ALAS2023-2023-134 --- emacsID: oval:org.secpod.oval:def:19500207 | Date: (C)2023-06-12 (M)2024-01-03 |
Class: PATCH | Family: unix |
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters
Platform: |
Amazon Linux 2023 |