CVE-2024-53920
EUVD-2024-5218927.11.2024, 15:15
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | emacs | 𝑥 < 30.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| emacs |
| ||||||||||||||||
| xemacs21 |
| ||||||||||||||||
| xemacs21-packages |
| ||||||||||||||||
| emacs24 |
| ||||||||||||||||
| emacs25 |
|
References