{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-28617","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-11-03T20:35:28.705Z","dateReserved":"2023-03-19T00:00:00.000Z","datePublished":"2023-03-19T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-10-12T12:06:14.951Z"},"descriptions":[{"lang":"en","value":"org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e"},{"url":"https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485"},{"url":"https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741"},{"name":"[debian-lts-announce] 20230509 [SECURITY] [DLA 3416-1] emacs security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html"},{"name":"[debian-lts-announce] 20231012 [SECURITY] [DLA 3616-1] org-mode security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00019.html"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e","tags":["x_transferred"]},{"url":"https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485","tags":["x_transferred"]},{"url":"https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741","tags":["x_transferred"]},{"name":"[debian-lts-announce] 20230509 [SECURITY] [DLA 3416-1] emacs security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html"},{"name":"[debian-lts-announce] 20231012 [SECURITY] [DLA 3616-1] org-mode security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00019.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T20:35:28.705Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-78","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-02-26T15:37:14.308348Z","id":"CVE-2023-28617","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-26T20:48:41.554Z"}}]}}