CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

References

Affected packages

Debian:11 / emacs

Package

Name: emacs
Purl: pkg:deb/debian/emacs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:27.1+1-3.1+deb11u6

Affected versions

1:27.*

1:27.1+1-3.1

1:27.1+1-3.1+deb11u1

1:27.1+1-3.1+deb11u2

1:27.1+1-3.1+deb11u3

1:27.1+1-3.1+deb11u4

1:27.1+1-3.1+deb11u5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / emacs

Package

Name: emacs
Purl: pkg:deb/debian/emacs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:28.2+1-14

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / emacs

Package

Name: emacs
Purl: pkg:deb/debian/emacs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:28.2+1-14

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / org-mode

Package

Name: org-mode
Purl: pkg:deb/debian/org-mode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.0+dfsg-1+deb11u1

Affected versions

9.*

9.4.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / org-mode

Package

Name: org-mode
Purl: pkg:deb/debian/org-mode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.5.2+dfsh-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / org-mode

Package

Name: org-mode
Purl: pkg:deb/debian/org-mode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.5.2+dfsh-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / git.savannah.gnu.org/git/emacs/org-mode.git

Affected ranges

Type: GIT
Repo: https://git.savannah.gnu.org/git/emacs/org-mode.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

630f86dfc42472aafd9a4f305e1965cbe92b2891

Affected versions

5.*

5.23a

6.*

6.26b

7.*

7.8.05

7.9.3e

beta_8.*

beta_8.3

Other

rel519

release_

release_4.*

release_4.12a

release_4.13

release_4.19a

release_4.19b

release_4.20

release_4.21

release_4.22

release_4.23

release_4.24

release_4.26

release_4.27

release_4.28

release_4.29

release_4.30

release_4.33

release_4.34

release_4.36

release_4.37

release_4.40

release_4.41

release_4.42

release_4.43

release_4.44

release_4.45

release_4.46

release_4.48

release_4.50

release_4.51

release_4.52

release_4.53

release_4.54

release_4.55

release_4.56

release_4.57

release_4.58

release_4.59

release_4.60

release_4.61

release_4.62

release_4.64

release_4.65

release_4.66

release_4.67

release_4.68

release_4.69

release_4.70

release_4.71

release_4.72

release_4.74

release_4.75

release_4.76

release_4.77

release_4.78

release_4.79

release_5.*

release_5.01

release_5.01b

release_5.02

release_5.03

release_5.03n

release_5.04

release_5.05

release_5.06

release_5.06b

release_5.06c

release_5.06d

release_5.06e

release_5.07

release_5.07a

release_5.10a

release_5.10b

release_5.11

release_5.11b

release_5.12

release_5.12b

release_5.12c

release_5.13

release_5.13a

release_5.13c

release_5.13d

release_5.13e

release_5.13g

release_5.13h

release_5.13i

release_5.14

release_5.15

release_5.15a

release_5.16

release_5.16a

release_5.16b

release_5.17

release_5.17a

release_5.18

release_5.18a

release_5.19

release_5.19a

release_5.20

release_5.21

release_5.22

release_5.22a

release_5.23a

release_6.*

release_6.01

release_6.01a

release_6.01b

release_6.01c

release_6.02

release_6.02a

release_6.02b

release_6.03

release_6.04

release_6.04a

release_6.04b

release_6.04c

release_6.05

release_6.05a

release_6.05b

release_6.06

release_6.06a

release_6.06b

release_6.07

release_6.07a

release_6.07b

release_6.08

release_6.08a

release_6.08c

release_6.09

release_6.09a

release_6.10

release_6.10a

release_6.10b

release_6.10c

release_6.11

release_6.11a

release_6.11b

release_6.11c

release_6.12

release_6.12a

release_6.12b

release_6.13

release_6.13a

release_6.14

release_6.15

release_6.15a

release_6.15b

release_6.15c

release_6.15d

release_6.15f

release_6.16

release_6.16a

release_6.16b

release_6.16c

release_6.17

release_6.17a

release_6.17b

release_6.17c

release_6.18

release_6.18a

release_6.18b

release_6.18c

release_6.19

release_6.19a

release_6.19b

release_6.19c

release_6.19d

release_6.19e

release_6.20

release_6.20a

release_6.20b

release_6.20c

release_6.20d

release_6.20e

release_6.20f

release_6.20g

release_6.20h

release_6.20i

release_6.21

release_6.21a

release_6.21b

release_6.22

release_6.22a

release_6.22b

release_6.23

release_6.23a

release_6.23b

release_6.24

release_6.24a

release_6.24b

release_6.24c

release_6.25

release_6.25a

release_6.25b

release_6.25c

release_6.25d

release_6.26

release_6.26a

release_6.26b

release_6.26c

release_6.26d

release_6.27

release_6.27a

release_6.28

release_6.28a

release_6.28b

release_6.28c

release_6.28d

release_6.29

release_6.29a

release_6.29b

release_6.29c

release_6.30

release_6.30a

release_6.30b

release_6.30c

release_6.30d

release_6.31

release_6.32

release_6.32a

release_6.32b

release_6.33

release_6.33a

release_6.33b

release_6.33c

release_6.33d

release_6.33e

release_6.33f

release_6.34

release_6.34a

release_6.34b

release_6.34c

release_6.35

release_6.35a

release_6.35b

release_6.35c

release_6.35d

release_6.35e

release_6.35f

release_6.35g

release_6.36

release_7.*

release_7.01

release_7.01b

release_7.01e

release_7.01f

release_7.01g

release_7.01h

release_7.02

release_7.3

release_7.4

release_7.5

release_7.6

release_7.7

release_7.8

release_7.8.01

release_7.8.02

release_7.8.03

release_7.8.04

release_7.8.05

release_7.8.06

release_7.8.07

release_7.8.08

release_7.8.09

release_7.8.10

release_7.8.11

release_7.9

release_7.9.1

release_7.9.2

release_7.9.3

release_7.9.3a

release_7.9.3b

release_7.9.3c

release_7.9.3d

release_7.9.3f

release_7.9.4

release_8.*

release_8.0

release_8.0-alpha

release_8.0-beta

release_8.0-pre

release_8.0.1

release_8.0.2

release_8.0.3

release_8.0.4

release_8.0.5

release_8.0.6

release_8.0.7

release_8.1

release_8.1.1

release_8.1.2

release_8.2

release_8.2.1

release_8.2.10

release_8.2.2

release_8.2.3

release_8.2.3a

release_8.2.3b

release_8.2.3c

release_8.2.4

release_8.2.5

release_8.2.5a

release_8.2.5b

release_8.2.5c

release_8.2.5d

release_8.2.5e

release_8.2.5f

release_8.2.5g

release_8.2.5h

release_8.2.6

release_8.2.7

release_8.2.7a

release_8.2.7b

release_8.2.7c

release_8.2.8

release_8.2.9

release_8.3

release_8.3.1

release_8.3.2

release_8.3.3

release_8.3.4

release_8.3.5

release_8.3.6

release_8.3beta

release_9.*

release_9.0

release_9.0.1

release_9.0.10

release_9.0.2

release_9.0.3

release_9.0.4

release_9.0.5

release_9.0.6

release_9.0.7

release_9.0.8

release_9.0.9

release_9.1

release_9.1.1

release_9.1.10

release_9.1.11

release_9.1.12

release_9.1.13

release_9.1.14

release_9.1.2

release_9.1.3

release_9.1.4

release_9.1.5

release_9.1.6

release_9.1.7

release_9.1.8

release_9.1.9

release_9.2

release_9.2.1

release_9.2.2

release_9.2.3

release_9.2.4

release_9.2.5

release_9.2.6

release_9.3

release_9.3.1

release_9.3.2

release_9.3.3

release_9.3.4

release_9.3.5

release_9.3.6

release_9.3.7

release_9.3.8

release_9.4

release_9.4.1

release_9.4.2

release_9.4.3

release_9.4.4

release_9.4.5

release_9.4.6

release_9.5

release_9.5.1

release_9.5.2

release_9.5.3

release_9.5.4

release_9.5.5

release_9.6

release_9.6.1