Security Advisory

CVE-2022-48339

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-20 00:00:00

Last updated 2025-03-18 15:19:50

Assigner mitre

State PUBLISHED

Description

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

← Browse all CVEs View on cve.org ↗