CVE-2024-30202
HIGHEmacs < 29.3 and Org Mode < 9.6.23 - Arbitrary Lisp Code Execution via Org Mode Activation
Title source: llmDescription
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
References (5)
Core 5
Core References
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2024/03/25/2
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2024/04/08/6
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
16.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-94
Status
published
Products (2)
gnu/emacs
< 29.3
gnu/org_mode
< 9.6.23
Published
Mar 25, 2024
Tracked Since
Feb 18, 2026