CVE-2023-28617: 
Emacs vulnerability analysis and mitigation

CVE-2023-28617 affects org-babel-execute:latex in ob-latex.el in Org Mode through version 9.6.1 for GNU Emacs. The vulnerability was discovered by Xi Lu and allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters (NVD).

The vulnerability exists in the org-babel-execute:latex function within ob-latex.el, where shell commands were used to move files without proper input sanitization. The issue has a CVSS v3.1 Base Score of 7.8 (HIGH) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access is required but no privileges are needed (NVD).

The vulnerability allows attackers to execute arbitrary shell commands through specially crafted file or directory names containing shell metacharacters, potentially leading to system compromise with the privileges of the Emacs process (Debian Security).

The vulnerability was fixed in Org Mode version 9.6.2 by replacing shell commands with the Emacs built-in rename-file function. Various distributions have released security updates: Debian 10 (version 1:26.1+1-3.2+deb10u4), Ubuntu (multiple versions), and Red Hat Enterprise Linux 8 (Debian Security, Org Mode Patch).