Command Injection

2023-03-1119:20:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

emacs

command injection

vulnerability

source-code file

system c library

metacharacters

0.002 Low

EPSS

Percentile

64.9%

JSON

emacs is vulnerable to Command Injection. An attacker can inject and execute malicious commands via shell metacharacters in the name of a source-code file because etags.c uses the system C library function to implement the etags program.

CPENameOperatorVersion
emacs:sideq1:27.1+1-3
emacs:bullseyeeq1:27.1+1-3
emacs:bookwormeq1:27.1+1-3.1
emacseq23.1__25.el6
emacseq26.1__11.el8
emacseq24.3__20.el7_4
emacseq24.3__23.el7_9.1
emacseq26.1__7.el8
emacseq27.2__3.hs.el8
emacseq24.3__23.el7

Name	Operator	Version
emacs:sid	eq	1:27.1+1-3
emacs:bullseye	eq	1:27.1+1-3
emacs:bookworm	eq	1:27.1+1-3.1
emacs	eq	23.1__25.el6
emacs	eq	26.1__11.el8
emacs	eq	24.3__20.el7_4
emacs	eq	24.3__23.el7_9.1
emacs	eq	26.1__7.el8
emacs	eq	27.2__3.hs.el8
emacs	eq	24.3__23.el7