Xi Lu

**Name of the Vulnerable Software and Affected Versions** Org Mode versions through 9.6.1 **Description** The issue allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. This is possible due to a flaw in the `org-babel-execute:latex` function in `ob-latex.el` for GNU Emacs. **Recommendations** For versions through 9.6.1, consider disabling the `org-babel-execute:latex` function until a patch is available to prevent the execution of arbitrary commands. Restrict access to file names and directory names that may contain shell metacharacters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Emacs versions through 28.2 **Description** An issue was discovered in GNU Emacs where the `ruby-find-library-file` function in `ruby-mode.el` has a local command injection vulnerability. The `ruby-find-library-file` function is an interactive function bound to C-c C-f. Inside the function, the external command `gem` is called through `shell-command-to-string`, but the `feature-name` parameters are not escaped, allowing malicious Ruby source files to cause commands to be executed. **Recommendations** For GNU Emacs versions through 28.2, as a temporary workaround, consider disabling the `ruby-find-library-file` function until a patch is available. Restrict access to the `ruby-mode.el` module to minimize the risk of exploitation. Avoid using the `feature-name` parameters in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Emacs versions 28.2 and earlier **Description** The issue is related to the improper neutralization of special elements used in the operating system command. This can allow an attacker to execute arbitrary code via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command in a situation where the current working directory has contents that depend on untrusted input. **Recommendations** For GNU Emacs versions 28.2 and earlier, consider disabling the use of the `etags` program until a patch is available, or avoid using the "etags -u *" command in situations where the current working directory has contents that depend on untrusted input. Restrict access to the `lib-src/etags.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Emacs versions through 28.2 **Description** The issue is related to a command injection vulnerability in the htmlfontify.el module of GNU Emacs. Specifically, the `hfy-istext-command` function is vulnerable due to the lack of escaping for the `file` and `srcdir` parameters, which come from external input. If a file name or directory name contains shell metacharacters, it may lead to the execution of arbitrary code. **Recommendations** For GNU Emacs versions through 28.2, consider disabling the `hfy-istext-command` function until a patch is available to prevent potential exploitation. Restrict access to the `htmlfontify.el` module to minimize the risk of exploitation. Avoid using the parameters `file` and `srcdir` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.