PT-2024-23254 · Gnu+9 · Org Mode+10

Published

2024-03-25

Updated

2025-08-15

CVE-2024-30205

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Emacs versions prior to 29.3 Org Mode versions prior to 9.6.23

Description The issue arises because Org mode in Emacs considers the contents of remote files to be trusted. This could potentially lead to security issues if malicious content is accessed.

Recommendations For Emacs versions prior to 29.3, update to version 29.3 or later to resolve the issue. For Org Mode versions prior to 9.6.23, update to version 9.6.23 or later to resolve the issue. As a temporary workaround, consider restricting the access to remote files in Org mode until a patch is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-494

Related Identifiers

ALSA-2024:6987

AZL-37080

AZL-37107

BDU:2025-16177

CESA-2024_6987

CVE-2024-30205

DLA-3801-1

DLA-3802-1

INFSA-2024_6987

INFSA-2024_9302

MGASA-2024-0104

OESA-2024-1390

OPENSUSE-SU-2024_1294-1

RHSA-2024:6987

RHSA-2024:9302

RHSA-2024_6987

RHSA-2024_9302

RLSA-2024:9302

SUSE-SU-2024:1294-1

SUSE-SU-2024:1317-1

SUSE-SU-2024:2297-1

USN-7027-1

USN-7375-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Emacs

Linuxmint

Org Mode

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2024-23254 · Gnu+9 · Org Mode+10

CVE-2024-30205

Weakness Enumeration

Related Identifiers

Affected Products

References · 80