CVE-2024-39331
- Source
- https://cve.org/CVERecord?id=CVE-2024-39331
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39331.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-39331
- Downstream
- Related
- Published
- 2024-06-23T00:00:00Z
- Modified
- 2026-06-10T18:29:09.011765875Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39331.json", "unresolved_ranges": [ { "source": "DESCRIPTION", "extracted_events": [ { "fixed": "29.4" }, { "fixed": "9.7.5" } ] } ], "cna_assigner": "mitre" }- References
-
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
- https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8
- https://list.orgmode.org/87sex5gdqc.fsf%40localhost/
- https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html
- https://news.ycombinator.com/item?id=40768225
- https://www.openwall.com/lists/oss-security/2024/06/23/1
- https://www.openwall.com/lists/oss-security/2024/06/23/2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39331.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-39331
- https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html
Affected packages
Git / cgit.git.savannah.gnu.org/cgit/emacs/org-mode.git
Affected ranges
- Type
- GIT
- Repo
- https://cgit.git.savannah.gnu.org/cgit/emacs/org-mode.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedf4cc61636947b5c2f0afc67174dd369fe3277aa8
Affected versions
5.*
5.23a
6.*
6.26b
7.*
7.9.3e
beta_8.*
beta_8.3
Other
d
rel519
release_
release_4.*
release_4.12a
release_4.13
release_4.19a
release_4.19b
release_4.20
release_4.21
release_4.22
release_4.23
release_4.24
release_4.26
release_4.27
release_4.28
release_4.29
release_4.30
release_4.33
release_4.34
release_4.36
release_4.37
release_4.40
release_4.41
release_4.42
release_4.43
release_4.44
release_4.45
release_4.46
release_4.48
release_4.50
release_4.51
release_4.52
release_4.53
release_4.54
release_4.55
release_4.56
release_4.57
release_4.58
release_4.59
release_4.60
release_4.61
release_4.62
release_4.64
release_4.65
release_4.66
release_4.67
release_4.68
release_4.69
release_4.70
release_4.71
release_4.72
release_4.74
release_4.75
release_4.76
release_4.77
release_4.78
release_4.79
release_5.*
release_5.01
release_5.01b
release_5.02
release_5.03
release_5.03n
release_5.04
release_5.05
release_5.06
release_5.06b
release_5.06c
release_5.06d
release_5.06e
release_5.07
release_5.07a
release_5.10a
release_5.10b
release_5.11
release_5.11b
release_5.12
release_5.12b
release_5.12c
release_5.13
release_5.13a
release_5.13c
release_5.13d
release_5.13e
release_5.13g
release_5.13h
release_5.13i
release_5.14
release_5.15
release_5.15a
release_5.16
release_5.16a
release_5.16b
release_5.17
release_5.17a
release_5.18
release_5.18a
release_5.19
release_5.19a
release_5.20
release_5.21
release_5.22
release_5.22a
release_5.23a
release_6.*
release_6.01
release_6.01a
release_6.01b
release_6.01c
release_6.02
release_6.02a
release_6.02b
release_6.03
release_6.04
release_6.04a
release_6.04b
release_6.04c
release_6.05
release_6.05a
release_6.05b
release_6.06
release_6.06a
release_6.06b
release_6.07
release_6.07a
release_6.07b
release_6.08
release_6.08a
release_6.08c
release_6.09
release_6.09a
release_6.10
release_6.10a
release_6.10b
release_6.10c
release_6.11
release_6.11a
release_6.11b
release_6.11c
release_6.12
release_6.12a
release_6.12b
release_6.13
release_6.13a
release_6.14
release_6.15
release_6.15a
release_6.15b
release_6.15c
release_6.15d
release_6.15f
release_6.16
release_6.16a
release_6.16b
release_6.16c
release_6.17
release_6.17a
release_6.17b
release_6.17c
release_6.18
release_6.18a
release_6.18b
release_6.18c
release_6.19
release_6.19a
release_6.19b
release_6.19c
release_6.19d
release_6.19e
release_6.20
release_6.20a
release_6.20b
release_6.20c
release_6.20d
release_6.20e
release_6.20f
release_6.20g
release_6.20h
release_6.20i
release_6.21
release_6.21a
release_6.21b
release_6.22
release_6.22a
release_6.22b
release_6.23
release_6.23a
release_6.23b
release_6.24
release_6.24a
release_6.24b
release_6.24c
release_6.25
release_6.25a
release_6.25b
release_6.25c
release_6.25d
release_6.26
release_6.26a
release_6.26b
release_6.26c
release_6.26d
release_6.27
release_6.27a
release_6.28
release_6.28a
release_6.28b
release_6.28c
release_6.28d
release_6.29
release_6.29a
release_6.29b
release_6.29c
release_6.30
release_6.30a
release_6.30b
release_6.30c
release_6.30d
release_6.31
release_6.32
release_6.32a
release_6.32b
release_6.33
release_6.33a
release_6.33b
release_6.33c
release_6.33d
release_6.33e
release_6.33f
release_6.34
release_6.34a
release_6.34b
release_6.34c
release_6.35
release_6.35a
release_6.35b
release_6.35c
release_6.35d
release_6.35e
release_6.35f
release_6.35g
release_6.36
release_7.*
release_7.6
release_7.9
release_7.9.1
release_7.9.2
release_7.9.3
release_7.9.3a
release_7.9.3b
release_7.9.3c
release_7.9.3d
release_7.9.3f
release_7.9.4
release_8.*
release_8.0
release_8.0.1
release_8.1
release_8.1.2
release_8.2
release_8.3
release_8.3beta
release_9.*
release_9.0
release_9.1
release_9.2
release_9.3
release_9.4
release_9.4.1
release_9.4.2
release_9.4.3
release_9.4.4
release_9.4.5
release_9.4.6
release_9.5
release_9.6
release_9.7
release_9.7.1
release_9.7.2
release_9.7.3
release_9.7.4