Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | 22.0 ap348687 |