Metrics
Affected Vendors & Products
Mon, 02 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gnu
Gnu emacs |
|
CPEs | cpe:2.3:a:gnu:emacs:-:*:*:*:*:*:*:* | |
Vendors & Products |
Gnu
Gnu emacs |
|
Metrics |
cvssV3_1
|
ssvc
|
Fri, 29 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Thu, 28 Nov 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | emacs: arbitrary code execution via Lisp macro expansion | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Wed, 27 Nov 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 27 Nov 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) | |
References |
|
|
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-27T00:00:00
Updated: 2024-12-02T16:57:53.463Z
Reserved: 2024-11-25T00:00:00
Link: CVE-2024-53920
Updated: 2024-12-02T16:57:47.483Z
Status : Awaiting Analysis
Published: 2024-11-27T15:15:26.837
Modified: 2024-12-02T17:15:13.913
Link: CVE-2024-53920