FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Emacs -- Shell injection vulnerability

Affected packages
emacs < 30.1,3
emacs-canna < 30.1,3
emacs-nox < 30.1,3
emacs-wayland < 30.1,3
emacs-devel < 31.0.50.20250101,3
emacs-devel-nox < 31.0.50.20250101,3

Details

VuXML ID 7ba6c085-1590-491a-98ce-5452646b196f
Discovery 2024-11-27
Entry 2025-02-24

Problem Description:

An Emacs user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.

References

CVE Name CVE-2024-53920
URL https://nvd.nist.gov/vuln/detail/CVE-2024-53920

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.