In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29