oss-sec mailing list archives From: Ihor Radchenko <yantar92 () posteo net> Date: Sun, 23 Jun 2024 08:41:15 +0000 Hi, Here is a vulnerability in Emacs Org mode. Reproducer is the following .org file: #+LINK: shell %(shell-command-to-string) [[shell:touch ~/hacked.txt]] When sent by email and previewed in Emacs or when opened in Emacs as a file, the above Org file will evaluate "touch ~/hacked.txt" without any prompts. The fix is attached. It is against Org mode git repository. The fix can be app...