Command Injection

2023-03-1119:20:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

emacs

vulnerability

command injection

input parameters

escape

hfy-istext-command

attacker

malicious commands

file name

directory name

shell metacharacters

software

0.001 Low

EPSS

Percentile

25.1%

JSON

emacs is vulnerable to Command Injection. The vulnerability exists because the input parameters are not properly escaped in the hfy-istext-command function, which allows an attacker to inject and execute malicious commands when the file name or directory name contains shell metacharacters.

CPENameOperatorVersion
emacs:bullseyeeq1:27.1+1-3
emacs:sideq1:27.1+1-3
emacs:bookwormeq1:27.1+1-3.1
emacseq23.1__28.el6
emacseq23.1__25.el6
emacseq26.1__11.el8
emacseq24.3__20.el7_4
emacseq26.1__7.el8
emacseq27.2__3.hs.el8
emacseq23.1__21.el6_2.1

Name	Operator	Version
emacs:bullseye	eq	1:27.1+1-3
emacs:sid	eq	1:27.1+1-3
emacs:bookworm	eq	1:27.1+1-3.1
emacs	eq	23.1__28.el6
emacs	eq	23.1__25.el6
emacs	eq	26.1__11.el8
emacs	eq	24.3__20.el7_4
emacs	eq	26.1__7.el8
emacs	eq	27.2__3.hs.el8
emacs	eq	23.1__21.el6_2.1