Mastodawn

Opening a file in GNU Emacs can trigger arbitrary code execution through version control (git), most requiring zero user interaction beyond the file open itself.

https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/Emacs.md

#infosec #cybersecurity #redteam #pentest #ai #emacs #claude

publications/MADBugs/vim-vs-emacs-vs-claude/Emacs.md at main · califio/publications

Publications from Calif. Contribute to califio/publications development by creating an account on GitHub.

GitHub

Show thread

Omar Antolín 1d ago

@r1cksec Just to be clear, running any git command in that repo will run the arbitrary code, even if you don't have Emacs installed on your machine.

Show thread

mekeor 1d ago

@oantolin @r1cksec "i found an RCE vulnerability in emacs" turns out to be "claude remembers an old git-vulnerability and puts it in an emacs-framing"

Show thread

maya

@mekeor @oantolin @r1cksec but the whole thing is framed as "emacs developers refused to fix this issue" lmao