29.3, Gnus treats inline MIME contents as trusted. Rated medium severity (CVSS 5.5), this vulnerability
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Rated low severity (CVSS 2.8), this vu
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today