{"vulnerability": "CVE-2022-48338", "sightings": [{"uuid": "2f1fcc21-0eb5-40e8-b7fe-0bcf2c6358e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48338", "type": "seen", "source": "https://t.me/cibsecurity/58547", "content": "\u203c CVE-2022-48338 \u203c\n\nAn issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T02:16:12.000000Z"}]}