Ihor Radchenko

**Name of the Vulnerable Software and Affected Versions** Emacs versions prior to 29.4 Org Mode versions prior to 9.7.5 **Description** The issue arises from the expansion of a %(...) link abbrev by the org-link-expand-abbrev function in lisp/ol.el, even when it specifies an unsafe function like shell-command-to-string. This could allow a remote attacker to execute arbitrary code by injecting a specially crafted command. **Recommendations** For Emacs versions prior to 29.4, update to version 29.4 or later to resolve the issue. For Org Mode versions prior to 9.7.5, update to version 9.7.5 or later to resolve the issue. As a temporary workaround, consider disabling the `org-link-expand-abbrev` function until a patch is available. Restrict access to the `shell-command-to-string` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Emacs versions prior to 29.3 Org Mode versions prior to 9.6.23 **Description** The issue allows arbitrary Lisp code to be evaluated as part of turning on Org mode. **Recommendations** For Emacs versions prior to 29.3, update to version 29.3 or later. For Org Mode versions prior to 9.6.23, update to version 9.6.23 or later.