5 known vulnerabilities · sorted by CVSS score
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.