← Back to CVEs

CVE-2024-30205

HIGH

7.1

Description

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

CVE Details

CVSS v3.1 Score7.1

SeverityHIGH

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published3/25/2024

Last Modified5/1/2025

Sourcenvd

Honeypot Sightings0

Affected Products

debian:debian_linuxgnu:emacsgnu:org_mode

Weaknesses (CWE)

CWE-494

References

http://www.openwall.com/lists/oss-security/2024/03/25/2(cve@mitre.org)

https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877(cve@mitre.org)

https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29(cve@mitre.org)

https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d(cve@mitre.org)

https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html(cve@mitre.org)

https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html(cve@mitre.org)

http://www.openwall.com/lists/oss-security/2024/03/25/2(af854a3a-2127-422b-91ae-364da2661108)

https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877(af854a3a-2127-422b-91ae-364da2661108)

https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29(af854a3a-2127-422b-91ae-364da2661108)

https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d(af854a3a-2127-422b-91ae-364da2661108)

https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html(af854a3a-2127-422b-91ae-364da2661108)

https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.