CVE-2024-30205: In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

0.0 CVSS

Description

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

Classification

CVE ID: CVE-2024-30205

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.38% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877
https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html
http://www.openwall.com/lists/oss-security/2024/03/25/2

Timeline

2024-12-04 00:11:28 UTC
CVE

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.