Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-30202

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

Published

2024-03-25T15:15:52.427

Last Modified

2025-05-01T14:33:59.357

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	emacs	< 29.3	Yes
Application	gnu	org_mode	< 9.6.23	Yes

References

http://www.openwall.com/lists/oss-security/2024/03/25/2 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2024/04/08/6 Mailing List ([email protected])
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb Patch ([email protected])
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 Release Notes ([email protected])
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 Patch ([email protected])
http://www.openwall.com/lists/oss-security/2024/03/25/2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/04/08/6 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 Patch (af854a3a-2127-422b-91ae-364da2661108)