{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-39331", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-22T03:55:10.601Z", "dateReserved": "2024-06-23T00:00:00", "datePublished": "2024-06-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-29T07:06:02.248894"}, "descriptions": [{"lang": "en", "value": "In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"url": "https://list.orgmode.org/87sex5gdqc.fsf%40localhost/"}, {"url": "https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html"}, {"url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8"}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/23/1"}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/23/2"}, {"url": "https://news.ycombinator.com/item?id=40768225"}, {"name": "[debian-lts-announce] 20240629 [SECURITY] [DLA 3848-1] org-mode security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html"}, {"name": "[debian-lts-announce] 20240629 [SECURITY] [DLA 3849-1] org-mode security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "affected": [{"vendor": "gnu", "product": "emacs", "cpes": ["cpe:2.3:a:gnu:emacs:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "29.4", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-39331"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T03:55:10.601Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:14.279Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", "tags": ["x_transferred"]}, {"url": "https://list.orgmode.org/87sex5gdqc.fsf%40localhost/", "tags": ["x_transferred"]}, {"url": "https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html", "tags": ["x_transferred"]}, {"url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/23/1", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/23/2", "tags": ["x_transferred"]}, {"url": "https://news.ycombinator.com/item?id=40768225", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240629 [SECURITY] [DLA 3848-1] org-mode security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html"}, {"name": "[debian-lts-announce] 20240629 [SECURITY] [DLA 3849-1] org-mode security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html"}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", "tags": ["x_transferred"]}, {"url": "https://list.orgmode.org/87sex5gdqc.fsf%40localhost/", "tags": ["x_transferred"]}, {"url": "https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html", "tags": ["x_transferred"]}, {"url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/23/1", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/23/2", "tags": ["x_transferred"]}, {"url": "https://news.ycombinator.com/item?id=40768225", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html", "name": "[debian-lts-announce] 20240629 [SECURITY] [DLA 3848-1] org-mode security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html", "name": "[debian-lts-announce] 20240629 [SECURITY] [DLA 3849-1] org-mode security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:14.279Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-39331", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-01T21:24:13.633677Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gnu:emacs:-:*:*:*:*:*:*:*"], "vendor": "gnu", "product": "emacs", "versions": [{"status": "affected", "version": "0", "lessThan": "29.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T21:32:02.854Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"url": "https://list.orgmode.org/87sex5gdqc.fsf%40localhost/"}, {"url": "https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html"}, {"url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8"}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/23/1"}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/23/2"}, {"url": "https://news.ycombinator.com/item?id=40768225"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html", "name": "[debian-lts-announce] 20240629 [SECURITY] [DLA 3848-1] org-mode security update", "tags": ["mailing-list"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html", "name": "[debian-lts-announce] 20240629 [SECURITY] [DLA 3849-1] org-mode security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-29T07:06:02.248894"}}}, "cveMetadata": {"cveId": "CVE-2024-39331", "state": "PUBLISHED", "dateUpdated": "2024-08-22T03:55:10.601Z", "dateReserved": "2024-06-23T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-06-23T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2FCE1A3-09E0-4700-91DE-AD79D3B2FAA8", "versionEndExcluding": "29.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5."}, {"lang": "es", "value": "En Emacs anterior a 29.4, org-link-expand-abbrev en lisp/ol.el expande una abreviatura de enlace %(...) incluso cuando especifica una funci\u00f3n no segura, como shell-command-to-string. Esto afecta al modo de organizaci\u00f3n anterior a 9.7.5."}], "id": "CVE-2024-39331", "lastModified": "2025-04-30T16:44:51.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-23T22:15:09.370", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://list.orgmode.org/87sex5gdqc.fsf%40localhost/"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://news.ycombinator.com/item?id=40768225"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2024/06/23/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2024/06/23/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://list.orgmode.org/87sex5gdqc.fsf%40localhost/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://news.ycombinator.com/item?id=40768225"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2024/06/23/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2024/06/23/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6987", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "emacs-1:26.1-12.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6987", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "emacs-1:26.1-12.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:4971", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "emacs-1:26.1-7.el8_6.5", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-08-01T00:00:00Z"}, {"advisory": "RHSA-2024:4971", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "emacs-1:26.1-7.el8_6.5", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-08-01T00:00:00Z"}, {"advisory": "RHSA-2024:4971", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "emacs-1:26.1-7.el8_6.5", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-08-01T00:00:00Z"}, {"advisory": "RHSA-2024:6203", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "emacs-1:26.1-10.el8_8.6", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6510", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "emacs-1:27.2-10.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-09T00:00:00Z"}], "bugzilla": {"description": "emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code", "id": "2293942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293942"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-95", "details": ["In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.", "A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments."], "mitigation": {"lang": "en:us", "value": "Do not open Org mode files or preview email attachments from untrusted sources."}, "name": "CVE-2024-39331", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-06-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39331\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39331\nhttps://www.openwall.com/lists/oss-security/2024/06/23/1"], "statement": "To exploit this flaw, an attacker needs to trick a user into opening a crafted Org mode file or previewing a crafted email attachment. For this reason, this flaw has been rated with a Moderate security impact.", "threat_severity": "Moderate"}