suse · CVE-2024-39331

Quick triage

Priority: high Published: 2024-06-29 17:04:41 UTC Updated: 2026-03-05 02:23:27 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2024-39331 severity important: SUSE including 47 source package names (emacs-24.3-25.20.1, emacs-25.3-150000.3.22.1, …), 170 product×package rows across 31 product lines (SUSE Enterprise Storage 7.1, SUSE Liberty Linux 8, … (31 product lines)): Fixed 170.

Description:

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.

cvelogic Threat Intelligence