CVE-2024-39331

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Emacs versions prior to 29.4 Org Mode versions prior to 9.7.5

Description The issue arises from the expansion of a %(...) link abbrev by the org-link-expand-abbrev function in lisp/ol.el, even when it specifies an unsafe function like shell-command-to-string. This could allow a remote attacker to execute arbitrary code by injecting a specially crafted command.

Recommendations For Emacs versions prior to 29.4, update to version 29.4 or later to resolve the issue. For Org Mode versions prior to 9.7.5, update to version 9.7.5 or later to resolve the issue. As a temporary workaround, consider disabling the org-link-expand-abbrev function until a patch is available. Restrict access to the shell-command-to-string function to minimize the risk of exploitation.

Fix

Code Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-78

Related Identifiers

ALSA-2024:6510

ALSA-2024:6987

AZL-42868

AZL-42925

BDU:2024-04783

CESA-2024_6987

CVE-2024-39331

DLA-3848-1

DLA-3849-1

DSA-5718-1

DSA-5719-1

INFSA-2024_6510

INFSA-2024_6987

MGASA-2024-0276

OESA-2024-1816

OPENSUSE-SU-2024:14117-1

OPENSUSE-SU-2024_2567-1

OPENSUSE-SU-2026:10228-1

OPENSUSE-SU-2026:20928-1

RHSA-2024:4971

RHSA-2024:6203

RHSA-2024:6510

RHSA-2024:6987

RHSA-2024_6510

RHSA-2024_6987

SUSE-SU-2024:2293-1

SUSE-SU-2024:2297-1

SUSE-SU-2024:2567-1

SUSE-SU-2024_2293-1

SUSE-SU-2024_2567-1

USN-7027-1

USN-7375-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Emacs

Linuxmint

Org Mode

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-39331

Weakness Enumeration

Related Identifiers

Affected Products

References · 86