Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38325

HistoryDec 04, 2022 - 12:37 a.m.

OS Command Injection

2022-12-0400:37:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

18

emacs

command injection

etags.c

arbitrary commands

shell characters

EPSS

0.001

Percentile

39.5%

emacs is vulnerable to OS Command Injection. The vulnerability exists in multiple functions of etags.c due to the implementation of the ctags commands which allows an attacker to inject and execute arbitrary commands via shell meta characters.

References

git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51

github.com/advisories/GHSA-m57w-hf24-4j3h

lists.debian.org/debian-lts-announce/2022/12/msg00046.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOSK3J7BBAEI4IITW2DRUKLQYUZYKH6Y/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GOXIH2FDEQJEAARE52C3GHTLGQFBYPIB/

lists.fedoraproject.org/archives/list/[email protected]/message/FOSK3J7BBAEI4IITW2DRUKLQYUZYKH6Y/

lists.fedoraproject.org/archives/list/[email protected]/message/GOXIH2FDEQJEAARE52C3GHTLGQFBYPIB/

security-tracker.debian.org/tracker/CVE-2022-45939

www.debian.org/security/2023/dsa-5314

EPSS

0.001

Percentile

39.5%

Related for VERACODE:38325