Hi all, Some time ago I discovered a method of executing remote code by controlling the content sent over org-protocol, escaping the capture template, and embedding a org-babel code block.
Details are outlined in the blog post bellow. https://rootkitty.tech/post/rce-emacs-capture/ I don't really know if this is the right place to send it, but hey it's best that people are aware that this is possible, even if it involves user interaction to some extent. -- Ring <3 Rootkitty https://rootkitty.tech
