all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion
@ 2024-11-27  7:02 Eshel Yaron
  2024-11-27  7:57 ` Daniel Radetsky
  0 siblings, 1 reply; 4+ messages in thread
From: Eshel Yaron @ 2024-11-27  7:02 UTC (permalink / raw)
  To: emacs-devel; +Cc: Stefan Monnier, Stefan Kangas, Andrea Corallo, Eli Zaretskii

Hi all,

I've just published an advisory regarding an arbitrary code execution
vulnerability in Emacs, which has been assigned CVE-2024-53920:

https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html

The vulnerability itself is not new and it has been brought up in the
past (as I learned from Stefan K. after reporting this issue privately),
but no CVE has been assigned previously.  I tried to spell out the issue
in clear and simple terms in this advisory, if someone spots a mistake
or something that deserves further clarification, please let me know.


Best regards and safe hacking,

Eshel



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-11-27  9:46 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-27  7:02 CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion Eshel Yaron
2024-11-27  7:57 ` Daniel Radetsky
2024-11-27  8:40   ` Eshel Yaron
2024-11-27  9:46     ` Daniel Radetsky

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.