ALAS2023-2023-108 --- emacsID: oval:org.secpod.oval:def:19500145 | Date: (C)2023-06-12 (M)2023-06-12 |
Class: PATCH | Family: unix |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command in a situation where the current working directory has contents that depend on untrusted input
Platform: |
Amazon Linux 2023 |