View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2023-28617 not yet assigned priority: Debian including 2 source packages (emacs, org-mode), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10.
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.