View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2024-39331 severity important: SUSE including 47 source package names (emacs-24.3-25.20.1, emacs-25.3-150000.3.22.1, …), 170 product×package rows across 31 product lines (SUSE Enterprise Storage 7.1, SUSE Liberty Linux 8, … (31 product lines)): Fixed 170.
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.