N/A

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

N/A

N/A

GNU Emacs 安全漏洞

GNU Emacs是美国GNU社区的一个文本编辑器家族。 GNU Emacs 30.0.92及之前版本存在安全漏洞，该漏洞源于选择在不受信任的源代码上调用elisp-completion-at-point的用户可能会触发不安全的宏扩展，从而允许攻击者执行任意代码。

N/A

N/A