The hack-local-variables function in Emacs prior to 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted malicious users to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu emacs |